Package io.vertx.core.net
Class SSLOptions
- java.lang.Object
-
- io.vertx.core.net.SSLOptions
-
- Direct Known Subclasses:
ClientSSLOptions
,ServerSSLOptions
public class SSLOptions extends Object
Client/Server SSL options.- Author:
- Tim Fox
-
-
Field Summary
Fields Modifier and Type Field Description static List<String>
DEFAULT_ENABLED_SECURE_TRANSPORT_PROTOCOLS
The default ENABLED_SECURE_TRANSPORT_PROTOCOLS value = { "TLSv1", "TLSv1.1", "TLSv1.2", "TLSv1.3" }static long
DEFAULT_SSL_HANDSHAKE_TIMEOUT
The default value of SSL handshake timeout = 10static TimeUnit
DEFAULT_SSL_HANDSHAKE_TIMEOUT_TIME_UNIT
Default SSL handshake time unit = SECONDSstatic boolean
DEFAULT_USE_ALPN
Default use alpn = false
-
Constructor Summary
Constructors Constructor Description SSLOptions()
Default constructorSSLOptions(JsonObject json)
Create options from JSONSSLOptions(SSLOptions other)
Copy constructor
-
Method Summary
All Methods Instance Methods Concrete Methods Modifier and Type Method Description SSLOptions
addCrlPath(String crlPath)
Add a CRL pathSSLOptions
addCrlValue(Buffer crlValue)
Add a CRL valueSSLOptions
addEnabledCipherSuite(String suite)
Add an enabled cipher suite, appended to the ordered suites.SSLOptions
addEnabledSecureTransportProtocol(String protocol)
Add an enabled SSL/TLS protocols, appended to the ordered protocols.SSLOptions
copy()
boolean
equals(Object obj)
List<String>
getApplicationLayerProtocols()
List<String>
getCrlPaths()
List<Buffer>
getCrlValues()
Get the CRL valuesSet<String>
getEnabledCipherSuites()
Return an ordered set of the cipher suites.Set<String>
getEnabledSecureTransportProtocols()
Returns the enabled SSL/TLS protocolsKeyCertOptions
getKeyCertOptions()
long
getSslHandshakeTimeout()
TimeUnit
getSslHandshakeTimeoutUnit()
TrustOptions
getTrustOptions()
int
hashCode()
protected void
init()
boolean
isUseAlpn()
SSLOptions
removeEnabledCipherSuite(String suite)
Removes an enabled cipher suite from the ordered suites.SSLOptions
removeEnabledSecureTransportProtocol(String protocol)
Removes an enabled SSL/TLS protocol from the ordered protocols.SSLOptions
setApplicationLayerProtocols(List<String> protocols)
Set the list of application-layer protocols to provide to the server during the Application-Layer Protocol Negotiation.SSLOptions
setEnabledSecureTransportProtocols(Set<String> enabledSecureTransportProtocols)
Sets the list of enabled SSL/TLS protocols.SSLOptions
setKeyCertOptions(KeyCertOptions options)
Set the key/cert options.SSLOptions
setSslHandshakeTimeout(long sslHandshakeTimeout)
Set the SSL handshake timeout, default time unit is seconds.SSLOptions
setSslHandshakeTimeoutUnit(TimeUnit sslHandshakeTimeoutUnit)
Set the SSL handshake timeout unit.SSLOptions
setTrustOptions(TrustOptions options)
Set the trust options.SSLOptions
setUseAlpn(boolean useAlpn)
Set the ALPN usage.JsonObject
toJson()
Convert to JSON
-
-
-
Field Detail
-
DEFAULT_USE_ALPN
public static final boolean DEFAULT_USE_ALPN
Default use alpn = false- See Also:
- Constant Field Values
-
DEFAULT_SSL_HANDSHAKE_TIMEOUT
public static final long DEFAULT_SSL_HANDSHAKE_TIMEOUT
The default value of SSL handshake timeout = 10- See Also:
- Constant Field Values
-
DEFAULT_SSL_HANDSHAKE_TIMEOUT_TIME_UNIT
public static final TimeUnit DEFAULT_SSL_HANDSHAKE_TIMEOUT_TIME_UNIT
Default SSL handshake time unit = SECONDS
-
DEFAULT_ENABLED_SECURE_TRANSPORT_PROTOCOLS
public static final List<String> DEFAULT_ENABLED_SECURE_TRANSPORT_PROTOCOLS
The default ENABLED_SECURE_TRANSPORT_PROTOCOLS value = { "TLSv1", "TLSv1.1", "TLSv1.2", "TLSv1.3" } SSLv3 is NOT enabled due to POODLE vulnerability http://en.wikipedia.org/wiki/POODLE "SSLv2Hello" is NOT enabled since it's disabled by default since JDK7
-
-
Constructor Detail
-
SSLOptions
public SSLOptions()
Default constructor
-
SSLOptions
public SSLOptions(SSLOptions other)
Copy constructor- Parameters:
other
- the options to copy
-
SSLOptions
public SSLOptions(JsonObject json)
Create options from JSON- Parameters:
json
- the JSON
-
-
Method Detail
-
init
protected void init()
-
copy
public SSLOptions copy()
-
getKeyCertOptions
public KeyCertOptions getKeyCertOptions()
- Returns:
- the key/cert options
-
setKeyCertOptions
public SSLOptions setKeyCertOptions(KeyCertOptions options)
Set the key/cert options.- Parameters:
options
- the key store options- Returns:
- a reference to this, so the API can be used fluently
-
getTrustOptions
public TrustOptions getTrustOptions()
- Returns:
- the trust options
-
setTrustOptions
public SSLOptions setTrustOptions(TrustOptions options)
Set the trust options.- Parameters:
options
- the trust options- Returns:
- a reference to this, so the API can be used fluently
-
addEnabledCipherSuite
public SSLOptions addEnabledCipherSuite(String suite)
Add an enabled cipher suite, appended to the ordered suites.- Parameters:
suite
- the suite- Returns:
- a reference to this, so the API can be used fluently
- See Also:
getEnabledCipherSuites()
-
removeEnabledCipherSuite
public SSLOptions removeEnabledCipherSuite(String suite)
Removes an enabled cipher suite from the ordered suites.- Parameters:
suite
- the suite- Returns:
- a reference to this, so the API can be used fluently
-
getEnabledCipherSuites
public Set<String> getEnabledCipherSuites()
Return an ordered set of the cipher suites.The set is initially empty and suite should be added to this set in the desired order.
