COM.claymoresystems.sslg
Class SSLPolicyInt

java.lang.Object
  extended by COM.claymoresystems.sslg.SSLPolicyInt

public class SSLPolicyInt
extends java.lang.Object


Field Summary
static short TLS_DH_anon_EXPORT_WITH_DES40_CBC_SHA
           
static short TLS_DH_anon_EXPORT_WITH_RC4_40_MD5
           
static short TLS_DH_anon_WITH_3DES_EDE_CBC_SHA
           
static short TLS_DH_anon_WITH_DES_CBC_SHA
           
static short TLS_DH_anon_WITH_RC4_128_MD5
           
static short TLS_DH_DSS_EXPORT_WITH_DES40_CBC_SHA
           
static short TLS_DH_DSS_WITH_3DES_EDE_CBC_SHA
           
static short TLS_DH_DSS_WITH_DES_CBC_SHA
           
static short TLS_DH_RSA_EXPORT_WITH_DES40_CBC_SHA
           
static short TLS_DH_RSA_WITH_3DES_EDE_CBC_SHA
           
static short TLS_DH_RSA_WITH_DES_CBC_SHA
           
static short TLS_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA
           
static short TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA
           
static short TLS_DHE_DSS_WITH_DES_CBC_SHA
           
static short TLS_DHE_DSS_WITH_NULL_SHA
           
static short TLS_DHE_DSS_WITH_RC4_128_SHA
           
static short TLS_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA
           
static short TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA
           
static short TLS_DHE_RSA_WITH_DES_CBC_SHA
           
static short TLS_RSA_EXPORT_WITH_DES40_CBC_SHA
           
static short TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5
           
static short TLS_RSA_EXPORT_WITH_RC4_40_MD5
           
static short TLS_RSA_WITH_3DES_EDE_CBC_SHA
           
static short TLS_RSA_WITH_DES_CBC_SHA
           
static short TLS_RSA_WITH_IDEA_CBC_SHA
           
static short TLS_RSA_WITH_NULL_MD5
           
static short TLS_RSA_WITH_NULL_SHA
           
static short TLS_RSA_WITH_RC4_128_MD5
           
static short TLS_RSA_WITH_RC4_128_SHA
           
 
Constructor Summary
SSLPolicyInt()
           
 
Method Summary
 void acceptUnverifiableCertificates(boolean accept)
          allow unverifiable certificates.
 boolean acceptUnverifiableCertificatesP()
          return whether unverifiable certificates are accepted
 boolean dhAlwaysEphemeralP()
           
 CertVerifyPolicyInt getCertVerifyPolicy()
           
static java.lang.String getCipherSuiteName(int num)
          get the name of a cipher from the number
static int getCipherSuiteNumber(java.lang.String name)
          get the number of a cipher from the name
 short[] getCipherSuites()
          Return the allowed cipherSuites
 int getSessionLifetime()
          return the lifetime of a session
 void handshakeOnConnect(boolean value)
           
 boolean handshakeOnConnectP()
           
 void negotiateTLS(boolean tls)
          Set whether to try to negotiate TLS.
 boolean negotiateTLSP()
          return whether TLS is to be negotiated
 void requireClientAuth(boolean val)
          Set whether or not to require client authentication when negotiating (this is relevant only for servers)
 boolean requireClientAuthP()
          Get whether client auth is required.
 void setCertVerifyPolicy(CertVerifyPolicyInt p)
           
 void setCipherSuites(short[] cS)
          Specify which cipherSuites may be negotiated.
 void setDHAlwaysEphemeral(boolean dhephemeral)
          Force the creation of a new ephemeral DH key for each connection Only set this to false if you are using a Sophie-Germain or other prime designed to resist small subgroup attacks.
 void setSessonLifetime(int lifetime)
          Set the lifetime of a cached session.
 void waitOnClose(boolean v)
           
 boolean waitOnCloseP()
           
 
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 

Field Detail

TLS_RSA_WITH_NULL_MD5

public static final short TLS_RSA_WITH_NULL_MD5
See Also:
Constant Field Values

TLS_RSA_WITH_NULL_SHA

public static final short TLS_RSA_WITH_NULL_SHA
See Also:
Constant Field Values

TLS_RSA_EXPORT_WITH_RC4_40_MD5

public static final short TLS_RSA_EXPORT_WITH_RC4_40_MD5
See Also:
Constant Field Values

