Class ServerSSLOptions

java.lang.Object
io.vertx.core.net.SSLOptions
io.vertx.core.net.ServerSSLOptions
public class ServerSSLOptions extends SSLOptions
Server SSL options.

  • Field Details

    • DEFAULT_CLIENT_AUTH

      public static final ClientAuth DEFAULT_CLIENT_AUTH
      Default value of whether client auth is required (SSL/TLS) = No

    • DEFAULT_SNI

      public static final boolean DEFAULT_SNI
      Default value of whether the server supports SNI = false
      See Also:

  • Constructor Details

    • ServerSSLOptions

      public ServerSSLOptions()
      Default constructor

    • ServerSSLOptions

      public ServerSSLOptions(ServerSSLOptions other)
      Copy constructor
      Parameters:
      other - the options to copy

    • ServerSSLOptions

      public ServerSSLOptions(JsonObject json)
      Create options from JSON
      Parameters:
      json - the JSON

  • Method Details

    • init

      protected void init()
      Overrides:
      init in class SSLOptions

    • copy

      public ServerSSLOptions copy()
      Overrides:
      copy in class SSLOptions

    • getClientAuth

      public ClientAuth getClientAuth()

    • setClientAuth

      public ServerSSLOptions setClientAuth(ClientAuth clientAuth)
      Set whether client auth is required
      Parameters:
      clientAuth - One of "NONE, REQUEST, REQUIRED". If it's set to "REQUIRED" then server will require the SSL cert to be presented otherwise it won't accept the request. If it's set to "REQUEST" then it won't mandate the certificate to be presented, basically make it optional.
      Returns:
      a reference to this, so the API can be used fluently

    • isSni

      public boolean isSni()
      Returns:
      whether the server supports Server Name Indication

    • setSni

      public ServerSSLOptions setSni(boolean sni)
      Set whether the server supports Server Name Indiciation
      Returns:
      a reference to this, so the API can be used fluently

    • setKeyCertOptions

      public ServerSSLOptions setKeyCertOptions(KeyCertOptions options)
      Description copied from class: SSLOptions
      Set the key/cert options.
      Overrides:
      setKeyCertOptions in class SSLOptions
      Parameters:
      options - the key store options
      Returns:
      a reference to this, so the API can be used fluently

    • setTrustOptions

      public ServerSSLOptions setTrustOptions(TrustOptions options)
      Description copied from class: SSLOptions
      Set the trust options.
      Overrides:
      setTrustOptions in class SSLOptions
      Parameters:
      options - the trust options
      Returns:
      a reference to this, so the API can be used fluently

    • setUseAlpn

      public ServerSSLOptions setUseAlpn(boolean useAlpn)
      Description copied from class: SSLOptions
      Set the ALPN usage.
      Overrides:
      setUseAlpn in class SSLOptions
      Parameters:
      useAlpn - true when Application-Layer Protocol Negotiation should be used

    • setUseHybridKeyExchangeProtocol

      public ServerSSLOptions setUseHybridKeyExchangeProtocol(boolean useHybridKeyExchangeProtocol)
      Description copied from class: SSLOptions
      Enable or disable the hybrid post-quantum key exchange protocol X25519MLKEM768.

      When enabled, TLS connections will use X25519MLKEM768 for key exchange, providing protection against quantum computer attacks.

      This feature requires OpenSSL and will not work with the JDK SSL engine. You must:

      • Use OpenSSLEngineOptions as the SSL engine
      • Have io.netty:netty-tcnative-classes on the classpath
      • Have an OpenSSL provider (e.g. io.smallrye:smallrye-openssl) on the classpath
      If OpenSSL is not available, the TLS handshake will fail rather than silently falling back to a non-quantum-safe key exchange.
      Overrides:
      setUseHybridKeyExchangeProtocol in class SSLOptions
      Parameters:
      useHybridKeyExchangeProtocol - true to enable hybrid key exchange
      Returns:
      a reference to this, so the API can be used fluently

