java.lang.Object java.net.ServerSocket javax.net.ssl.SSLServerSocket
public abstract class SSLServerSocket
This class extends ServerSockets and provides secure server sockets using protocols such as the Secure Sockets Layer (SSL) or Transport Layer Security (TLS) protocols.
Instances of this class are generally created using a SSLServerSocketFactory. The primary function of SSLServerSockets is to create SSLSockets by accepting connections.
SSLServerSockets contain several pieces of state data which are inherited by the SSLSocket at socket creation. These include the enabled cipher suites and protocols, whether client authentication is necessary, and whether created sockets should begin handshaking in client or server mode. The state inherited by the created SSLSocket can be overriden by calling the appropriate methods.
Constructor Summary | |
---|---|
protected |
SSLServerSocket
() Used only by subclasses. |
protected |
SSLServerSocket
(int port) Used only by subclasses. |
protected |
SSLServerSocket
(int port, int backlog) Used only by subclasses. |
protected |
SSLServerSocket
(int port, int backlog,
InetAddress
address) Used only by subclasses. |
Method Summary | |
---|---|
abstract String [] |
getEnabledCipherSuites
() Returns the list of cipher suites which are currently enabled for use by newly accepted connections. |
abstract String [] |
getEnabledProtocols
() Returns the names of the protocols which are currently enabled for use by the newly accepted connections. |
abstract boolean |
getEnableSessionCreation
() Returns true if new SSL sessions may be established by the sockets which are created from this server socket. |
abstract boolean |
getNeedClientAuth
() Returns true if client authentication will be |
abstract String [] |
getSupportedCipherSuites
() Returns the names of the cipher suites which could be enabled for use on an SSL connection. |
abstract String [] |
getSupportedProtocols
() Returns the names of the protocols which could be enabled for use. |
abstract boolean |
getUseClientMode
() Returns true if accepted connections will be in SSL client mode. |
abstract boolean |
getWantClientAuth
() Returns true if client authentication will be |
abstract void |
setEnabledCipherSuites
(
String
[] suites) Sets the cipher suites enabled for use by accepted connections. |
abstract void |
setEnabledProtocols
(
String
[] protocols) Controls which particular protocols are enabled for use by accepted connections. |
abstract void |
setEnableSessionCreation
(boolean flag) Controls whether new SSL sessions may be established by the sockets which are created from this server socket. |
abstract void |
setNeedClientAuth
(boolean need)
Controls whether |
abstract void |
setUseClientMode
(boolean mode)
Controls whether accepted connections are in the (default) SSL server mode, or the SSL client mode. |
abstract void |
setWantClientAuth
(boolean want)
Controls whether |
Methods inherited from class java.net. ServerSocket |
---|
accept , bind , bind , close , getChannel , getInetAddress , getLocalPort , getLocalSocketAddress , getReceiveBufferSize , getReuseAddress , getSoTimeout , implAccept , isBound , isClosed , setPerformancePreferences , setReceiveBufferSize , setReuseAddress , setSocketFactory , setSoTimeout , toString |
Methods inherited from class java.lang. Object |
---|
clone , equals , finalize , getClass , hashCode , notify , notifyAll , wait , wait , wait |
Constructor Detail |
---|
protected SSLServerSocket() throws IOException
Create an unbound TCP server socket using the default authentication context.
protected SSLServerSocket(int port) throws IOException
Create a TCP server socket on a port, using the default authentication context. The connection backlog defaults to fifty connections queued up before the system starts to reject new connection requests.
protected SSLServerSocket(int port, int backlog) throws IOException
Create a TCP server socket on a port, using the default authentication context and a specified backlog of connections.
protected SSLServerSocket(int port, int backlog, InetAddress address) throws IOException
Create a TCP server socket on a port, using the default authentication context and a specified backlog of connections as well as a particular specified network interface. This constructor is used on multihomed hosts, such as those used for firewalls or as routers, to control through which interface a network service is provided.
Method Detail |
---|
public abstract String[] getEnabledCipherSuites()
If this list has not been explicitly modified, a system-provided default guarantees a minimum quality of service in all enabled cipher suites.
There are several reasons why an enabled cipher suite might not actually be used. For example: the server socket might not have appropriate private keys available to it or the cipher suite might be anonymous, precluding the use of client authentication, while the server socket has been told to require that sort of authentication.
public abstract void setEnabledCipherSuites(String[] suites)
The cipher suites must have been listed by getSupportedCipherSuites() as being supported. Following a successful call to this method, only suites listed in the suites parameter are enabled for use.
Suites that require authentication information which is not available in this ServerSocket's authentication context will not be used in any case, even if they are enabled.
SSLSockets returned from accept() inherit this setting.
public abstract String[] getSupportedCipherSuites()
Normally, only a subset of these will actually be enabled by default, since this list may include cipher suites which do not meet quality of service requirements for those defaults. Such cipher suites are useful in specialized applications.
public abstract String[] getSupportedProtocols()
public abstract String[] getEnabledProtocols()
public abstract void setEnabledProtocols(String[] protocols)
The protocols must have been listed by getSupportedProtocols() as being supported. Following a successful call to this method, only protocols listed in the protocols parameter are enabled for use.
SSLSockets returned from accept() inherit this setting.
public abstract void setNeedClientAuth(boolean need)(boolean flag)
A socket's client authentication setting is one of the following:
Unlike
setWantClientAuth(boolean)
, if the
accepted socket's option is set and the
client chooses not to provide authentication information about itself,
the negotiations will stop and the connection will be
dropped
.
dropped.
Calling this method overrides any previous setting made by this method or
setWantClientAuth(boolean)
.
SSLSockets returned from accept() inherit this setting.
The initial inherited setting may be overridden by calling SSLSocket.setNeedClientAuth(boolean) or SSLSocket.setWantClientAuth(boolean) .
public abstract boolean getNeedClientAuth()
The initial inherited setting may be overridden by calling
SSLSocket.setNeedClientAuth(boolean)
or
SSLSocket.setWantClientAuth(boolean)
.
This option is only useful for sockets in the server mode.
public abstract void setWantClientAuth(boolean want)(boolean flag)
A socket's client authentication setting is one of the following:
Unlike
setNeedClientAuth(boolean)
, if the
accepted socket's option is set and the
client chooses not to provide authentication information about itself,
the negotiations will
continue
.
continue.
Calling this method overrides any previous setting made by this method or
setNeedClientAuth(boolean)
.
SSLSockets returned from accept() inherit this setting.
The initial inherited setting may be overridden by calling SSLSocket.setNeedClientAuth(boolean) or SSLSocket.setWantClientAuth(boolean) .
public abstract boolean getWantClientAuth()
The initial inherited setting may be overridden by calling
SSLSocket.setNeedClientAuth(boolean)
or
SSLSocket.setWantClientAuth(boolean)
.
This option is only useful for sockets in the server mode.
public abstract void setUseClientMode(boolean mode)(boolean flag)
Servers normally authenticate themselves, and clients are not required to do so.
In rare cases, TCP servers need to act in the SSL client mode on newly accepted connections. For example, FTP clients acquire server sockets and listen there for reverse connections from the server. An FTP client would use an SSLServerSocket in "client" mode to accept the reverse connection while the FTP server uses an SSLSocket with "client" mode disabled to initiate the connection. During the resulting handshake, existing SSL sessions may be reused.
SSLSockets returned from accept() inherit this setting.
public abstract boolean getUseClientMode()
public abstract void setEnableSessionCreation(boolean flag)
SSLSockets returned from accept() inherit this setting.
public abstract boolean getEnableSessionCreation()