org.mozilla.jss.ssl

Class SSLSocket

public class SSLSocket extends Socket

SSL client socket.
Nested Class Summary
static classSSLSocket.CipherPolicy
Field Summary
static intSSL2_DES_192_EDE3_CBC_WITH_MD5
static intSSL2_DES_64_CBC_WITH_MD5
static intSSL2_IDEA_128_CBC_WITH_MD5
static intSSL2_RC2_128_CBC_EXPORT40_WITH_MD5
static intSSL2_RC2_128_CBC_WITH_MD5
static intSSL2_RC4_128_EXPORT40_WITH_MD5
static intSSL2_RC4_128_WITH_MD5
Note the following cipher-suites constants are not all implemented.
static intSSL3_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA
static intSSL3_DHE_DSS_WITH_3DES_EDE_CBC_SHA
static intSSL3_DHE_DSS_WITH_DES_CBC_SHA
static intSSL3_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA
static intSSL3_DHE_RSA_WITH_3DES_EDE_CBC_SHA
static intSSL3_DHE_RSA_WITH_DES_CBC_SHA
static intSSL3_DH_ANON_EXPORT_WITH_DES40_CBC_SHA
static intSSL3_DH_ANON_EXPORT_WITH_RC4_40_MD5
static intSSL3_DH_ANON_WITH_3DES_EDE_CBC_SHA
static intSSL3_DH_ANON_WITH_DES_CBC_SHA
static intSSL3_DH_ANON_WITH_RC4_128_MD5
static intSSL3_DH_DSS_EXPORT_WITH_DES40_CBC_SHA
static intSSL3_DH_DSS_WITH_3DES_EDE_CBC_SHA
static intSSL3_DH_DSS_WITH_DES_CBC_SHA
static intSSL3_DH_RSA_EXPORT_WITH_DES40_CBC_SHA
static intSSL3_DH_RSA_WITH_3DES_EDE_CBC_SHA
static intSSL3_DH_RSA_WITH_DES_CBC_SHA
static intSSL3_FORTEZZA_DMS_WITH_FORTEZZA_CBC_SHA
static intSSL3_FORTEZZA_DMS_WITH_NULL_SHA
static intSSL3_FORTEZZA_DMS_WITH_RC4_128_SHA
static intSSL3_RSA_EXPORT_WITH_DES40_CBC_SHA
static intSSL3_RSA_EXPORT_WITH_RC2_CBC_40_MD5
static intSSL3_RSA_EXPORT_WITH_RC4_40_MD5
static intSSL3_RSA_WITH_3DES_EDE_CBC_SHA
static intSSL3_RSA_WITH_DES_CBC_SHA
static intSSL3_RSA_WITH_IDEA_CBC_SHA
static intSSL3_RSA_WITH_NULL_MD5
static intSSL3_RSA_WITH_NULL_SHA
static intSSL3_RSA_WITH_RC4_128_MD5
static intSSL3_RSA_WITH_RC4_128_SHA
static intSSL_REQUIRE_ALWAYS
static intSSL_REQUIRE_FIRST_HANDSHAKE
static intSSL_REQUIRE_NEVER
static intSSL_REQUIRE_NO_ERROR
static intSSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA
static intSSL_RSA_FIPS_WITH_DES_CBC_SHA
static intTLS_DHE_DSS_EXPORT1024_WITH_DES_CBC_SHA
static intTLS_DHE_DSS_EXPORT1024_WITH_RC4_56_SHA
static intTLS_DHE_DSS_WITH_AES_128_CBC_SHA
static intTLS_DHE_DSS_WITH_AES_256_CBC_SHA
static intTLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA
static intTLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA
static intTLS_DHE_DSS_WITH_RC4_128_SHA
static intTLS_DHE_RSA_WITH_AES_128_CBC_SHA
static intTLS_DHE_RSA_WITH_AES_256_CBC_SHA
static intTLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA
static intTLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA
static intTLS_DH_ANON_WITH_AES_128_CBC_SHA
static intTLS_DH_ANON_WITH_AES_256_CBC_SHA
static intTLS_DH_ANON_WITH_CAMELLIA_128_CBC_SHA
static intTLS_DH_ANON_WITH_CAMELLIA_256_CBC_SHA
static intTLS_DH_DSS_WITH_AES_128_CBC_SHA
static intTLS_DH_DSS_WITH_AES_256_CBC_SHA
static intTLS_DH_DSS_WITH_CAMELLIA_128_CBC_SHA
static intTLS_DH_DSS_WITH_CAMELLIA_256_CBC_SHA
static intTLS_DH_RSA_WITH_AES_128_CBC_SHA
static intTLS_DH_RSA_WITH_AES_256_CBC_SHA
static intTLS_DH_RSA_WITH_CAMELLIA_128_CBC_SHA
static intTLS_DH_RSA_WITH_CAMELLIA_256_CBC_SHA
static intTLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA
static intTLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA
static intTLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA
static intTLS_ECDHE_ECDSA_WITH_NULL_SHA
static intTLS_ECDHE_ECDSA_WITH_RC4_128_SHA
static intTLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA
static intTLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
static intTLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
static intTLS_ECDHE_RSA_WITH_NULL_SHA
static intTLS_ECDHE_RSA_WITH_RC4_128_SHA
static intTLS_ECDH_anon_WITH_3DES_EDE_CBC_SHA
static intTLS_ECDH_anon_WITH_AES_128_CBC_SHA
static intTLS_ECDH_anon_WITH_AES_256_CBC_SHA
static intTLS_ECDH_anon_WITH_NULL_SHA
static intTLS_ECDH_anon_WITH_RC4_128_SHA
static intTLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA
static intTLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA
static intTLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA
static intTLS_ECDH_ECDSA_WITH_NULL_SHA
static intTLS_ECDH_ECDSA_WITH_RC4_128_SHA
static intTLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA
static intTLS_ECDH_RSA_WITH_AES_128_CBC_SHA
static intTLS_ECDH_RSA_WITH_AES_256_CBC_SHA
static intTLS_ECDH_RSA_WITH_NULL_SHA
static intTLS_ECDH_RSA_WITH_RC4_128_SHA
static intTLS_RSA_EXPORT1024_WITH_DES_CBC_SHA
static intTLS_RSA_EXPORT1024_WITH_RC4_56_SHA
static intTLS_RSA_WITH_AES_128_CBC_SHA
static intTLS_RSA_WITH_AES_256_CBC_SHA
static intTLS_RSA_WITH_CAMELLIA_128_CBC_SHA
static intTLS_RSA_WITH_CAMELLIA_256_CBC_SHA
Constructor Summary
SSLSocket(String host, int port)
Creates an SSL client socket and connects to the specified host and port.
SSLSocket(InetAddress address, int port)
Creates an SSL client socket and connects to the specified address and port.
SSLSocket(String host, int port, InetAddress localAddr, int localPort)
Creates an SSL client socket and connects to the specified host and port.
SSLSocket(InetAddress address, int port, InetAddress localAddr, int localPort)
Creates an SSL client socket and connects to the specified address and port.
SSLSocket(String host, int port, InetAddress localAddr, int localPort, SSLCertificateApprovalCallback certApprovalCallback, SSLClientCertificateSelectionCallback clientCertSelectionCallback)
Creates an SSL client socket and connects to the specified host and port.
SSLSocket(InetAddress address, int port, InetAddress localAddr, int localPort, boolean stream, SSLCertificateApprovalCallback certApprovalCallback, SSLClientCertificateSelectionCallback clientCertSelectionCallback)
Creates an SSL client socket and connects to the specified host and port.
