Java client server socket ssl

Java client server socket ssl

This class extends ServerSocket and provides secure server sockets using protocols such as the Secure Sockets Layer (SSL) or Transport Layer Security (TLS) protocols. Instances of this class are generally created using an SSLServerSocketFactory . The primary function of an SSLServerSocket is to create SSLSocket s by accept ing connections. An SSLServerSocket contains several pieces of state data which are inherited by the SSLSocket at socket creation. These include the enabled cipher suites and protocols, whether client authentication is necessary, and whether created sockets should begin handshaking in client or server mode. The state inherited by the created SSLSocket can be overriden by calling the appropriate methods.

Constructor Summary

Method Summary

Returns the names of the protocols which are currently enabled for use by the newly accepted connections.

Returns true if new SSL sessions may be established by the sockets which are created from this server socket.

Returns true if client authentication will be required on newly accept ed server-mode SSLSocket s.
Returns true if client authentication will be requested on newly accepted server-mode connections.

Controls whether new SSL sessions may be established by the sockets which are created from this server socket.

Controls whether accept ed server-mode SSLSockets will be initially configured to require client authentication.

Читайте также:  Python syntax for list

Controls whether accept ed server-mode SSLSockets will be initially configured to request client authentication.

Methods declared in class java.net.ServerSocket

Methods declared in class java.lang.Object

Constructor Detail

SSLServerSocket

Used only by subclasses. Create an unbound TCP server socket using the default authentication context.

SSLServerSocket

Used only by subclasses. Create a TCP server socket on a port, using the default authentication context. The connection backlog defaults to fifty connections queued up before the system starts to reject new connection requests. A port number of 0 creates a socket on any free port. If there is a security manager, its checkListen method is called with the port argument as its argument to ensure the operation is allowed. This could result in a SecurityException.

SSLServerSocket

Used only by subclasses. Create a TCP server socket on a port, using the default authentication context and a specified backlog of connections. A port number of 0 creates a socket on any free port. The backlog argument is the requested maximum number of pending connections on the socket. Its exact semantics are implementation specific. In particular, an implementation may impose a maximum length or may choose to ignore the parameter altogther. The value provided should be greater than 0 . If it is less than or equal to 0 , then an implementation specific default will be used. If there is a security manager, its checkListen method is called with the port argument as its argument to ensure the operation is allowed. This could result in a SecurityException.

SSLServerSocket

protected SSLServerSocket​(int port, int backlog, InetAddress address) throws IOException

Used only by subclasses. Create a TCP server socket on a port, using the default authentication context and a specified backlog of connections as well as a particular specified network interface. This constructor is used on multihomed hosts, such as those used for firewalls or as routers, to control through which interface a network service is provided. If there is a security manager, its checkListen method is called with the port argument as its argument to ensure the operation is allowed. This could result in a SecurityException. A port number of 0 creates a socket on any free port. The backlog argument is the requested maximum number of pending connections on the socket. Its exact semantics are implementation specific. In particular, an implementation may impose a maximum length or may choose to ignore the parameter altogther. The value provided should be greater than 0 . If it is less than or equal to 0 , then an implementation specific default will be used. If address is null, it will default accepting connections on any/all local addresses.

Method Detail

getEnabledCipherSuites

Returns the list of cipher suites which are currently enabled for use by newly accepted connections. If this list has not been explicitly modified, a system-provided default guarantees a minimum quality of service in all enabled cipher suites. Note that even if a suite is enabled, it may never be used. This can occur if the peer does not support it, or its use is restricted, or the requisite certificates (and private keys) for the suite are not available, or an anonymous suite is enabled but authentication is required. The returned array includes cipher suites from the list of standard cipher suite names in the JSSE Cipher Suite Names section of the Java Cryptography Architecture Standard Algorithm Name Documentation, and may also include other cipher suites that the provider supports.

setEnabledCipherSuites

Sets the cipher suites enabled for use by accepted connections. The cipher suites must have been listed by getSupportedCipherSuites() as being supported. Following a successful call to this method, only suites listed in the suites parameter are enabled for use. Suites that require authentication information which is not available in this ServerSocket’s authentication context will not be used in any case, even if they are enabled. Note that the standard list of cipher suite names may be found in the JSSE Cipher Suite Names section of the Java Cryptography Architecture Standard Algorithm Name Documentation. Providers may support cipher suite names not found in this list or might not use the recommended name for a certain cipher suite. SSLSocket s returned from accept() inherit this setting.