    • setSslHandshakeTimeout

      public ServerSSLOptions setSslHandshakeTimeout(long sslHandshakeTimeout)
      Description copied from class: SSLOptions
      Set the SSL handshake timeout, default time unit is seconds.
      Overrides:
      setSslHandshakeTimeout in class SSLOptions
      Parameters:
      sslHandshakeTimeout - the SSL handshake timeout to set, in milliseconds
      Returns:
      a reference to this, so the API can be used fluently

    • setSslHandshakeTimeoutUnit

      public ServerSSLOptions setSslHandshakeTimeoutUnit(TimeUnit sslHandshakeTimeoutUnit)
      Description copied from class: SSLOptions
      Set the SSL handshake timeout unit. If not specified, default is seconds.
      Overrides:
      setSslHandshakeTimeoutUnit in class SSLOptions
      Parameters:
      sslHandshakeTimeoutUnit - specify time unit.
      Returns:
      a reference to this, so the API can be used fluently

    • setEnabledSecureTransportProtocols

      public ServerSSLOptions setEnabledSecureTransportProtocols(Set<String> enabledSecureTransportProtocols)
      Description copied from class: SSLOptions
      Sets the list of enabled SSL/TLS protocols.
      Overrides:
      setEnabledSecureTransportProtocols in class SSLOptions
      Parameters:
      enabledSecureTransportProtocols - the SSL/TLS protocols to enable
      Returns:
      a reference to this, so the API can be used fluently

    • setApplicationLayerProtocols

      public ServerSSLOptions setApplicationLayerProtocols(List<String> protocols)
      Description copied from class: SSLOptions
      Set the list of application-layer protocols to provide to the server during the Application-Layer Protocol Negotiation.
      Overrides:
      setApplicationLayerProtocols in class SSLOptions
      Parameters:
      protocols - the protocols
      Returns:
      a reference to this, so the API can be used fluently

    • addEnabledCipherSuite

      public ServerSSLOptions addEnabledCipherSuite(String suite)
      Description copied from class: SSLOptions
      Add an enabled cipher suite, appended to the ordered suites.
      Overrides:
      addEnabledCipherSuite in class SSLOptions
      Parameters:
      suite - the suite
      Returns:
      a reference to this, so the API can be used fluently
      See Also:

    • addCrlPath

      public ServerSSLOptions addCrlPath(String crlPath) throws NullPointerException
      Description copied from class: SSLOptions
      Add a CRL path
      Overrides:
      addCrlPath in class SSLOptions
      Parameters:
      crlPath - the path
      Returns:
      a reference to this, so the API can be used fluently
      Throws:
      NullPointerException

    • addCrlValue

      public ServerSSLOptions addCrlValue(Buffer crlValue) throws NullPointerException
      Description copied from class: SSLOptions
      Add a CRL value
      Overrides:
      addCrlValue in class SSLOptions
      Parameters:
      crlValue - the value
      Returns:
      a reference to this, so the API can be used fluently
      Throws:
      NullPointerException

    • addEnabledSecureTransportProtocol

      public ServerSSLOptions addEnabledSecureTransportProtocol(String protocol)
      Description copied from class: SSLOptions
      Add an enabled SSL/TLS protocols, appended to the ordered protocols.
      Overrides:
      addEnabledSecureTransportProtocol in class SSLOptions
      Parameters:
      protocol - the SSL/TLS protocol to enable
      Returns:
      a reference to this, so the API can be used fluently

    • removeEnabledCipherSuite

      public ServerSSLOptions removeEnabledCipherSuite(String suite)
      Description copied from class: SSLOptions
      Removes an enabled cipher suite from the ordered suites.
      Overrides:
      removeEnabledCipherSuite in class SSLOptions
      Parameters:
      suite - the suite
      Returns:
      a reference to this, so the API can be used fluently

    • removeEnabledSecureTransportProtocol

      public ServerSSLOptions removeEnabledSecureTransportProtocol(String protocol)
      Description copied from class: SSLOptions
      Removes an enabled SSL/TLS protocol from the ordered protocols.
      Overrides:
      removeEnabledSecureTransportProtocol in class SSLOptions
      Parameters:
      protocol - the SSL/TLS protocol to disable
      Returns:
      a reference to this, so the API can be used fluently

    • toJson

      public JsonObject toJson()
      Convert to JSON
      Overrides:
      toJson in class SSLOptions
      Returns:
      the JSON