io.vertx.core.net

Class TCPSSLOptions

java.lang.Object

io.vertx.core.net.NetworkOptions

io.vertx.core.net.TCPSSLOptions

Direct Known Subclasses:

ClientOptionsBase, EventBusOptions, NetServerOptions, ServerOptionsBase

public abstract class TCPSSLOptions
extends NetworkOptions

Base class. TCP and SSL related options

Author:

Tim Fox

Field Summary

Fields

Modifier and Type	Field and Description
static List<String>	DEFAULT_ENABLED_SECURE_TRANSPORT_PROTOCOLS The default ENABLED_SECURE_TRANSPORT_PROTOCOLS value = { "SSLv2Hello", "TLSv1", "TLSv1.1", "TLSv1.2" } SSLv3 is NOT enabled due to POODLE vulnerability http://en.wikipedia.org/wiki/POODLE "SSLv2Hello" is NOT enabled since it's disabled by default since JDK7
static int	DEFAULT_IDLE_TIMEOUT Default idle timeout = 0
static TimeUnit	DEFAULT_IDLE_TIMEOUT_TIME_UNIT Default idle time unit = SECONDS
static int	DEFAULT_SO_LINGER The default value of SO_linger = -1
static boolean	DEFAULT_SSL SSL enable by default = false
static SSLEngineOptions	DEFAULT_SSL_ENGINE The default SSL engine options = null (autoguess)
static long	DEFAULT_SSL_HANDSHAKE_TIMEOUT The default value of SSL handshake timeout = 10
static TimeUnit	DEFAULT_SSL_HANDSHAKE_TIMEOUT_TIME_UNIT Default SSL handshake time unit = SECONDS
static boolean	DEFAULT_TCP_CORK The default TCP_CORK value = false
static boolean	DEFAULT_TCP_FAST_OPEN The default TCP_FASTOPEN value = false
static boolean	DEFAULT_TCP_KEEP_ALIVE The default value of TCP keep alive = false
static boolean	DEFAULT_TCP_NO_DELAY The default value of TCP-no-delay = true (Nagle disabled)
static boolean	DEFAULT_TCP_QUICKACK The default TCP_QUICKACK value = false
static boolean	DEFAULT_USE_ALPN Default use alpn = false

Fields inherited from class io.vertx.core.net.NetworkOptions

DEFAULT_LOG_ENABLED, DEFAULT_RECEIVE_BUFFER_SIZE, DEFAULT_REUSE_ADDRESS, DEFAULT_REUSE_PORT, DEFAULT_SEND_BUFFER_SIZE, DEFAULT_TRAFFIC_CLASS

Constructor Summary

Constructors

Constructor and Description
TCPSSLOptions() Default constructor
TCPSSLOptions(JsonObject json) Create options from JSON
TCPSSLOptions(TCPSSLOptions other) Copy constructor