When suites are added and therefore the list is not empty, it takes precedence over the default suite defined by the
SSLEngineOptions
in use.- Returns:
- the enabled cipher suites
-
addCrlPath
public SSLOptions addCrlPath(String crlPath) throws NullPointerException
Add a CRL path- Parameters:
crlPath
- the path- Returns:
- a reference to this, so the API can be used fluently
- Throws:
NullPointerException
-
addCrlValue
public SSLOptions addCrlValue(Buffer crlValue) throws NullPointerException
Add a CRL value- Parameters:
crlValue
- the value- Returns:
- a reference to this, so the API can be used fluently
- Throws:
NullPointerException
-
isUseAlpn
public boolean isUseAlpn()
- Returns:
- whether to use or not Application-Layer Protocol Negotiation
-
setUseAlpn
public SSLOptions setUseAlpn(boolean useAlpn)
Set the ALPN usage.- Parameters:
useAlpn
- true when Application-Layer Protocol Negotiation should be used
-
getEnabledSecureTransportProtocols
public Set<String> getEnabledSecureTransportProtocols()
Returns the enabled SSL/TLS protocols- Returns:
- the enabled protocols
-
getSslHandshakeTimeout
public long getSslHandshakeTimeout()
- Returns:
- the SSL handshake timeout, in time unit specified by
getSslHandshakeTimeoutUnit()
.
-
setSslHandshakeTimeout
public SSLOptions setSslHandshakeTimeout(long sslHandshakeTimeout)
Set the SSL handshake timeout, default time unit is seconds.- Parameters:
sslHandshakeTimeout
- the SSL handshake timeout to set, in milliseconds- Returns:
- a reference to this, so the API can be used fluently
-
setSslHandshakeTimeoutUnit
public SSLOptions setSslHandshakeTimeoutUnit(TimeUnit sslHandshakeTimeoutUnit)
Set the SSL handshake timeout unit. If not specified, default is seconds.- Parameters:
sslHandshakeTimeoutUnit
- specify time unit.- Returns:
- a reference to this, so the API can be used fluently
-
getSslHandshakeTimeoutUnit
public TimeUnit getSslHandshakeTimeoutUnit()
- Returns:
- the SSL handshake timeout unit.
-
setEnabledSecureTransportProtocols
public SSLOptions setEnabledSecureTransportProtocols(Set<String> enabledSecureTransportProtocols)
Sets the list of enabled SSL/TLS protocols.- Parameters:
enabledSecureTransportProtocols
- the SSL/TLS protocols to enable- Returns:
- a reference to this, so the API can be used fluently
-
addEnabledSecureTransportProtocol
public SSLOptions addEnabledSecureTransportProtocol(String protocol)
Add an enabled SSL/TLS protocols, appended to the ordered protocols.- Parameters:
protocol
- the SSL/TLS protocol to enable- Returns:
- a reference to this, so the API can be used fluently
-
removeEnabledSecureTransportProtocol
public SSLOptions removeEnabledSecureTransportProtocol(String protocol)
Removes an enabled SSL/TLS protocol from the ordered protocols.- Parameters:
protocol
- the SSL/TLS protocol to disable- Returns:
- a reference to this, so the API can be used fluently
-
getApplicationLayerProtocols
public List<String> getApplicationLayerProtocols()
- Returns:
- the list of application-layer protocols send during the Application-Layer Protocol Negotiation.
-
setApplicationLayerProtocols
public SSLOptions setApplicationLayerProtocols(List<String> protocols)
Set the list of application-layer protocols to provide to the server during the Application-Layer Protocol Negotiation.- Parameters:
protocols
- the protocols- Returns:
- a reference to this, so the API can be used fluently
-
toJson
public JsonObject toJson()
Convert to JSON- Returns:
- the JSON
-
-