io.vertx.core.net

Class SSLOptions

java.lang.Object

io.vertx.core.net.SSLOptions

public class SSLOptions
extends Object

SSL options

Author:

Tim Fox

Field Summary

Fields

Modifier and Type	Field and Description
static List<String>	DEFAULT_ENABLED_SECURE_TRANSPORT_PROTOCOLS The default ENABLED_SECURE_TRANSPORT_PROTOCOLS value = { "TLSv1", "TLSv1.1", "TLSv1.2", "TLSv1.3" } SSLv3 is NOT enabled due to POODLE vulnerability http://en.wikipedia.org/wiki/POODLE "SSLv2Hello" is NOT enabled since it's disabled by default since JDK7
static long	DEFAULT_SSL_HANDSHAKE_TIMEOUT The default value of SSL handshake timeout = 10
static TimeUnit	DEFAULT_SSL_HANDSHAKE_TIMEOUT_TIME_UNIT Default SSL handshake time unit = SECONDS
static boolean	DEFAULT_USE_ALPN Default use alpn = false

Constructor Summary

Constructors

Constructor and Description
SSLOptions() Default constructor
SSLOptions(JsonObject json) Create options from JSON
SSLOptions(SSLOptions other) Copy constructor

Method Summary

Modifier and Type	Method and Description
SSLOptions	addCrlPath(String crlPath) Add a CRL path
SSLOptions	addCrlValue(Buffer crlValue) Add a CRL value
SSLOptions	addEnabledCipherSuite(String suite) Add an enabled cipher suite, appended to the ordered suites.
SSLOptions	addEnabledSecureTransportProtocol(String protocol) Add an enabled SSL/TLS protocols, appended to the ordered protocols.
List<String>	getCrlPaths()
List<Buffer>	getCrlValues() Get the CRL values
Set<String>	getEnabledCipherSuites() Return an ordered set of the cipher suites.
Set<String>	getEnabledSecureTransportProtocols() Returns the enabled SSL/TLS protocols
KeyCertOptions	getKeyCertOptions()
long	getSslHandshakeTimeout()
TimeUnit	getSslHandshakeTimeoutUnit()
TrustOptions	getTrustOptions()
boolean	isUseAlpn()
SSLOptions	removeEnabledCipherSuite(String suite) Removes an enabled cipher suite from the ordered suites.
SSLOptions	removeEnabledSecureTransportProtocol(String protocol) Removes an enabled SSL/TLS protocol from the ordered protocols.
SSLOptions	setEnabledSecureTransportProtocols(Set<String> enabledSecureTransportProtocols) Sets the list of enabled SSL/TLS protocols.
SSLOptions	setKeyCertOptions(KeyCertOptions options) Set the key/cert options.
SSLOptions	setSslHandshakeTimeout(long sslHandshakeTimeout) Set the SSL handshake timeout, default time unit is seconds.
SSLOptions	setSslHandshakeTimeoutUnit(TimeUnit sslHandshakeTimeoutUnit) Set the SSL handshake timeout unit.
SSLOptions	setTrustOptions(TrustOptions options) Set the trust options.
SSLOptions	setUseAlpn(boolean useAlpn) Set the ALPN usage.
JsonObject	toJson() Convert to JSON

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Detail

DEFAULT_USE_ALPN

public static final boolean DEFAULT_USE_ALPN

Default use alpn = false

See Also:

Constant Field Values

DEFAULT_SSL_HANDSHAKE_TIMEOUT

public static final long DEFAULT_SSL_HANDSHAKE_TIMEOUT

The default value of SSL handshake timeout = 10

See Also:

Constant Field Values

DEFAULT_SSL_HANDSHAKE_TIMEOUT_TIME_UNIT

public static final TimeUnit DEFAULT_SSL_HANDSHAKE_TIMEOUT_TIME_UNIT

Default SSL handshake time unit = SECONDS

DEFAULT_ENABLED_SECURE_TRANSPORT_PROTOCOLS

public static final List<String> DEFAULT_ENABLED_SECURE_TRANSPORT_PROTOCOLS

The default ENABLED_SECURE_TRANSPORT_PROTOCOLS value = { "TLSv1", "TLSv1.1", "TLSv1.2", "TLSv1.3" }

SSLv3 is NOT enabled due to POODLE vulnerability http://en.wikipedia.org/wiki/POODLE

"SSLv2Hello" is NOT enabled since it's disabled by default since JDK7

Constructor Detail

SSLOptions

public SSLOptions(JsonObject json)

Create options from JSON

Parameters:

json - the JSON

SSLOptions

public SSLOptions()

Default constructor

SSLOptions

public SSLOptions(SSLOptions other)

Copy constructor

Parameters:

other - the options to copy

Method Detail

getKeyCertOptions

public KeyCertOptions getKeyCertOptions()

Returns:

the key/cert options

setKeyCertOptions

public SSLOptions setKeyCertOptions(KeyCertOptions options)

Set the key/cert options.