Method Summary

Modifier and Type	Method and Description
TCPSSLOptions	addCrlPath(String crlPath) Add a CRL path
TCPSSLOptions	addCrlValue(Buffer crlValue) Add a CRL value
TCPSSLOptions	addEnabledCipherSuite(String suite) Add an enabled cipher suite, appended to the ordered suites.
TCPSSLOptions	addEnabledSecureTransportProtocol(String protocol) Add an enabled SSL/TLS protocols, appended to the ordered protocols.
List<String>	getCrlPaths()
List<Buffer>	getCrlValues() Get the CRL values
Set<String>	getEnabledCipherSuites()
Set<String>	getEnabledSecureTransportProtocols() Returns the enabled SSL/TLS protocols
int	getIdleTimeout()
TimeUnit	getIdleTimeoutUnit()
JdkSSLEngineOptions	getJdkSslEngineOptions()
KeyCertOptions	getKeyCertOptions()
JksOptions	getKeyStoreOptions() Get the key/cert options in jks format, aka Java keystore.
OpenSSLEngineOptions	getOpenSslEngineOptions()
PemKeyCertOptions	getPemKeyCertOptions() Get the key/cert store options in pem format.
PemTrustOptions	getPemTrustOptions() Get the trust options in pem format
PfxOptions	getPfxKeyCertOptions() Get the key/cert options in pfx format.
PfxOptions	getPfxTrustOptions() Get the trust options in pfx format
int	getSoLinger()
SSLEngineOptions	getSslEngineOptions()
long	getSslHandshakeTimeout()
TimeUnit	getSslHandshakeTimeoutUnit()
TrustOptions	getTrustOptions()
JksOptions	getTrustStoreOptions() Get the trust options in jks format, aka Java truststore
boolean	isSsl()
boolean	isTcpCork()
boolean	isTcpFastOpen()
boolean	isTcpKeepAlive()
boolean	isTcpNoDelay()
boolean	isTcpQuickAck()
boolean	isUseAlpn()
TCPSSLOptions	removeEnabledSecureTransportProtocol(String protocol) Removes an enabled SSL/TLS protocol from the ordered protocols.
TCPSSLOptions	setEnabledSecureTransportProtocols(Set<String> enabledSecureTransportProtocols) Sets the list of enabled SSL/TLS protocols.
TCPSSLOptions	setIdleTimeout(int idleTimeout) Set the idle timeout, default time unit is seconds.
TCPSSLOptions	setIdleTimeoutUnit(TimeUnit idleTimeoutUnit) Set the idle timeout unit.
TCPSSLOptions	setJdkSslEngineOptions(JdkSSLEngineOptions sslEngineOptions)
TCPSSLOptions	setKeyCertOptions(KeyCertOptions options) Set the key/cert options.
TCPSSLOptions	setKeyStoreOptions(JksOptions options) Set the key/cert options in jks format, aka Java keystore.
TCPSSLOptions	setLogActivity(boolean logEnabled) Set to true to enabled network activity logging: Netty's pipeline is configured for logging on Netty's logger.
TCPSSLOptions	setOpenSslEngineOptions(OpenSSLEngineOptions sslEngineOptions)
TCPSSLOptions	setPemKeyCertOptions(PemKeyCertOptions options) Set the key/cert store options in pem format.
TCPSSLOptions	setPemTrustOptions(PemTrustOptions options) Set the trust options in pem format
TCPSSLOptions	setPfxKeyCertOptions(PfxOptions options) Set the key/cert options in pfx format.
TCPSSLOptions	setPfxTrustOptions(PfxOptions options) Set the trust options in pfx format
TCPSSLOptions	setReceiveBufferSize(int receiveBufferSize) Set the TCP receive buffer size
TCPSSLOptions	setReuseAddress(boolean reuseAddress) Set the value of reuse address
TCPSSLOptions	setReusePort(boolean reusePort) Set the value of reuse port.
TCPSSLOptions	setSendBufferSize(int sendBufferSize) Set the TCP send buffer size
TCPSSLOptions	setSoLinger(int soLinger) Set whether SO_linger keep alive is enabled
TCPSSLOptions	setSsl(boolean ssl) Set whether SSL/TLS is enabled
TCPSSLOptions	setSslEngineOptions(SSLEngineOptions sslEngineOptions) Set to use SSL engine implementation to use.
TCPSSLOptions	setSslHandshakeTimeout(long sslHandshakeTimeout) Set the SSL handshake timeout, default time unit is seconds.
TCPSSLOptions	setSslHandshakeTimeoutUnit(TimeUnit sslHandshakeTimeoutUnit) Set the SSL handshake timeout unit.
TCPSSLOptions	setTcpCork(boolean tcpCork) Enable the TCP_CORK option - only with linux native transport.
TCPSSLOptions	setTcpFastOpen(boolean tcpFastOpen) Enable the TCP_FASTOPEN option - only with linux native transport.
TCPSSLOptions	setTcpKeepAlive(boolean tcpKeepAlive) Set whether TCP keep alive is enabled
TCPSSLOptions	setTcpNoDelay(boolean tcpNoDelay) Set whether TCP no delay is enabled
TCPSSLOptions	setTcpQuickAck(boolean tcpQuickAck) Enable the TCP_QUICKACK option - only with linux native transport.
TCPSSLOptions	setTrafficClass(int trafficClass) Set the value of traffic class
TCPSSLOptions	setTrustOptions(TrustOptions options) Set the trust options.
TCPSSLOptions	setTrustStoreOptions(JksOptions options) Set the trust options in jks format, aka Java truststore
TCPSSLOptions	setUseAlpn(boolean useAlpn) Set the ALPN usage.
JsonObject	toJson() Convert to JSON