SSLSocket(InetAddress address, int port, InetAddress localAddr, int localPort, SSLCertificateApprovalCallback certApprovalCallback, SSLClientCertificateSelectionCallback clientCertSelectionCallback)
Creates an SSL client socket and connects to the specified address and port.
SSLSocket(Socket s, String host, SSLCertificateApprovalCallback certApprovalCallback, SSLClientCertificateSelectionCallback clientCertSelectionCallback)
Creates an SSL client socket using the given Java socket for underlying I/O.
Method Summary
voidaddHandshakeCompletedListener(SSLHandshakeCompletedListener l)
Adds a listener to be notified when an SSL handshake completes.
voidbypassPKCS11(boolean enable)
Enables bypass of PKCS11 on this socket.
static voidbypassPKCS11Default(boolean enable)
Sets the default to bypass PKCS11 layer (except for public keys) for all new sockets.
voidclose()
Closes this socket.
voidenableFDX(boolean enable)
Enable simultaneous read/write by separate read and write threads (full duplex) for this socket.
voidenableRollbackDetection(boolean enable)
Enable rollback detection for this socket.
voidenableSSL2(boolean enable)
Enables SSL v2 on this socket.
static voidenableSSL2Default(boolean enable)
Sets the default for SSL v2 for all new sockets.
voidenableSSL3(boolean enable)
Enables SSL v3 on this socket.
static voidenableSSL3Default(boolean enable)
Sets the default for SSL v3 for all new sockets.
voidenableStepDown(boolean enable)
This option, enableStepDown, is concerned with the generation of step-down keys which are used with export suites.
voidenableTLS(boolean enable)
Enables TLS on this socket.
static voidenableTLSDefault(boolean enable)
Sets the default for TLS for all new sockets.
voidenableV2CompatibleHello(boolean enable)
Enable sending v3 client hello in v2 format for this socket.
protected voidfinalize()
voidforceHandshake()
Force an already started SSL handshake to complete.
booleangetCipherPreference(int cipher)
Returns whether this cipher is enabled or disabled on this socket.
static booleangetCipherPreferenceDefault(int cipher)
Returns the default for whether this cipher is enabled or disabled.
static int[]getImplementedCipherSuites()
Returns a list of cipher suites that are implemented by NSS.
InetAddressgetInetAddress()
InputStreamgetInputStream()
Returns the input stream for reading from this socket.
booleangetKeepAlive()
Returns the current setting of the SO_KEEPALIVE socket option.
InetAddressgetLocalAddress()
intgetLocalPort()
OutputStreamgetOutputStream()
Returns the output stream for writing to this socket.
intgetPort()
intgetReceiveBufferSize()
Returnst he size (in bytes) of the receive buffer.
intgetSendBufferSize()
Returns the size (in bytes) of the send buffer.
intgetSoLinger()
Returns the current value of the SO_LINGER socket option.
intgetSoTimeout()
Returns the current value of the SO_TIMEOUT socket option.
static StringgetSSLDefaultOptions()
StringgetSSLOptions()
SSLSecurityStatusgetStatus()
Returns the security status of this socket.
booleangetTcpNoDelay()
Returns the current setting of the TCP_NO_DELAY socket option.
booleangetUseClientMode()
voidinvalidateSession()
Removes the current session from the session cache.
static booleanisFipsCipherSuite(int ciphersuite)
isFipsCipherSuite
voidredoHandshake()
Causes SSL to begin a full, new SSL 3.0 handshake from scratch on a connection that has already completed one handshake.
voidredoHandshake(boolean flushCache)
Causes SSL to begin a full, new SSL 3.0 handshake from scratch on a connection that has already completed one handshake.
voidremoveHandshakeCompletedListener(SSLHandshakeCompletedListener l)
Removes a previously registered listener for handshake completion.
voidrequestClientAuth(boolean b)
Enables/disables the request of client authentication.
voidrequireClientAuth(boolean require, boolean onRedo)
Sets whether the socket requires client authentication from the remote peer.
voidrequireClientAuth(int mode)
Sets whether the socket requires client authentication from the remote peer.
voidrequireClientAuthDefault(boolean require, boolean onRedo)
Sets the default setting for requiring client authorization.
static voidrequireClientAuthDefault(int mode)
Sets the default setting for requiring client authorization.
voidresetHandshake()
Resets the handshake state.
static voidsetCipherPolicy(SSLSocket.CipherPolicy cp)
Sets the SSL cipher policy.
voidsetCipherPreference(int cipher, boolean enable)
Enables/disables the cipher on this socket.
static voidsetCipherPreferenceDefault(int cipher, boolean enable)
Sets the default for whether this cipher is enabled or disabled.
voidsetClientCert(X509Certificate cert)
Sets the certificate to use for client authentication.
voidsetClientCertNickname(String nick)
Sets the nickname of the certificate to use for client authentication.
voidsetKeepAlive(boolean on)
Enables or disables the SO_KEEPALIVE socket option.
voidsetNeedClientAuth(boolean b)
voidsetNeedClientAuthNoExpiryCheck(boolean b)
Enables/disables the request of client authentication.
voidsetReceiveBufferSize(int size)
Sets the size (in bytes) of the receive buffer.
voidsetSendBufferSize(int size)
Sets the size (in bytes) of the send buffer.
voidsetSoLinger(boolean on, int linger)
Sets the SO_LINGER socket option. param linger The time (in seconds) to linger for.
voidsetSoTimeout(int timeout)
Sets the SO_TIMEOUT socket option.
voidsetTcpNoDelay(boolean on)
Enables or disables the TCP_NO_DELAY socket option.
voidsetUseClientMode(boolean b)
Determines whether this end of the socket is the client or the server for purposes of the SSL protocol.
voidshutdownInput()
Shuts down the input side of the socket.
voidshutdownOutput()
Shuts down the output side of the socket.
StringtoString()
Returns the addresses and ports of this socket or an error message if the socket is not in a valid state.
voiduseCache(boolean b)
Enables/disables the session cache.
voiduseCacheDefault(boolean b)
Sets the default setting for use of the session cache.