TLS_RSA_WITH_RC4_128_MD5

public static final short TLS_RSA_WITH_RC4_128_MD5
See Also:
Constant Field Values

TLS_RSA_WITH_RC4_128_SHA

public static final short TLS_RSA_WITH_RC4_128_SHA
See Also:
Constant Field Values

TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5

public static final short TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5
See Also:
Constant Field Values

TLS_RSA_WITH_IDEA_CBC_SHA

public static final short TLS_RSA_WITH_IDEA_CBC_SHA
See Also:
Constant Field Values

TLS_RSA_EXPORT_WITH_DES40_CBC_SHA

public static final short TLS_RSA_EXPORT_WITH_DES40_CBC_SHA
See Also:
Constant Field Values

TLS_RSA_WITH_DES_CBC_SHA

public static final short TLS_RSA_WITH_DES_CBC_SHA
See Also:
Constant Field Values

TLS_RSA_WITH_3DES_EDE_CBC_SHA

public static final short TLS_RSA_WITH_3DES_EDE_CBC_SHA
See Also:
Constant Field Values

TLS_DH_DSS_EXPORT_WITH_DES40_CBC_SHA

public static final short TLS_DH_DSS_EXPORT_WITH_DES40_CBC_SHA
See Also:
Constant Field Values

TLS_DH_DSS_WITH_DES_CBC_SHA

public static final short TLS_DH_DSS_WITH_DES_CBC_SHA
See Also:
Constant Field Values

TLS_DH_DSS_WITH_3DES_EDE_CBC_SHA

public static final short TLS_DH_DSS_WITH_3DES_EDE_CBC_SHA
See Also:
Constant Field Values

TLS_DH_RSA_EXPORT_WITH_DES40_CBC_SHA

public static final short TLS_DH_RSA_EXPORT_WITH_DES40_CBC_SHA
See Also:
Constant Field Values

TLS_DH_RSA_WITH_DES_CBC_SHA

public static final short TLS_DH_RSA_WITH_DES_CBC_SHA
See Also:
Constant Field Values

TLS_DH_RSA_WITH_3DES_EDE_CBC_SHA

public static final short TLS_DH_RSA_WITH_3DES_EDE_CBC_SHA
See Also:
Constant Field Values

TLS_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA

public static final short TLS_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA
See Also:
Constant Field Values

TLS_DHE_DSS_WITH_DES_CBC_SHA

public static final short TLS_DHE_DSS_WITH_DES_CBC_SHA
See Also:
Constant Field Values

TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA

public static final short TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA
See Also:
Constant Field Values

TLS_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA

public static final short TLS_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA
See Also:
Constant Field Values

TLS_DHE_RSA_WITH_DES_CBC_SHA

public static final short TLS_DHE_RSA_WITH_DES_CBC_SHA
See Also:
Constant Field Values

TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA

public static final short TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA
See Also:
Constant Field Values

TLS_DH_anon_EXPORT_WITH_RC4_40_MD5

public static final short TLS_DH_anon_EXPORT_WITH_RC4_40_MD5
See Also:
Constant Field Values

TLS_DH_anon_WITH_RC4_128_MD5

public static final short TLS_DH_anon_WITH_RC4_128_MD5
See Also:
Constant Field Values

TLS_DH_anon_EXPORT_WITH_DES40_CBC_SHA

public static final short TLS_DH_anon_EXPORT_WITH_DES40_CBC_SHA
See Also:
Constant Field Values

TLS_DH_anon_WITH_DES_CBC_SHA

public static final short TLS_DH_anon_WITH_DES_CBC_SHA
See Also:
Constant Field Values

TLS_DH_anon_WITH_3DES_EDE_CBC_SHA

public static final short TLS_DH_anon_WITH_3DES_EDE_CBC_SHA
See Also:
Constant Field Values

TLS_DHE_DSS_WITH_RC4_128_SHA

public static final short TLS_DHE_DSS_WITH_RC4_128_SHA
See Also:
Constant Field Values

TLS_DHE_DSS_WITH_NULL_SHA

public static final short TLS_DHE_DSS_WITH_NULL_SHA
See Also:
Constant Field Values
Constructor Detail

SSLPolicyInt

public SSLPolicyInt()
Method Detail

requireClientAuth

public void requireClientAuth(boolean val)
Set whether or not to require client authentication when negotiating (this is relevant only for servers)

Parameters:
val - a boolean specifying whether client auth is required. The default is no

requireClientAuthP

public boolean requireClientAuthP()
Get whether client auth is required. This is relevant only for servers

Returns:
val a boolean indicating whether client auth is required

setCipherSuites

public void setCipherSuites(short[] cS)
Specify which cipherSuites may be negotiated.

Currently there is no check made as to whether these cipherSuites are in fact negotiatable given the current keying material. This is a bug.

Currently supported cipher suites:

         TLS_DHE_DSS_EXPORT_WITH_DES40_RSA
         TLS_DHE_DSS_WITH_DES_CBC_SHA
         TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA
         TLS_RSA_WITH_3DES_EDE_CBC_SHA,
         TLS_RSA_WITH_DES_CBC_SHA,
         TLS_RSA_WITH_RC4_128_MD5,
         TLS_RSA_WITH_RC4_128_SHA,
         TLS_RSA_EXPORT_WITH_RC4_40_MD5,
         TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5,
         TLS_RSA_EXPORT_WITH_DES40_CBC_SHA
         

Parameters:
cS - the list of allowed cipherSuites as an array of shorts. The values are specified as constants in this class

getCipherSuites

public short[] getCipherSuites()
Return the allowed cipherSuites

Returns:
a short[] containing all the cipherSuites currently allowed

negotiateTLS

public void negotiateTLS(boolean tls)
Set whether to try to negotiate TLS. IF this value is false, SSLv3 will be negotiated. The default is true/yes.

Parameters:
tls - a boolean indicating whether to try to negotiate TLS

negotiateTLSP

public boolean negotiateTLSP()
return whether TLS is to be negotiated

Returns:
a boolean indicating whether TLS negotiation is attempted.

setSessonLifetime

public void setSessonLifetime(int lifetime)
Set the lifetime of a cached session. Any attempt to resume a session after it has expired will fail. This has no effect on sessions that are currently active, however.

Parameters:
lifetime - lifetime of a cached session in seconds. Default is 86400 (1 day)

getSessionLifetime

public int getSessionLifetime()
return the lifetime of a session

Returns:
the lifetime setting, in seconds

getCipherSuiteName

public static java.lang.String getCipherSuiteName(int num)
get the name of a cipher from the number

Returns:
the name

getCipherSuiteNumber

public static int getCipherSuiteNumber(java.lang.String name)
get the number of a cipher from the name

Returns:
the number (or -1)

acceptUnverifiableCertificates

public void acceptUnverifiableCertificates(boolean accept)
allow unverifiable certificates. If we encounter a certificate which cannot be verified by a known root, we ordinarily reject, but this accepts that behavior to be overridden. The value of getCertificateChain() will be null.

Setting this value to true completely compromises security against active attack. This should only be used for testing purposes.

Parameters:
accept - a boolean indicating whether unverifiable certificates should be accepted

acceptUnverifiableCertificatesP

public boolean acceptUnverifiableCertificatesP()
return whether unverifiable certificates are accepted

Returns:
a boolean indicating whether unverifiable certs will be accepted

setDHAlwaysEphemeral

public void setDHAlwaysEphemeral(boolean dhephemeral)
Force the creation of a new ephemeral DH key for each connection Only set this to false if you are using a Sophie-Germain or other prime designed to resist small subgroup attacks.

Parameters:
dhephemeral - a boolean indicating whether to force a new DH key for each connection--default to true

dhAlwaysEphemeralP

public boolean dhAlwaysEphemeralP()

handshakeOnConnect

public void handshakeOnConnect(boolean value)

handshakeOnConnectP

public boolean handshakeOnConnectP()

waitOnClose

public void waitOnClose(boolean v)

waitOnCloseP

public boolean waitOnCloseP()

setCertVerifyPolicy

public void setCertVerifyPolicy(CertVerifyPolicyInt p)

getCertVerifyPolicy

public CertVerifyPolicyInt getCertVerifyPolicy()


Copyright (c) 1999-2001 Claymore Systems, Inc., All Rights Reserved.