Methods inherited from class io.vertx.core.net.NetworkOptions

getLogActivity, getReceiveBufferSize, getSendBufferSize, getTrafficClass, isReuseAddress, isReusePort

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Detail

DEFAULT_TCP_NO_DELAY

public static final boolean DEFAULT_TCP_NO_DELAY

The default value of TCP-no-delay = true (Nagle disabled)

See Also:

Constant Field Values

DEFAULT_TCP_KEEP_ALIVE

public static final boolean DEFAULT_TCP_KEEP_ALIVE

The default value of TCP keep alive = false

See Also:

Constant Field Values

DEFAULT_SO_LINGER

public static final int DEFAULT_SO_LINGER

The default value of SO_linger = -1

See Also:

Constant Field Values

DEFAULT_SSL

public static final boolean DEFAULT_SSL

SSL enable by default = false

See Also:

Constant Field Values

DEFAULT_IDLE_TIMEOUT

public static final int DEFAULT_IDLE_TIMEOUT

Default idle timeout = 0

See Also:

Constant Field Values

DEFAULT_IDLE_TIMEOUT_TIME_UNIT

public static final TimeUnit DEFAULT_IDLE_TIMEOUT_TIME_UNIT

Default idle time unit = SECONDS

DEFAULT_USE_ALPN

public static final boolean DEFAULT_USE_ALPN

Default use alpn = false

See Also:

Constant Field Values

DEFAULT_SSL_ENGINE

public static final SSLEngineOptions DEFAULT_SSL_ENGINE

The default SSL engine options = null (autoguess)

DEFAULT_ENABLED_SECURE_TRANSPORT_PROTOCOLS

public static final List<String> DEFAULT_ENABLED_SECURE_TRANSPORT_PROTOCOLS

The default ENABLED_SECURE_TRANSPORT_PROTOCOLS value = { "SSLv2Hello", "TLSv1", "TLSv1.1", "TLSv1.2" }

SSLv3 is NOT enabled due to POODLE vulnerability http://en.wikipedia.org/wiki/POODLE

"SSLv2Hello" is NOT enabled since it's disabled by default since JDK7

DEFAULT_TCP_FAST_OPEN

public static final boolean DEFAULT_TCP_FAST_OPEN

The default TCP_FASTOPEN value = false

See Also:

Constant Field Values

DEFAULT_TCP_CORK

public static final boolean DEFAULT_TCP_CORK

The default TCP_CORK value = false

See Also:

Constant Field Values

DEFAULT_TCP_QUICKACK

public static final boolean DEFAULT_TCP_QUICKACK

The default TCP_QUICKACK value = false

See Also:

Constant Field Values

DEFAULT_SSL_HANDSHAKE_TIMEOUT

public static final long DEFAULT_SSL_HANDSHAKE_TIMEOUT

The default value of SSL handshake timeout = 10

See Also:

Constant Field Values

DEFAULT_SSL_HANDSHAKE_TIMEOUT_TIME_UNIT

public static final TimeUnit DEFAULT_SSL_HANDSHAKE_TIMEOUT_TIME_UNIT

Default SSL handshake time unit = SECONDS

Constructor Detail

TCPSSLOptions

public TCPSSLOptions()

Default constructor

TCPSSLOptions

public TCPSSLOptions(TCPSSLOptions other)

Copy constructor

Parameters:

other - the options to copy

TCPSSLOptions

public TCPSSLOptions(JsonObject json)

Create options from JSON

Parameters:

json - the JSON

Method Detail

toJson

public JsonObject toJson()

Convert to JSON

Overrides:

toJson in class NetworkOptions

Returns:

the JSON

isTcpNoDelay

public boolean isTcpNoDelay()

Returns:

TCP no delay enabled ?

setTcpNoDelay

public TCPSSLOptions setTcpNoDelay(boolean tcpNoDelay)

Set whether TCP no delay is enabled

Parameters:

tcpNoDelay - true if TCP no delay is enabled (Nagle disabled)