Field Detail

SSL2_DES_192_EDE3_CBC_WITH_MD5

public static final int SSL2_DES_192_EDE3_CBC_WITH_MD5

SSL2_DES_64_CBC_WITH_MD5

public static final int SSL2_DES_64_CBC_WITH_MD5

SSL2_IDEA_128_CBC_WITH_MD5

public static final int SSL2_IDEA_128_CBC_WITH_MD5

SSL2_RC2_128_CBC_EXPORT40_WITH_MD5

public static final int SSL2_RC2_128_CBC_EXPORT40_WITH_MD5

SSL2_RC2_128_CBC_WITH_MD5

public static final int SSL2_RC2_128_CBC_WITH_MD5

SSL2_RC4_128_EXPORT40_WITH_MD5

public static final int SSL2_RC4_128_EXPORT40_WITH_MD5

SSL2_RC4_128_WITH_MD5

public static final int SSL2_RC4_128_WITH_MD5
Note the following cipher-suites constants are not all implemented. You need to call getImplementedCiphersuites.

SSL3_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA

public static final int SSL3_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA

SSL3_DHE_DSS_WITH_3DES_EDE_CBC_SHA

public static final int SSL3_DHE_DSS_WITH_3DES_EDE_CBC_SHA

SSL3_DHE_DSS_WITH_DES_CBC_SHA

public static final int SSL3_DHE_DSS_WITH_DES_CBC_SHA

SSL3_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA

public static final int SSL3_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA

SSL3_DHE_RSA_WITH_3DES_EDE_CBC_SHA

public static final int SSL3_DHE_RSA_WITH_3DES_EDE_CBC_SHA

SSL3_DHE_RSA_WITH_DES_CBC_SHA

public static final int SSL3_DHE_RSA_WITH_DES_CBC_SHA

SSL3_DH_ANON_EXPORT_WITH_DES40_CBC_SHA

public static final int SSL3_DH_ANON_EXPORT_WITH_DES40_CBC_SHA

SSL3_DH_ANON_EXPORT_WITH_RC4_40_MD5

public static final int SSL3_DH_ANON_EXPORT_WITH_RC4_40_MD5

SSL3_DH_ANON_WITH_3DES_EDE_CBC_SHA

public static final int SSL3_DH_ANON_WITH_3DES_EDE_CBC_SHA

SSL3_DH_ANON_WITH_DES_CBC_SHA

public static final int SSL3_DH_ANON_WITH_DES_CBC_SHA

SSL3_DH_ANON_WITH_RC4_128_MD5

public static final int SSL3_DH_ANON_WITH_RC4_128_MD5

SSL3_DH_DSS_EXPORT_WITH_DES40_CBC_SHA

public static final int SSL3_DH_DSS_EXPORT_WITH_DES40_CBC_SHA

SSL3_DH_DSS_WITH_3DES_EDE_CBC_SHA

public static final int SSL3_DH_DSS_WITH_3DES_EDE_CBC_SHA

SSL3_DH_DSS_WITH_DES_CBC_SHA

public static final int SSL3_DH_DSS_WITH_DES_CBC_SHA

SSL3_DH_RSA_EXPORT_WITH_DES40_CBC_SHA

public static final int SSL3_DH_RSA_EXPORT_WITH_DES40_CBC_SHA

SSL3_DH_RSA_WITH_3DES_EDE_CBC_SHA

public static final int SSL3_DH_RSA_WITH_3DES_EDE_CBC_SHA

SSL3_DH_RSA_WITH_DES_CBC_SHA

public static final int SSL3_DH_RSA_WITH_DES_CBC_SHA

SSL3_FORTEZZA_DMS_WITH_FORTEZZA_CBC_SHA

public static final int SSL3_FORTEZZA_DMS_WITH_FORTEZZA_CBC_SHA

SSL3_FORTEZZA_DMS_WITH_NULL_SHA

public static final int SSL3_FORTEZZA_DMS_WITH_NULL_SHA

Deprecated: As of NSS 3.11, FORTEZZA is no longer supported. SSL3_FORTEZZA_DMS_WITH_NULL_SHA, SSL3_FORTEZZA_DMS_WITH_RC4_128_SHA and SSL3_FORTEZZA_DMS_WITH_FORTEZZA_CBC_SHA are placeholders for backward compatibility.