getSupportedCipherSuites

Returns the names of the cipher suites which could be enabled for use on an SSL connection. Normally, only a subset of these will actually be enabled by default, since this list may include cipher suites which do not meet quality of service requirements for those defaults. Such cipher suites are useful in specialized applications. The returned array includes cipher suites from the list of standard cipher suite names in the JSSE Cipher Suite Names section of the Java Cryptography Architecture Standard Algorithm Name Documentation, and may also include other cipher suites that the provider supports.

getSupportedProtocols

getEnabledProtocols

Returns the names of the protocols which are currently enabled for use by the newly accepted connections. Note that even if a protocol is enabled, it may never be used. This can occur if the peer does not support the protocol, or its use is restricted, or there are no enabled cipher suites supported by the protocol.

setEnabledProtocols

Controls which particular protocols are enabled for use by accepted connections. The protocols must have been listed by getSupportedProtocols() as being supported. Following a successful call to this method, only protocols listed in the protocols parameter are enabled for use. SSLSocket s returned from accept() inherit this setting.

setNeedClientAuth

public abstract void setNeedClientAuth​(boolean need)
  • client authentication required
  • client authentication requested
  • no client authentication desired

Unlike setWantClientAuth(boolean) , if the accepted socket’s option is set and the client chooses not to provide authentication information about itself, the negotiations will stop and the connection will be dropped.

Calling this method overrides any previous setting made by this method or setWantClientAuth(boolean) .

getNeedClientAuth

public abstract boolean getNeedClientAuth()

Returns true if client authentication will be required on newly accept ed server-mode SSLSocket s. The initial inherited setting may be overridden by calling SSLSocket.setNeedClientAuth(boolean) or SSLSocket.setWantClientAuth(boolean) .

setWantClientAuth

public abstract void setWantClientAuth​(boolean want)
  • client authentication required
  • client authentication requested
  • no client authentication desired

Unlike setNeedClientAuth(boolean) , if the accepted socket’s option is set and the client chooses not to provide authentication information about itself, the negotiations will continue.

Calling this method overrides any previous setting made by this method or setNeedClientAuth(boolean) .

getWantClientAuth

public abstract boolean getWantClientAuth()

Returns true if client authentication will be requested on newly accepted server-mode connections. The initial inherited setting may be overridden by calling SSLSocket.setNeedClientAuth(boolean) or SSLSocket.setWantClientAuth(boolean) .

setUseClientMode

public abstract void setUseClientMode​(boolean mode)

Controls whether accepted connections are in the (default) SSL server mode, or the SSL client mode. Servers normally authenticate themselves, and clients are not required to do so. In rare cases, TCP servers need to act in the SSL client mode on newly accepted connections. For example, FTP clients acquire server sockets and listen there for reverse connections from the server. An FTP client would use an SSLServerSocket in «client» mode to accept the reverse connection while the FTP server uses an SSLSocket with «client» mode disabled to initiate the connection. During the resulting handshake, existing SSL sessions may be reused. SSLSocket s returned from accept() inherit this setting.

getUseClientMode

public abstract boolean getUseClientMode()

setEnableSessionCreation

public abstract void setEnableSessionCreation​(boolean flag)

Controls whether new SSL sessions may be established by the sockets which are created from this server socket. SSLSocket s returned from accept() inherit this setting.

getEnableSessionCreation

public abstract boolean getEnableSessionCreation()

Returns true if new SSL sessions may be established by the sockets which are created from this server socket.

getSSLParameters

Returns the SSLParameters in effect for newly accepted connections. The ciphersuites and protocols of the returned SSLParameters are always non-null.

setSSLParameters

  • If params.getCipherSuites() is non-null, setEnabledCipherSuites() is called with that value.
  • If params.getProtocols() is non-null, setEnabledProtocols() is called with that value.
  • If params.getNeedClientAuth() or params.getWantClientAuth() return true , setNeedClientAuth(true) and setWantClientAuth(true) are called, respectively; otherwise setWantClientAuth(false) is called.
  • If params.getServerNames() is non-null, the socket will configure its server names with that value.
  • If params.getSNIMatchers() is non-null, the socket will configure its SNI matchers with that value.

Report a bug or suggest an enhancement
For further API reference and developer documentation see the Java SE Documentation, which contains more detailed, developer-targeted descriptions with conceptual overviews, definitions of terms, workarounds, and working code examples.
Java is a trademark or registered trademark of Oracle and/or its affiliates in the US and other countries.
Copyright © 1993, 2023, Oracle and/or its affiliates, 500 Oracle Parkway, Redwood Shores, CA 94065 USA.
All rights reserved. Use is subject to license terms and the documentation redistribution policy.

Источник

Оцените статью