Returns:

a reference to this, so the API can be used fluently

isTcpKeepAlive

public boolean isTcpKeepAlive()

Returns:

is TCP keep alive enabled?

setTcpKeepAlive

public TCPSSLOptions setTcpKeepAlive(boolean tcpKeepAlive)

Set whether TCP keep alive is enabled

Parameters:

tcpKeepAlive - true if TCP keep alive is enabled

Returns:

a reference to this, so the API can be used fluently

getSoLinger

public int getSoLinger()

Returns:

is SO_linger enabled

setSoLinger

public TCPSSLOptions setSoLinger(int soLinger)

Set whether SO_linger keep alive is enabled

Parameters:

soLinger - true if SO_linger is enabled

Returns:

a reference to this, so the API can be used fluently

setIdleTimeout

public TCPSSLOptions setIdleTimeout(int idleTimeout)

Set the idle timeout, default time unit is seconds. Zero means don't timeout. This determines if a connection will timeout and be closed if no data is received within the timeout. If you want change default time unit, use setIdleTimeoutUnit(TimeUnit)

Parameters:

idleTimeout - the timeout, in seconds

Returns:

a reference to this, so the API can be used fluently

getIdleTimeout

public int getIdleTimeout()

Returns:

the idle timeout, in time unit specified by getIdleTimeoutUnit().

setIdleTimeoutUnit

public TCPSSLOptions setIdleTimeoutUnit(TimeUnit idleTimeoutUnit)

Set the idle timeout unit. If not specified, default is seconds.

Parameters:

idleTimeoutUnit - specify time unit.

Returns:

a reference to this, so the API can be used fluently

getIdleTimeoutUnit

public TimeUnit getIdleTimeoutUnit()

Returns:

the idle timeout unit.

isSsl

public boolean isSsl()

Returns:

is SSL/TLS enabled?

setSsl

public TCPSSLOptions setSsl(boolean ssl)

Set whether SSL/TLS is enabled

Parameters:

ssl - true if enabled

Returns:

a reference to this, so the API can be used fluently

getKeyCertOptions

public KeyCertOptions getKeyCertOptions()

Returns:

the key/cert options

setKeyCertOptions

public TCPSSLOptions setKeyCertOptions(KeyCertOptions options)

Set the key/cert options.

Parameters:

options - the key store options

Returns:

a reference to this, so the API can be used fluently

getKeyStoreOptions

public JksOptions getKeyStoreOptions()

Get the key/cert options in jks format, aka Java keystore.

Returns:

the key/cert options in jks format, aka Java keystore.

setKeyStoreOptions

public TCPSSLOptions setKeyStoreOptions(JksOptions options)

Set the key/cert options in jks format, aka Java keystore.

Parameters:

options - the key store in jks format

Returns:

a reference to this, so the API can be used fluently

getPfxKeyCertOptions

public PfxOptions getPfxKeyCertOptions()

Get the key/cert options in pfx format.

Returns:

the key/cert options in pfx format.

setPfxKeyCertOptions

public TCPSSLOptions setPfxKeyCertOptions(PfxOptions options)

Set the key/cert options in pfx format.

Parameters:

options - the key cert options in pfx format

Returns:

a reference to this, so the API can be used fluently

getPemKeyCertOptions

public PemKeyCertOptions getPemKeyCertOptions()

Get the key/cert store options in pem format.

Returns:

the key/cert store options in pem format.

setPemKeyCertOptions

public TCPSSLOptions setPemKeyCertOptions(PemKeyCertOptions options)

Set the key/cert store options in pem format.

Parameters:

options - the options in pem format

Returns:

a reference to this, so the API can be used fluently

getTrustOptions

public TrustOptions getTrustOptions()

Returns:

the trust options

setTrustOptions

public TCPSSLOptions setTrustOptions(TrustOptions options)

Set the trust options.

