|
||||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | |||||||||
SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |
java.lang.ObjectCOM.claymoresystems.sslg.SSLPolicyInt
public class SSLPolicyInt
Constructor Summary | |
---|---|
SSLPolicyInt()
|
Method Summary | |
---|---|
void |
acceptUnverifiableCertificates(boolean accept)
allow unverifiable certificates. |
boolean |
acceptUnverifiableCertificatesP()
return whether unverifiable certificates are accepted |
boolean |
dhAlwaysEphemeralP()
|
CertVerifyPolicyInt |
getCertVerifyPolicy()
|
static java.lang.String |
getCipherSuiteName(int num)
get the name of a cipher from the number |
static int |
getCipherSuiteNumber(java.lang.String name)
get the number of a cipher from the name |
short[] |
getCipherSuites()
Return the allowed cipherSuites |
int |
getSessionLifetime()
return the lifetime of a session |
void |
handshakeOnConnect(boolean value)
|
boolean |
handshakeOnConnectP()
|
void |
negotiateTLS(boolean tls)
Set whether to try to negotiate TLS. |
boolean |
negotiateTLSP()
return whether TLS is to be negotiated |
void |
requireClientAuth(boolean val)
Set whether or not to require client authentication when negotiating (this is relevant only for servers) |
boolean |
requireClientAuthP()
Get whether client auth is required. |
void |
setCertVerifyPolicy(CertVerifyPolicyInt p)
|
void |
setCipherSuites(short[] cS)
Specify which cipherSuites may be negotiated. |
void |
setDHAlwaysEphemeral(boolean dhephemeral)
Force the creation of a new ephemeral DH key for each connection Only set this to false if you are using a Sophie-Germain or other prime designed to resist small subgroup attacks. |
void |
setSessonLifetime(int lifetime)
Set the lifetime of a cached session. |
void |
waitOnClose(boolean v)
|
boolean |
waitOnCloseP()
|
Methods inherited from class java.lang.Object |
---|
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait |
Field Detail |
---|
public static final short TLS_RSA_WITH_NULL_MD5
public static final short TLS_RSA_WITH_NULL_SHA
public static final short TLS_RSA_EXPORT_WITH_RC4_40_MD5
public static final short TLS_RSA_WITH_RC4_128_MD5
public static final short TLS_RSA_WITH_RC4_128_SHA
public static final short TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5
public static final short TLS_RSA_WITH_IDEA_CBC_SHA
public static final short TLS_RSA_EXPORT_WITH_DES40_CBC_SHA
public static final short TLS_RSA_WITH_DES_CBC_SHA
public static final short TLS_RSA_WITH_3DES_EDE_CBC_SHA
public static final short TLS_DH_DSS_EXPORT_WITH_DES40_CBC_SHA
public static final short TLS_DH_DSS_WITH_DES_CBC_SHA
public static final short TLS_DH_DSS_WITH_3DES_EDE_CBC_SHA
public static final short TLS_DH_RSA_EXPORT_WITH_DES40_CBC_SHA
public static final short TLS_DH_RSA_WITH_DES_CBC_SHA
public static final short TLS_DH_RSA_WITH_3DES_EDE_CBC_SHA
public static final short TLS_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA
public static final short TLS_DHE_DSS_WITH_DES_CBC_SHA
public static final short TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA
public static final short TLS_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA
public static final short TLS_DHE_RSA_WITH_DES_CBC_SHA
public static final short TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA
public static final short TLS_DH_anon_EXPORT_WITH_RC4_40_MD5
public static final short TLS_DH_anon_WITH_RC4_128_MD5
public static final short TLS_DH_anon_EXPORT_WITH_DES40_CBC_SHA
public static final short TLS_DH_anon_WITH_DES_CBC_SHA
public static final short TLS_DH_anon_WITH_3DES_EDE_CBC_SHA
public static final short TLS_DHE_DSS_WITH_RC4_128_SHA
public static final short TLS_DHE_DSS_WITH_NULL_SHA
Constructor Detail |
---|
public SSLPolicyInt()
Method Detail |
---|
public void requireClientAuth(boolean val)
val
- a boolean specifying whether client auth is required. The default is nopublic boolean requireClientAuthP()
public void setCipherSuites(short[] cS)
Currently there is no check made as to whether these cipherSuites are in fact negotiatable given the current keying material. This is a bug.
Currently supported cipher suites:
TLS_DHE_DSS_EXPORT_WITH_DES40_RSA TLS_DHE_DSS_WITH_DES_CBC_SHA TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA TLS_RSA_WITH_3DES_EDE_CBC_SHA, TLS_RSA_WITH_DES_CBC_SHA, TLS_RSA_WITH_RC4_128_MD5, TLS_RSA_WITH_RC4_128_SHA, TLS_RSA_EXPORT_WITH_RC4_40_MD5, TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5, TLS_RSA_EXPORT_WITH_DES40_CBC_SHA
cS
- the list of allowed cipherSuites as an array of shorts. The values are specified as constants in this classpublic short[] getCipherSuites()
public void negotiateTLS(boolean tls)
tls
- a boolean indicating whether to try to negotiate TLSpublic boolean negotiateTLSP()
public void setSessonLifetime(int lifetime)
lifetime
- lifetime of a cached session in seconds. Default is 86400 (1 day)public int getSessionLifetime()
public static java.lang.String getCipherSuiteName(int num)
public static int getCipherSuiteNumber(java.lang.String name)
public void acceptUnverifiableCertificates(boolean accept)
Setting this value to true completely compromises security against active attack. This should only be used for testing purposes.
accept
- a boolean indicating whether unverifiable certificates should be acceptedpublic boolean acceptUnverifiableCertificatesP()
public void setDHAlwaysEphemeral(boolean dhephemeral)
dhephemeral
- a boolean indicating whether to force a new DH key for each connection--default to truepublic boolean dhAlwaysEphemeralP()
public void handshakeOnConnect(boolean value)
public boolean handshakeOnConnectP()
public void waitOnClose(boolean v)
public boolean waitOnCloseP()
public void setCertVerifyPolicy(CertVerifyPolicyInt p)
public CertVerifyPolicyInt getCertVerifyPolicy()
|
||||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | |||||||||
SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |