src/java.base/share/classes/javax/net/ssl/SSLParameters.java

Print this page 
rev 10851 : Implement TLS_FALLBACK_SCSV


  57  * {@link SSLServerSocket#setSSLParameters SSLServerSocket.setSSLParameters()}
  58  * and {@link SSLEngine#setSSLParameters SSLEngine.setSSLParameters()}.
  59  *
  60  * @see SSLSocket
  61  * @see SSLEngine
  62  * @see SSLContext
  63  *
  64  * @since 1.6
  65  */
  66 public class SSLParameters {
  67 
  68     private String[] cipherSuites;
  69     private String[] protocols;
  70     private boolean wantClientAuth;
  71     private boolean needClientAuth;
  72     private String identificationAlgorithm;
  73     private AlgorithmConstraints algorithmConstraints;
  74     private Map<Integer, SNIServerName> sniNames = null;
  75     private Map<Integer, SNIMatcher> sniMatchers = null;
  76     private boolean preferLocalCipherSuites;

  77 
  78     /**
  79      * Constructs SSLParameters.
  80      * <p>
  81      * The values of cipherSuites, protocols, cryptographic algorithm
  82      * constraints, endpoint identification algorithm, server names and
  83      * server name matchers are set to <code>null</code>, useCipherSuitesOrder,
  84      * wantClientAuth and needClientAuth are set to <code>false</code>.
  85      */
  86     public SSLParameters() {
  87         // empty
  88     }
  89 
  90     /**
  91      * Constructs SSLParameters from the specified array of ciphersuites.
  92      * <p>
  93      * Calling this constructor is equivalent to calling the no-args
  94      * constructor followed by
  95      * <code>setCipherSuites(cipherSuites);</code>.
  96      *


 446      * @see #getUseCipherSuitesOrder()
 447      *
 448      * @since 1.8
 449      */
 450     public final void setUseCipherSuitesOrder(boolean honorOrder) {
 451         this.preferLocalCipherSuites = honorOrder;
 452     }
 453 
 454     /**
 455      * Returns whether the local cipher suites preference should be honored.
 456      *
 457      * @return whether local cipher suites order in {@code #getCipherSuites}
 458      *         should be honored during SSL/TLS handshaking.
 459      *
 460      * @see #setUseCipherSuitesOrder(boolean)
 461      *
 462      * @since 1.8
 463      */
 464     public final boolean getUseCipherSuitesOrder() {
 465         return preferLocalCipherSuites;



































 466     }
 467 }
 468 



  57  * {@link SSLServerSocket#setSSLParameters SSLServerSocket.setSSLParameters()}
  58  * and {@link SSLEngine#setSSLParameters SSLEngine.setSSLParameters()}.
  59  *
  60  * @see SSLSocket
  61  * @see SSLEngine
  62  * @see SSLContext
  63  *
  64  * @since 1.6
  65  */
  66 public class SSLParameters {
  67 
  68     private String[] cipherSuites;
  69     private String[] protocols;
  70     private boolean wantClientAuth;
  71     private boolean needClientAuth;
  72     private String identificationAlgorithm;
  73     private AlgorithmConstraints algorithmConstraints;
  74     private Map<Integer, SNIServerName> sniNames = null;
  75     private Map<Integer, SNIMatcher> sniMatchers = null;
  76     private boolean preferLocalCipherSuites;
  77     private boolean sendFallbackSCSV;
  78 
  79     /**
  80      * Constructs SSLParameters.
  81      * <p>
  82      * The values of cipherSuites, protocols, cryptographic algorithm
  83      * constraints, endpoint identification algorithm, server names and
  84      * server name matchers are set to <code>null</code>, useCipherSuitesOrder,
  85      * wantClientAuth and needClientAuth are set to <code>false</code>.
  86      */
  87     public SSLParameters() {
  88         // empty
  89     }
  90 
  91     /**
  92      * Constructs SSLParameters from the specified array of ciphersuites.
  93      * <p>
  94      * Calling this constructor is equivalent to calling the no-args
  95      * constructor followed by
  96      * <code>setCipherSuites(cipherSuites);</code>.
  97      *


 447      * @see #getUseCipherSuitesOrder()
 448      *
 449      * @since 1.8
 450      */
 451     public final void setUseCipherSuitesOrder(boolean honorOrder) {
 452         this.preferLocalCipherSuites = honorOrder;
 453     }
 454 
 455     /**
 456      * Returns whether the local cipher suites preference should be honored.
 457      *
 458      * @return whether local cipher suites order in {@code #getCipherSuites}
 459      *         should be honored during SSL/TLS handshaking.
 460      *
 461      * @see #setUseCipherSuitesOrder(boolean)
 462      *
 463      * @since 1.8
 464      */
 465     public final boolean getUseCipherSuitesOrder() {
 466         return preferLocalCipherSuites;
 467     }
 468 
 469     /**
 470      * Sets whether the TLS client should tell the TLS server that it
 471      * has performed a protocol downgrade.
 472      * <p>
 473      * <em>Note: Performing protocol downgrades outside the TLS
 474      * protocol can introduce security vulnerabilities.  The
 475      * built-in version negotiation mechanism of the TLS protocol
 476      * should be used instead of explicit protocol downgrades.</em>
 477      *
 478      * @param sendSCSV whether to send @{code TLS_FALLBACK_SCSV}
 479      *        as part of the TLS handshake.
 480      *
 481      * @see #getSendFallbackSCSV()
 482      *
 483      * @since 1.9
 484      */
 485     public final void setSendFallbackSCSV(boolean sendSCSV) {
 486         sendFallbackSCSV = sendSCSV;
 487     }
 488 
 489     /**
 490      * Returns whether the TLS client should tell the TLS server that it
 491      * has performed a protocol downgrade.
 492      *
 493      * @return whether to send @{code TLS_FALLBACK_SCSV}
 494      *         as part of the TLS handshake.
 495      *
 496      * @see #setSendFallbackSCSV(boolean)
 497      *
 498      * @since 1.9
 499      */
 500     public final boolean getSendFallbackSCSV() {
 501         return sendFallbackSCSV;
 502     }
 503 }
 504