Parameters:

options - the trust options

Returns:

a reference to this, so the API can be used fluently

getTrustStoreOptions

public JksOptions getTrustStoreOptions()

Get the trust options in jks format, aka Java truststore

Returns:

the trust options in jks format, aka Java truststore

setTrustStoreOptions

public TCPSSLOptions setTrustStoreOptions(JksOptions options)

Set the trust options in jks format, aka Java truststore

Parameters:

options - the trust options in jks format

Returns:

a reference to this, so the API can be used fluently

getPfxTrustOptions

public PfxOptions getPfxTrustOptions()

Get the trust options in pfx format

Returns:

the trust options in pfx format

setPfxTrustOptions

public TCPSSLOptions setPfxTrustOptions(PfxOptions options)

Set the trust options in pfx format

Parameters:

options - the trust options in pfx format

Returns:

a reference to this, so the API can be used fluently

getPemTrustOptions

public PemTrustOptions getPemTrustOptions()

Get the trust options in pem format

Returns:

the trust options in pem format

setPemTrustOptions

public TCPSSLOptions setPemTrustOptions(PemTrustOptions options)

Set the trust options in pem format

Parameters:

options - the trust options in pem format

Returns:

a reference to this, so the API can be used fluently

addEnabledCipherSuite

public TCPSSLOptions addEnabledCipherSuite(String suite)

Add an enabled cipher suite, appended to the ordered suites.

Parameters:

suite - the suite

Returns:

a reference to this, so the API can be used fluently

getEnabledCipherSuites

public Set<String> getEnabledCipherSuites()

Returns:

the enabled cipher suites

getCrlPaths

public List<String> getCrlPaths()

Returns:

the CRL (Certificate revocation list) paths

addCrlPath

public TCPSSLOptions addCrlPath(String crlPath)
                         throws NullPointerException

Add a CRL path

Parameters:

crlPath - the path

Returns:

a reference to this, so the API can be used fluently

Throws:

NullPointerException

getCrlValues

public List<Buffer> getCrlValues()

Get the CRL values

Returns:

the list of values

addCrlValue

public TCPSSLOptions addCrlValue(Buffer crlValue)
                          throws NullPointerException

Add a CRL value

Parameters:

crlValue - the value

Returns:

a reference to this, so the API can be used fluently

Throws:

NullPointerException

isUseAlpn

public boolean isUseAlpn()

Returns:

whether to use or not Application-Layer Protocol Negotiation

setUseAlpn

public TCPSSLOptions setUseAlpn(boolean useAlpn)

Set the ALPN usage.

Parameters:

useAlpn - true when Application-Layer Protocol Negotiation should be used

getSslEngineOptions

public SSLEngineOptions getSslEngineOptions()

Returns:

the SSL engine implementation to use

setSslEngineOptions

public TCPSSLOptions setSslEngineOptions(SSLEngineOptions sslEngineOptions)

Set to use SSL engine implementation to use.

Parameters:

sslEngineOptions - the ssl engine to use

Returns:

a reference to this, so the API can be used fluently

getJdkSslEngineOptions

public JdkSSLEngineOptions getJdkSslEngineOptions()

setJdkSslEngineOptions

public TCPSSLOptions setJdkSslEngineOptions(JdkSSLEngineOptions sslEngineOptions)

getOpenSslEngineOptions

public OpenSSLEngineOptions getOpenSslEngineOptions()

setOpenSslEngineOptions

public TCPSSLOptions setOpenSslEngineOptions(OpenSSLEngineOptions sslEngineOptions)

setEnabledSecureTransportProtocols

public TCPSSLOptions setEnabledSecureTransportProtocols(Set<String> enabledSecureTransportProtocols)

Sets the list of enabled SSL/TLS protocols.

Parameters:

enabledSecureTransportProtocols - the SSL/TLS protocols to enable

Returns:

a reference to this, so the API can be used fluently

addEnabledSecureTransportProtocol

public TCPSSLOptions addEnabledSecureTransportProtocol(String protocol)

Add an enabled SSL/TLS protocols, appended to the ordered protocols.

Parameters:

protocol - the SSL/TLS protocol to enable

Returns:

a reference to this, so the API can be used fluently

removeEnabledSecureTransportProtocol

public TCPSSLOptions removeEnabledSecureTransportProtocol(String protocol)

Removes an enabled SSL/TLS protocol from the ordered protocols.