SSL3_FORTEZZA_DMS_WITH_RC4_128_SHA

public static final int SSL3_FORTEZZA_DMS_WITH_RC4_128_SHA

SSL3_RSA_EXPORT_WITH_DES40_CBC_SHA

public static final int SSL3_RSA_EXPORT_WITH_DES40_CBC_SHA

SSL3_RSA_EXPORT_WITH_RC2_CBC_40_MD5

public static final int SSL3_RSA_EXPORT_WITH_RC2_CBC_40_MD5

SSL3_RSA_EXPORT_WITH_RC4_40_MD5

public static final int SSL3_RSA_EXPORT_WITH_RC4_40_MD5

SSL3_RSA_WITH_3DES_EDE_CBC_SHA

public static final int SSL3_RSA_WITH_3DES_EDE_CBC_SHA

SSL3_RSA_WITH_DES_CBC_SHA

public static final int SSL3_RSA_WITH_DES_CBC_SHA

SSL3_RSA_WITH_IDEA_CBC_SHA

public static final int SSL3_RSA_WITH_IDEA_CBC_SHA

SSL3_RSA_WITH_NULL_MD5

public static final int SSL3_RSA_WITH_NULL_MD5

SSL3_RSA_WITH_NULL_SHA

public static final int SSL3_RSA_WITH_NULL_SHA

SSL3_RSA_WITH_RC4_128_MD5

public static final int SSL3_RSA_WITH_RC4_128_MD5

SSL3_RSA_WITH_RC4_128_SHA

public static final int SSL3_RSA_WITH_RC4_128_SHA

SSL_REQUIRE_ALWAYS

public static final int SSL_REQUIRE_ALWAYS

SSL_REQUIRE_FIRST_HANDSHAKE

public static final int SSL_REQUIRE_FIRST_HANDSHAKE

SSL_REQUIRE_NEVER

public static final int SSL_REQUIRE_NEVER

SSL_REQUIRE_NO_ERROR

public static final int SSL_REQUIRE_NO_ERROR

SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA

public static final int SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA

SSL_RSA_FIPS_WITH_DES_CBC_SHA

public static final int SSL_RSA_FIPS_WITH_DES_CBC_SHA

TLS_DHE_DSS_EXPORT1024_WITH_DES_CBC_SHA

public static final int TLS_DHE_DSS_EXPORT1024_WITH_DES_CBC_SHA

TLS_DHE_DSS_EXPORT1024_WITH_RC4_56_SHA

public static final int TLS_DHE_DSS_EXPORT1024_WITH_RC4_56_SHA

TLS_DHE_DSS_WITH_AES_128_CBC_SHA

public static final int TLS_DHE_DSS_WITH_AES_128_CBC_SHA

TLS_DHE_DSS_WITH_AES_256_CBC_SHA

public static final int TLS_DHE_DSS_WITH_AES_256_CBC_SHA

TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA

public static final int TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA

TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA

public static final int TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA

TLS_DHE_DSS_WITH_RC4_128_SHA

public static final int TLS_DHE_DSS_WITH_RC4_128_SHA

TLS_DHE_RSA_WITH_AES_128_CBC_SHA

public static final int TLS_DHE_RSA_WITH_AES_128_CBC_SHA

TLS_DHE_RSA_WITH_AES_256_CBC_SHA

public static final int TLS_DHE_RSA_WITH_AES_256_CBC_SHA

TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA

public static final int TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA

TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA

public static final int TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA

TLS_DH_ANON_WITH_AES_128_CBC_SHA

public static final int TLS_DH_ANON_WITH_AES_128_CBC_SHA

TLS_DH_ANON_WITH_AES_256_CBC_SHA

public static final int TLS_DH_ANON_WITH_AES_256_CBC_SHA

TLS_DH_ANON_WITH_CAMELLIA_128_CBC_SHA

public static final int TLS_DH_ANON_WITH_CAMELLIA_128_CBC_SHA

TLS_DH_ANON_WITH_CAMELLIA_256_CBC_SHA

public static final int TLS_DH_ANON_WITH_CAMELLIA_256_CBC_SHA

TLS_DH_DSS_WITH_AES_128_CBC_SHA

public static final int TLS_DH_DSS_WITH_AES_128_CBC_SHA

TLS_DH_DSS_WITH_AES_256_CBC_SHA

public static final int TLS_DH_DSS_WITH_AES_256_CBC_SHA

TLS_DH_DSS_WITH_CAMELLIA_128_CBC_SHA

public static final int TLS_DH_DSS_WITH_CAMELLIA_128_CBC_SHA

TLS_DH_DSS_WITH_CAMELLIA_256_CBC_SHA

public static final int TLS_DH_DSS_WITH_CAMELLIA_256_CBC_SHA

TLS_DH_RSA_WITH_AES_128_CBC_SHA

public static final int TLS_DH_RSA_WITH_AES_128_CBC_SHA

TLS_DH_RSA_WITH_AES_256_CBC_SHA

public static final int TLS_DH_RSA_WITH_AES_256_CBC_SHA

TLS_DH_RSA_WITH_CAMELLIA_128_CBC_SHA

public static final int TLS_DH_RSA_WITH_CAMELLIA_128_CBC_SHA

TLS_DH_RSA_WITH_CAMELLIA_256_CBC_SHA

public static final int TLS_DH_RSA_WITH_CAMELLIA_256_CBC_SHA

TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA

public static final int TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA

TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA

public static final int TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA

TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA

public static final int TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA

TLS_ECDHE_ECDSA_WITH_NULL_SHA

public static final int TLS_ECDHE_ECDSA_WITH_NULL_SHA

TLS_ECDHE_ECDSA_WITH_RC4_128_SHA

public static final int TLS_ECDHE_ECDSA_WITH_RC4_128_SHA

TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA

public static final int TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA

TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA

public static final int TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA

TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA

public static final int TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA

TLS_ECDHE_RSA_WITH_NULL_SHA

public static final int TLS_ECDHE_RSA_WITH_NULL_SHA

TLS_ECDHE_RSA_WITH_RC4_128_SHA

public static final int TLS_ECDHE_RSA_WITH_RC4_128_SHA

TLS_ECDH_anon_WITH_3DES_EDE_CBC_SHA

public static final int TLS_ECDH_anon_WITH_3DES_EDE_CBC_SHA

TLS_ECDH_anon_WITH_AES_128_CBC_SHA

public static final int TLS_ECDH_anon_WITH_AES_128_CBC_SHA

TLS_ECDH_anon_WITH_AES_256_CBC_SHA

public static final int TLS_ECDH_anon_WITH_AES_256_CBC_SHA

TLS_ECDH_anon_WITH_NULL_SHA

public static final int TLS_ECDH_anon_WITH_NULL_SHA

TLS_ECDH_anon_WITH_RC4_128_SHA

public static final int TLS_ECDH_anon_WITH_RC4_128_SHA

TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA

public static final int TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA

TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA

public static final int TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA

TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA

public static final int TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA

TLS_ECDH_ECDSA_WITH_NULL_SHA

public static final int TLS_ECDH_ECDSA_WITH_NULL_SHA

TLS_ECDH_ECDSA_WITH_RC4_128_SHA

public static final int TLS_ECDH_ECDSA_WITH_RC4_128_SHA

TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA

public static final int TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA

TLS_ECDH_RSA_WITH_AES_128_CBC_SHA

public static final int TLS_ECDH_RSA_WITH_AES_128_CBC_SHA

TLS_ECDH_RSA_WITH_AES_256_CBC_SHA

public static final int TLS_ECDH_RSA_WITH_AES_256_CBC_SHA

TLS_ECDH_RSA_WITH_NULL_SHA

public static final int TLS_ECDH_RSA_WITH_NULL_SHA

TLS_ECDH_RSA_WITH_RC4_128_SHA

public static final int TLS_ECDH_RSA_WITH_RC4_128_SHA

TLS_RSA_EXPORT1024_WITH_DES_CBC_SHA

public static final int TLS_RSA_EXPORT1024_WITH_DES_CBC_SHA

TLS_RSA_EXPORT1024_WITH_RC4_56_SHA

public static final int TLS_RSA_EXPORT1024_WITH_RC4_56_SHA

TLS_RSA_WITH_AES_128_CBC_SHA

public static final int TLS_RSA_WITH_AES_128_CBC_SHA

TLS_RSA_WITH_AES_256_CBC_SHA

public static final int TLS_RSA_WITH_AES_256_CBC_SHA

TLS_RSA_WITH_CAMELLIA_128_CBC_SHA

public static final int TLS_RSA_WITH_CAMELLIA_128_CBC_SHA

TLS_RSA_WITH_CAMELLIA_256_CBC_SHA

public static final int TLS_RSA_WITH_CAMELLIA_256_CBC_SHA

Constructor Detail

SSLSocket

public SSLSocket(String host, int port)
Creates an SSL client socket and connects to the specified host and port.

