Class SSLOptions

java.lang.Object
io.vertx.core.net.SSLOptions
Direct Known Subclasses:
ClientSSLOptions, ServerSSLOptions
public class SSLOptions extends Object
Client/Server SSL options.
Author:
Tim Fox

  • Field Details

    • DEFAULT_USE_ALPN

      public static final boolean DEFAULT_USE_ALPN
      Default use alpn = false
      See Also:

    • DEFAULT_USE_HYBRID

      public static final boolean DEFAULT_USE_HYBRID
      Default use hybrid = false
      See Also:

    • DEFAULT_SSL_HANDSHAKE_TIMEOUT

      public static final long DEFAULT_SSL_HANDSHAKE_TIMEOUT
      The default value of SSL handshake timeout = 10
      See Also:

    • DEFAULT_SSL_HANDSHAKE_TIMEOUT_TIME_UNIT

      public static final TimeUnit DEFAULT_SSL_HANDSHAKE_TIMEOUT_TIME_UNIT
      Default SSL handshake time unit = SECONDS

    • DEFAULT_ENABLED_SECURE_TRANSPORT_PROTOCOLS

      public static final List<String> DEFAULT_ENABLED_SECURE_TRANSPORT_PROTOCOLS
      The default ENABLED_SECURE_TRANSPORT_PROTOCOLS value = { "TLSv1", "TLSv1.1", "TLSv1.2", "TLSv1.3" }

      SSLv3 is NOT enabled due to POODLE vulnerability http://en.wikipedia.org/wiki/POODLE

      "SSLv2Hello" is NOT enabled since it's disabled by default since JDK7

  • Constructor Details

    • SSLOptions

      public SSLOptions()
      Default constructor

    • SSLOptions

      public SSLOptions(SSLOptions other)
      Copy constructor
      Parameters:
      other - the options to copy

    • SSLOptions

      public SSLOptions(JsonObject json)
      Create options from JSON
      Parameters:
      json - the JSON

  • Method Details

    • init

      protected void init()

    • copy

      public SSLOptions copy()

    • getKeyCertOptions

      public KeyCertOptions getKeyCertOptions()
      Returns:
      the key/cert options

    • setKeyCertOptions

      public SSLOptions setKeyCertOptions(KeyCertOptions options)
      Set the key/cert options.
      Parameters:
      options - the key store options
      Returns:
      a reference to this, so the API can be used fluently

    • getTrustOptions

      public TrustOptions getTrustOptions()
      Returns:
      the trust options

    • setTrustOptions

      public SSLOptions setTrustOptions(TrustOptions options)
      Set the trust options.
      Parameters:
      options - the trust options
      Returns:
      a reference to this, so the API can be used fluently

    • addEnabledCipherSuite

      public SSLOptions addEnabledCipherSuite(String suite)
      Add an enabled cipher suite, appended to the ordered suites.
      Parameters:
      suite - the suite
      Returns:
      a reference to this, so the API can be used fluently
      See Also:

    • removeEnabledCipherSuite

      public SSLOptions removeEnabledCipherSuite(String suite)
      Removes an enabled cipher suite from the ordered suites.
      Parameters:
      suite - the suite
      Returns:
      a reference to this, so the API can be used fluently

    • getEnabledCipherSuites

      public Set<String> getEnabledCipherSuites()
      Return an ordered set of the cipher suites.

      The set is initially empty and suite should be added to this set in the desired order.

      When suites are added and therefore the list is not empty, it takes precedence over the default suite defined by the SSLEngineOptions in use.

      Returns:
      the enabled cipher suites

    • getCrlPaths

      public List<String> getCrlPaths()
      Returns:
      the CRL (Certificate revocation list) paths

    • addCrlPath

      public SSLOptions addCrlPath(String crlPath) throws NullPointerException
      Add a CRL path
      Parameters:
      crlPath - the path
      Returns:
      a reference to this, so the API can be used fluently
      Throws:
      NullPointerException

    • getCrlValues

      public List<Buffer> getCrlValues()
      Get the CRL values
      Returns:
      the list of values

    • addCrlValue

      public SSLOptions addCrlValue(Buffer crlValue) throws NullPointerException
      Add a CRL value
      Parameters:
      crlValue - the value
      Returns:
      a reference to this, so the API can be used fluently
      Throws:
      NullPointerException

    • isUseAlpn

      public boolean isUseAlpn()
      Returns:
      whether to use or not Application-Layer Protocol Negotiation