Parameters:

protocol - the SSL/TLS protocol to disable

Returns:

a reference to this, so the API can be used fluently

isTcpFastOpen

public boolean isTcpFastOpen()

Returns:

wether TCP_FASTOPEN option is enabled

setTcpFastOpen

public TCPSSLOptions setTcpFastOpen(boolean tcpFastOpen)

Enable the TCP_FASTOPEN option - only with linux native transport.

Parameters:

tcpFastOpen - the fast open value

isTcpCork

public boolean isTcpCork()

Returns:

wether TCP_CORK option is enabled

setTcpCork

public TCPSSLOptions setTcpCork(boolean tcpCork)

Enable the TCP_CORK option - only with linux native transport.

Parameters:

tcpCork - the cork value

isTcpQuickAck

public boolean isTcpQuickAck()

Returns:

wether TCP_QUICKACK option is enabled

setTcpQuickAck

public TCPSSLOptions setTcpQuickAck(boolean tcpQuickAck)

Enable the TCP_QUICKACK option - only with linux native transport.

Parameters:

tcpQuickAck - the quick ack value

getEnabledSecureTransportProtocols

public Set<String> getEnabledSecureTransportProtocols()

Returns the enabled SSL/TLS protocols

Returns:

the enabled protocols

getSslHandshakeTimeout

public long getSslHandshakeTimeout()

Returns:

the SSL handshake timeout, in time unit specified by getSslHandshakeTimeoutUnit().

setSslHandshakeTimeout

public TCPSSLOptions setSslHandshakeTimeout(long sslHandshakeTimeout)

Set the SSL handshake timeout, default time unit is seconds.

Parameters:

sslHandshakeTimeout - the SSL handshake timeout to set, in milliseconds

Returns:

a reference to this, so the API can be used fluently

setSslHandshakeTimeoutUnit

public TCPSSLOptions setSslHandshakeTimeoutUnit(TimeUnit sslHandshakeTimeoutUnit)

Set the SSL handshake timeout unit. If not specified, default is seconds.

Parameters:

sslHandshakeTimeoutUnit - specify time unit.

Returns:

a reference to this, so the API can be used fluently

getSslHandshakeTimeoutUnit

public TimeUnit getSslHandshakeTimeoutUnit()

Returns:

the SSL handshake timeout unit.

setLogActivity

public TCPSSLOptions setLogActivity(boolean logEnabled)

Description copied from class: NetworkOptions

Set to true to enabled network activity logging: Netty's pipeline is configured for logging on Netty's logger.

Overrides:

setLogActivity in class NetworkOptions

Parameters:

logEnabled - true for logging the network activity

Returns:

a reference to this, so the API can be used fluently

setSendBufferSize

public TCPSSLOptions setSendBufferSize(int sendBufferSize)

Description copied from class: NetworkOptions

Set the TCP send buffer size

Overrides:

setSendBufferSize in class NetworkOptions

Parameters:

sendBufferSize - the buffers size, in bytes

Returns:

a reference to this, so the API can be used fluently

setReceiveBufferSize

public TCPSSLOptions setReceiveBufferSize(int receiveBufferSize)

Description copied from class: NetworkOptions

Set the TCP receive buffer size

Overrides:

setReceiveBufferSize in class NetworkOptions

Parameters:

receiveBufferSize - the buffers size, in bytes

Returns:

a reference to this, so the API can be used fluently

setReuseAddress

public TCPSSLOptions setReuseAddress(boolean reuseAddress)

Description copied from class: NetworkOptions

Set the value of reuse address

Overrides:

setReuseAddress in class NetworkOptions

Parameters:

reuseAddress - the value of reuse address

Returns:

a reference to this, so the API can be used fluently

setTrafficClass

public TCPSSLOptions setTrafficClass(int trafficClass)

Description copied from class: NetworkOptions

Set the value of traffic class

Overrides:

setTrafficClass in class NetworkOptions

Parameters:

trafficClass - the value of traffic class

Returns:

a reference to this, so the API can be used fluently

setReusePort

public TCPSSLOptions setReusePort(boolean reusePort)

Description copied from class: NetworkOptions

Set the value of reuse port.

This is only supported by native transports.

Overrides:

setReusePort in class NetworkOptions

Parameters:

reusePort - the value of reuse port

Returns:

a reference to this, so the API can be used fluently