Parameters: host The hostname to connect to. port The port to connect to.

SSLSocket

public SSLSocket(InetAddress address, int port)
Creates an SSL client socket and connects to the specified address and port.

Parameters: address The IP address to connect to. port The port to connect to.

SSLSocket

public SSLSocket(String host, int port, InetAddress localAddr, int localPort)
Creates an SSL client socket and connects to the specified host and port. Binds to the given local address and port.

Parameters: host The hostname to connect to. port The port to connect to. localAddr The local address to bind to. It can be null, in which case an unspecified local address will be chosen. localPort The local port to bind to. If 0, a random port will be assigned to the socket.

SSLSocket

public SSLSocket(InetAddress address, int port, InetAddress localAddr, int localPort)
Creates an SSL client socket and connects to the specified address and port. Binds to the given local address and port.

Parameters: address The IP address to connect to. port The port to connect to. localAddr The local address to bind to. It can be null, in which case an unspecified local address will be chosen. localPort The local port to bind to. If 0, a random port will be assigned to the socket.

SSLSocket

public SSLSocket(String host, int port, InetAddress localAddr, int localPort, SSLCertificateApprovalCallback certApprovalCallback, SSLClientCertificateSelectionCallback clientCertSelectionCallback)
Creates an SSL client socket and connects to the specified host and port. Binds to the given local address and port. Installs the given callbacks for certificate approval and client certificate selection.

Parameters: host The hostname to connect to. port The port to connect to. localAddr The local address to bind to. It can be null, in which case an unspecified local address will be chosen. localPort The local port to bind to. If 0, a random port will be assigned to the socket. certApprovalCallback A callback that can be used to override approval of the peer's certificate. clientCertSelectionCallback A callback to select the client certificate to present to the peer.

SSLSocket

public SSLSocket(InetAddress address, int port, InetAddress localAddr, int localPort, boolean stream, SSLCertificateApprovalCallback certApprovalCallback, SSLClientCertificateSelectionCallback clientCertSelectionCallback)

Deprecated: As of JSS 3.0. The stream parameter is ignored, because only stream sockets are supported.

Creates an SSL client socket and connects to the specified host and port. Binds to the given local address and port. Installs the given callbacks for certificate approval and client certificate selection.

Parameters: host The hostname to connect to. port The port to connect to. localAddr The local address to bind to. It can be null, in which case an unspecified local address will be chosen. localPort The local port to bind to. If 0, a random port will be assigned to the socket. stream This parameter is ignored. All SSLSockets are stream sockets. certApprovalCallback A callback that can be used to override approval of the peer's certificate. clientCertSelectionCallback A callback to select the client certificate to present to the peer.

SSLSocket

public SSLSocket(InetAddress address, int port, InetAddress localAddr, int localPort, SSLCertificateApprovalCallback certApprovalCallback, SSLClientCertificateSelectionCallback clientCertSelectionCallback)
Creates an SSL client socket and connects to the specified address and port. Binds to the given local address and port. Installs the given callbacks for certificate approval and client certificate selection.

Parameters: address The IP address to connect to. port The port to connect to. localAddr The local address to bind to. It can be null, in which case an unspecified local address will be chosen. localPort The local port to bind to. If 0, a random port will be assigned to the socket. certApprovalCallback A callback that can be used to override approval of the peer's certificate. clientCertSelectionCallback A callback to select the client certificate to present to the peer.

SSLSocket

public SSLSocket(Socket s, String host, SSLCertificateApprovalCallback certApprovalCallback, SSLClientCertificateSelectionCallback clientCertSelectionCallback)
Creates an SSL client socket using the given Java socket for underlying I/O. Installs the given callbacks for certificate approval and client certificate selection.

Parameters: s The Java socket to use for underlying I/O. host The hostname of the remote side of the connection. This name is used to verify the server's certificate. certApprovalCallback A callback that can be used to override approval of the peer's certificate. clientCertSelectionCallback A callback to select the client certificate to present to the peer.

