All Superinterfaces:: AutoCloseable

All Known Implementing Classes:: ConfigFileBasedTlsContext, DefaultTlsContext

public interface TlsContext extends AutoCloseable

A simplified version of SSLContext modelled as an interface.

Author:: bjorncs

Field Summary

Fields

Modifier and Type

Field

Description

static final Set<String>

ALLOWED_CIPHER_SUITES

Handpicked subset of supported ciphers from https://www.openssl.org/docs/manmaster/man1/ciphers.html based on Modern spec from https://wiki.mozilla.org/Security/Server_Side_TLS For TLSv1.2 we only allow RSA and ECDSA with ephemeral key exchange and GCM.

static final Set<String>

ALLOWED_PROTOCOLS

static final String

SSL_CONTEXT_VERSION

SSLContext protocol name that supports at least oldest protocol listed in ALLOWED_PROTOCOLS
Method Summary

Modifier and Type

Method

Description

default void

close()

default SSLSocket

createClientSslSocket()

default SSLServerSocket

createServerSslSocket()

default SSLEngine

createSslEngine()

default SSLEngine

createSslEngine(String peerHost, int peerPort)

static SSLContext

defaultSslContext()

static Set<String>

getAllowedCipherSuites()

static Set<String>

getAllowedCipherSuites(SSLContext context)

static Set<String>

getAllowedProtocols()

static Set<String>

getAllowedProtocols(SSLContext context)

SSLParameters

parameters()

X509SslContext

sslContext()

Field Details
- ALLOWED_CIPHER_SUITES
  
  static final Set<String> ALLOWED_CIPHER_SUITES
  
  Handpicked subset of supported ciphers from https://www.openssl.org/docs/manmaster/man1/ciphers.html based on Modern spec from https://wiki.mozilla.org/Security/Server_Side_TLS For TLSv1.2 we only allow RSA and ECDSA with ephemeral key exchange and GCM. For TLSv1.3 we allow the DEFAULT group ciphers. Note that we _only_ allow AEAD ciphers for either TLS version.
- ALLOWED_PROTOCOLS
  
  static final Set<String> ALLOWED_PROTOCOLS
- SSL_CONTEXT_VERSION
  
  static final String SSL_CONTEXT_VERSION
  
  SSLContext protocol name that supports at least oldest protocol listed in ALLOWED_PROTOCOLS
  See Also:
  
  SSLContext.getInstance(String)
  
  Constant Field Values
Method Details
- getAllowedCipherSuites
  
  static Set<String> getAllowedCipherSuites(SSLContext context)
  
  Returns:
  
  the allowed cipher suites supported by the provided context instance
- getAllowedCipherSuites
  
  static Set<String> getAllowedCipherSuites()
- getAllowedProtocols
  
  static Set<String> getAllowedProtocols(SSLContext context)
  
  Returns:
  
  the allowed protocols supported by the provided context instance
- getAllowedProtocols
  
  static Set<String> getAllowedProtocols()
- defaultSslContext
  
  static SSLContext defaultSslContext()
  
  Returns:
  
  Default SSLContext instance without certificate and using JDK's default trust store
- sslContext
  
  X509SslContext sslContext()
- parameters
  
  SSLParameters parameters()
- createSslEngine
  
  default SSLEngine createSslEngine()
- createSslEngine
  
  default SSLEngine createSslEngine(String peerHost, int peerPort)
- createClientSslSocket
  
  default SSLSocket createClientSslSocket() throws IOException
  
  Throws:
  
  IOException
- createServerSslSocket
  
  default SSLServerSocket createServerSslSocket() throws IOException
  
  Throws:
  
  IOException
- close
  
  default void close()
  
  Specified by:
  
  close in interface AutoCloseable

Interface TlsContext

Field Summary

Method Summary

Field Details

ALLOWED_CIPHER_SUITES

ALLOWED_PROTOCOLS

SSL_CONTEXT_VERSION

Method Details

getAllowedCipherSuites

getAllowedCipherSuites

getAllowedProtocols

getAllowedProtocols

defaultSslContext

sslContext

parameters

createSslEngine

createSslEngine

createClientSslSocket

createServerSslSocket

close