Parameters:

options - the key store options

Returns:

a reference to this, so the API can be used fluently

getTrustOptions

public TrustOptions getTrustOptions()

Returns:

the trust options

setTrustOptions

public SSLOptions setTrustOptions(TrustOptions options)

Set the trust options.

Parameters:

options - the trust options

Returns:

a reference to this, so the API can be used fluently

addEnabledCipherSuite

public SSLOptions addEnabledCipherSuite(String suite)

Add an enabled cipher suite, appended to the ordered suites.

Parameters:

suite - the suite

Returns:

a reference to this, so the API can be used fluently

See Also:

getEnabledCipherSuites()

removeEnabledCipherSuite

public SSLOptions removeEnabledCipherSuite(String suite)

Removes an enabled cipher suite from the ordered suites.

Parameters:

suite - the suite

Returns:

a reference to this, so the API can be used fluently

getEnabledCipherSuites

public Set<String> getEnabledCipherSuites()

Return an ordered set of the cipher suites.

The set is initially empty and suite should be added to this set in the desired order.

When suites are added and therefore the list is not empty, it takes precedence over the default suite defined by the SSLEngineOptions in use.

Returns:

the enabled cipher suites

getCrlPaths

public List<String> getCrlPaths()

Returns:

the CRL (Certificate revocation list) paths

addCrlPath

public SSLOptions addCrlPath(String crlPath)
                      throws NullPointerException

Add a CRL path

Parameters:

crlPath - the path

Returns:

a reference to this, so the API can be used fluently

Throws:

NullPointerException

getCrlValues

public List<Buffer> getCrlValues()

Get the CRL values

Returns:

the list of values

addCrlValue

public SSLOptions addCrlValue(Buffer crlValue)
                       throws NullPointerException

Add a CRL value

Parameters:

crlValue - the value

Returns:

a reference to this, so the API can be used fluently

Throws:

NullPointerException

isUseAlpn

public boolean isUseAlpn()

Returns:

whether to use or not Application-Layer Protocol Negotiation

setUseAlpn

public SSLOptions setUseAlpn(boolean useAlpn)

Set the ALPN usage.

Parameters:

useAlpn - true when Application-Layer Protocol Negotiation should be used

getEnabledSecureTransportProtocols

public Set<String> getEnabledSecureTransportProtocols()

Returns the enabled SSL/TLS protocols

Returns:

the enabled protocols

getSslHandshakeTimeout

public long getSslHandshakeTimeout()

Returns:

the SSL handshake timeout, in time unit specified by getSslHandshakeTimeoutUnit().

setSslHandshakeTimeout

public SSLOptions setSslHandshakeTimeout(long sslHandshakeTimeout)

Set the SSL handshake timeout, default time unit is seconds.

Parameters:

sslHandshakeTimeout - the SSL handshake timeout to set, in milliseconds

Returns:

a reference to this, so the API can be used fluently

setSslHandshakeTimeoutUnit

public SSLOptions setSslHandshakeTimeoutUnit(TimeUnit sslHandshakeTimeoutUnit)

Set the SSL handshake timeout unit. If not specified, default is seconds.

Parameters:

sslHandshakeTimeoutUnit - specify time unit.

Returns:

a reference to this, so the API can be used fluently

getSslHandshakeTimeoutUnit

public TimeUnit getSslHandshakeTimeoutUnit()

Returns:

the SSL handshake timeout unit.

setEnabledSecureTransportProtocols

public SSLOptions setEnabledSecureTransportProtocols(Set<String> enabledSecureTransportProtocols)

Sets the list of enabled SSL/TLS protocols.

Parameters:

enabledSecureTransportProtocols - the SSL/TLS protocols to enable

Returns:

a reference to this, so the API can be used fluently

addEnabledSecureTransportProtocol

public SSLOptions addEnabledSecureTransportProtocol(String protocol)

Add an enabled SSL/TLS protocols, appended to the ordered protocols.

Parameters:

protocol - the SSL/TLS protocol to enable

Returns:

a reference to this, so the API can be used fluently

removeEnabledSecureTransportProtocol

public SSLOptions removeEnabledSecureTransportProtocol(String protocol)

Removes an enabled SSL/TLS protocol from the ordered protocols.

Parameters:

protocol - the SSL/TLS protocol to disable

Returns:

a reference to this, so the API can be used fluently

toJson

public JsonObject toJson()

Convert to JSON

Returns:

the JSON