    • setUseAlpn

      public SSLOptions setUseAlpn(boolean useAlpn)
      Set the ALPN usage.
      Parameters:
      useAlpn - true when Application-Layer Protocol Negotiation should be used

    • isUseHybridKeyExchangeProtocol

      public boolean isUseHybridKeyExchangeProtocol()
      Returns:
      whether the hybrid key exchange protocol X25519MLKEM768 is enabled

    • setUseHybridKeyExchangeProtocol

      public SSLOptions setUseHybridKeyExchangeProtocol(boolean useHybridKeyExchangeProtocol)
      Enable or disable the hybrid post-quantum key exchange protocol X25519MLKEM768.

      When enabled, TLS connections will use X25519MLKEM768 for key exchange, providing protection against quantum computer attacks.

      This feature requires OpenSSL and will not work with the JDK SSL engine. You must:

      • Use OpenSSLEngineOptions as the SSL engine
      • Have io.netty:netty-tcnative-classes on the classpath
      • Have an OpenSSL provider (e.g. io.smallrye:smallrye-openssl) on the classpath
      If OpenSSL is not available, the TLS handshake will fail rather than silently falling back to a non-quantum-safe key exchange.
      Parameters:
      useHybridKeyExchangeProtocol - true to enable hybrid key exchange
      Returns:
      a reference to this, so the API can be used fluently

    • getEnabledSecureTransportProtocols

      public Set<String> getEnabledSecureTransportProtocols()
      Returns the enabled SSL/TLS protocols
      Returns:
      the enabled protocols

    • getSslHandshakeTimeout

      public long getSslHandshakeTimeout()
      Returns:
      the SSL handshake timeout, in time unit specified by getSslHandshakeTimeoutUnit().

    • setSslHandshakeTimeout

      public SSLOptions setSslHandshakeTimeout(long sslHandshakeTimeout)
      Set the SSL handshake timeout, default time unit is seconds.
      Parameters:
      sslHandshakeTimeout - the SSL handshake timeout to set, in milliseconds
      Returns:
      a reference to this, so the API can be used fluently

    • setSslHandshakeTimeoutUnit

      public SSLOptions setSslHandshakeTimeoutUnit(TimeUnit sslHandshakeTimeoutUnit)
      Set the SSL handshake timeout unit. If not specified, default is seconds.
      Parameters:
      sslHandshakeTimeoutUnit - specify time unit.
      Returns:
      a reference to this, so the API can be used fluently

    • getSslHandshakeTimeoutUnit

      public TimeUnit getSslHandshakeTimeoutUnit()
      Returns:
      the SSL handshake timeout unit.

    • setEnabledSecureTransportProtocols

      public SSLOptions setEnabledSecureTransportProtocols(Set<String> enabledSecureTransportProtocols)
      Sets the list of enabled SSL/TLS protocols.
      Parameters:
      enabledSecureTransportProtocols - the SSL/TLS protocols to enable
      Returns:
      a reference to this, so the API can be used fluently

    • addEnabledSecureTransportProtocol

      public SSLOptions addEnabledSecureTransportProtocol(String protocol)
      Add an enabled SSL/TLS protocols, appended to the ordered protocols.
      Parameters:
      protocol - the SSL/TLS protocol to enable
      Returns:
      a reference to this, so the API can be used fluently

    • removeEnabledSecureTransportProtocol

      public SSLOptions removeEnabledSecureTransportProtocol(String protocol)
      Removes an enabled SSL/TLS protocol from the ordered protocols.
      Parameters:
      protocol - the SSL/TLS protocol to disable
      Returns:
      a reference to this, so the API can be used fluently

    • getApplicationLayerProtocols

      public List<String> getApplicationLayerProtocols()
      Returns:
      the list of application-layer protocols send during the Application-Layer Protocol Negotiation.

    • setApplicationLayerProtocols

      public SSLOptions setApplicationLayerProtocols(List<String> protocols)
      Set the list of application-layer protocols to provide to the server during the Application-Layer Protocol Negotiation.
      Parameters:
      protocols - the protocols
      Returns:
      a reference to this, so the API can be used fluently

    • equals

      public boolean equals(Object obj)
      Overrides:
      equals in class Object

    • hashCode

      public int hashCode()
      Overrides:
      hashCode in class Object

    • toJson

      public JsonObject toJson()
      Convert to JSON
      Returns:
      the JSON