Method Detail

addHandshakeCompletedListener

public void addHandshakeCompletedListener(SSLHandshakeCompletedListener l)
Adds a listener to be notified when an SSL handshake completes.

bypassPKCS11

public void bypassPKCS11(boolean enable)
Enables bypass of PKCS11 on this socket. It is disabled by default, unless the default has been changed with bypassPKCS11Default.

bypassPKCS11Default

public static void bypassPKCS11Default(boolean enable)
Sets the default to bypass PKCS11 layer (except for public keys) for all new sockets.

close

public void close()
Closes this socket.

enableFDX

public void enableFDX(boolean enable)
Enable simultaneous read/write by separate read and write threads (full duplex) for this socket. It is disabled by default, unless the default has been changed with enableFDXDefault.

enableRollbackDetection

public void enableRollbackDetection(boolean enable)
Enable rollback detection for this socket. It is enabled by default, unless the default has been changed with enableRollbackDetectionDefault.

enableSSL2

public void enableSSL2(boolean enable)
Enables SSL v2 on this socket. It is enabled by default, unless the default has been changed with enableSSL2Default.

enableSSL2Default

public static void enableSSL2Default(boolean enable)
Sets the default for SSL v2 for all new sockets.

enableSSL3

public void enableSSL3(boolean enable)
Enables SSL v3 on this socket. It is enabled by default, unless the default has been changed with enableSSL3Default.

enableSSL3Default

public static void enableSSL3Default(boolean enable)
Sets the default for SSL v3 for all new sockets.

enableStepDown

public void enableStepDown(boolean enable)
This option, enableStepDown, is concerned with the generation of step-down keys which are used with export suites. If the server cert's public key is 512 bits or less this option is ignored because step-down keys don't need to be generated. If the server cert's public key is more than 512 bits, this option has the following effect: enable=true: generate step-down keys enable=false: don't generate step-down keys; disable export cipher suites This option is enabled by default; unless the default has been changed with SSLSocket.enableStepDownDefault.

enableTLS

public void enableTLS(boolean enable)
Enables TLS on this socket. It is enabled by default, unless the default has been changed with enableTLSDefault.

enableTLSDefault

public static void enableTLSDefault(boolean enable)
Sets the default for TLS for all new sockets.

enableV2CompatibleHello

public void enableV2CompatibleHello(boolean enable)
Enable sending v3 client hello in v2 format for this socket. It is enabled by default, unless the default has been changed with enableV2CompatibleHelloDefault.

finalize

protected void finalize()

forceHandshake

public void forceHandshake()
Force an already started SSL handshake to complete. This method should block until the handshake has completed.

getCipherPreference

public boolean getCipherPreference(int cipher)
Returns whether this cipher is enabled or disabled on this socket.

getCipherPreferenceDefault

public static boolean getCipherPreferenceDefault(int cipher)
Returns the default for whether this cipher is enabled or disabled.

getImplementedCipherSuites

public static int[] getImplementedCipherSuites()
Returns a list of cipher suites that are implemented by NSS. Each element in the array will be one of the cipher suite constants defined in this class (for example, TLS_RSA_WITH_AES_128_CBC_SHA).

getInetAddress

public InetAddress getInetAddress()

Returns: The remote peer's IP address or null if the SSLSocket is closed.

getInputStream

public InputStream getInputStream()
Returns the input stream for reading from this socket.

getKeepAlive

public boolean getKeepAlive()
Returns the current setting of the SO_KEEPALIVE socket option.

getLocalAddress

public InetAddress getLocalAddress()

Returns: The local IP address or null if the SSLSocket is closed.

getLocalPort

public int getLocalPort()

Returns: The local port or -1 if the SSLSocket is closed.

getOutputStream

public OutputStream getOutputStream()
Returns the output stream for writing to this socket.

getPort

public int getPort()

Returns: The remote port.

getReceiveBufferSize

public int getReceiveBufferSize()
Returnst he size (in bytes) of the receive buffer.

getSendBufferSize

public int getSendBufferSize()
Returns the size (in bytes) of the send buffer.

getSoLinger

public int getSoLinger()
Returns the current value of the SO_LINGER socket option.

getSoTimeout

public int getSoTimeout()
Returns the current value of the SO_TIMEOUT socket option.

Returns: The timeout time in milliseconds.

getSSLDefaultOptions

public static String getSSLDefaultOptions()

Returns: a String listing the Default SSLOptions for all SSLSockets.

getSSLOptions

public String getSSLOptions()

Returns: a String listing the current SSLOptions for this SSLSocket.

getStatus

public SSLSecurityStatus getStatus()
Returns the security status of this socket.

getTcpNoDelay

public boolean getTcpNoDelay()
Returns the current setting of the TCP_NO_DELAY socket option.

getUseClientMode

public boolean getUseClientMode()

Returns: true if this end of the socket is the SSL client, false if it is the SSL server.

invalidateSession

public void invalidateSession()
Removes the current session from the session cache.

isFipsCipherSuite

public static boolean isFipsCipherSuite(int ciphersuite)
isFipsCipherSuite

Returns: true if the ciphersuite isFIPS, false otherwise

redoHandshake

public void redoHandshake()
Causes SSL to begin a full, new SSL 3.0 handshake from scratch on a connection that has already completed one handshake.

Does not flush the SSL3 cache entry first, so a full handshake will not take place. Instead only the symmetric session keys will be regenerated.

redoHandshake

public void redoHandshake(boolean flushCache)
Causes SSL to begin a full, new SSL 3.0 handshake from scratch on a connection that has already completed one handshake.

Parameters: flushCache If true, this session will be flushed from the cache. This will force a complete SSL handshake with a private key operation. If false, only the session key will be regenerated.

removeHandshakeCompletedListener

public void removeHandshakeCompletedListener(SSLHandshakeCompletedListener l)
Removes a previously registered listener for handshake completion.

requestClientAuth

public void requestClientAuth(boolean b)
Enables/disables the request of client authentication. This is only meaningful for the server end of the SSL connection. During the next handshake, the remote peer will be asked to authenticate itself.

See Also: SSLSocket

requireClientAuth

public void requireClientAuth(boolean require, boolean onRedo)

Deprecated: use requireClientAuth(int)

Sets whether the socket requires client authentication from the remote peer. If requestClientAuth() has not already been called, this method will tell the socket to request client auth as well as requiring it.

requireClientAuth

public void requireClientAuth(int mode)
Sets whether the socket requires client authentication from the remote peer. If requestClientAuth() has not already been called, this method will tell the socket to request client auth as well as requiring it. This is only meaningful for the server end of the SSL connection. During the next handshake, the remote peer will be asked to authenticate itself with the requirement that was set.

Parameters: mode One of: SSLSocket.SSL_REQUIRE_NEVER, SSLSocket.SSL_REQUIRE_ALWAYS, SSLSocket.SSL_REQUIRE_FIRST_HANDSHAKE, SSLSocket.SSL_REQUIRE_NO_ERROR

requireClientAuthDefault

public void requireClientAuthDefault(boolean require, boolean onRedo)

Deprecated: use requireClientAuthDefault(int)

Sets the default setting for requiring client authorization. All subsequently created sockets will use this default setting.

requireClientAuthDefault

public static void requireClientAuthDefault(int mode)
Sets the default setting for requiring client authorization. All subsequently created sockets will use this default setting This is only meaningful for the server end of the SSL connection.

Parameters: mode One of: SSLSocket.SSL_REQUIRE_NEVER, SSLSocket.SSL_REQUIRE_ALWAYS, SSLSocket.SSL_REQUIRE_FIRST_HANDSHAKE, SSLSocket.SSL_REQUIRE_NO_ERROR

resetHandshake

public void resetHandshake()
Resets the handshake state.

setCipherPolicy

public static void setCipherPolicy(SSLSocket.CipherPolicy cp)
Sets the SSL cipher policy. This must be called before creating any SSL sockets.

setCipherPreference

public void setCipherPreference(int cipher, boolean enable)
Enables/disables the cipher on this socket.

setCipherPreferenceDefault

public static void setCipherPreferenceDefault(int cipher, boolean enable)
Sets the default for whether this cipher is enabled or disabled.

setClientCert

public void setClientCert(X509Certificate cert)
Sets the certificate to use for client authentication. Alternately, you can specify an SSLClientCertificateSelectionCallback, which will receive a list of certificates that are valid for client authentication.

See Also: SSLClientCertificateSelectionCallback

setClientCertNickname

public void setClientCertNickname(String nick)
Sets the nickname of the certificate to use for client authentication. Alternately, you can specify an SSLClientCertificateSelectionCallback, which will receive a list of certificates that are valid for client authentication.

See Also: SSLClientCertificateSelectionCallback

setKeepAlive

public void setKeepAlive(boolean on)
Enables or disables the SO_KEEPALIVE socket option.

setNeedClientAuth

public void setNeedClientAuth(boolean b)

Deprecated: As of JSS 3.0. This method is misnamed. Use requestClientAuth instead.

setNeedClientAuthNoExpiryCheck

public void setNeedClientAuthNoExpiryCheck(boolean b)

Deprecated: As of JSS 3.0. This method is misnamed. Use requestClientAuthNoExpiryCheck instead.

Enables/disables the request of client authentication. This is only meaningful for the server end of the SSL connection. During the next handshake, the remote peer will be asked to authenticate itself.

In addition, the client certificate's expiration will not prevent it from being accepted.

See Also: public void requestClientAuthNoExpiryCheck(boolean b) throws SocketException { base.requestClientAuthNoExpiryCheck(b); } /**

setReceiveBufferSize

public void setReceiveBufferSize(int size)
Sets the size (in bytes) of the receive buffer.

setSendBufferSize

public void setSendBufferSize(int size)
Sets the size (in bytes) of the send buffer.

setSoLinger

public void setSoLinger(boolean on, int linger)
Sets the SO_LINGER socket option. param linger The time (in seconds) to linger for.

setSoTimeout

public void setSoTimeout(int timeout)
Sets the SO_TIMEOUT socket option.

Parameters: timeout The timeout time in milliseconds.

setTcpNoDelay

public void setTcpNoDelay(boolean on)
Enables or disables the TCP_NO_DELAY socket option. Enabling this option will disable the Nagle algorithm.

setUseClientMode

public void setUseClientMode(boolean b)
Determines whether this end of the socket is the client or the server for purposes of the SSL protocol. By default, it is the client.

Parameters: b true if this end of the socket is the SSL slient, false if it is the SSL server.

shutdownInput

public void shutdownInput()
Shuts down the input side of the socket.

shutdownOutput

public void shutdownOutput()
Shuts down the output side of the socket.

toString

public String toString()
Returns the addresses and ports of this socket or an error message if the socket is not in a valid state.

useCache

public void useCache(boolean b)
Enables/disables the session cache. By default, the session cache is enabled.

useCacheDefault

public void useCacheDefault(boolean b)
Sets the default setting for use of the session cache.