public interface SecureConnection extends SocketConnection
Connector.open
with the scheme "ssl" and the secure
connection is established before open
returns.
The mode
parameter of Connector.open
is not used.
If the secure connection cannot be established due to errors
related to certificates a CertificateException
is thrown.
A secure socket is accessed using a generic connection string
with an explicit host and port number. The host may be specified
as a fully qualified host name or IP Address.
e.g. ssl://host.com:79
defines a target socket on the
host.com
system at
port 79
.
The SecureConnection supports the same ConnectionOption
parameters
as defined by SocketConnection
.
Note that RFC1900 recommends the use of names rather than IP numbers for best results in the event of IP number reassignment.
TLS_RSA_WITH_3DES_EDE_CBC_SHA
,
for TLS 1.2 it is TLS_RSA_WITH_AES_128_CBC_SHA
.
IllegalArgumentException
is thrown.
<socket_connection_string> | ::= "ssl://"<hostport> |
<hostport> | ::= host ":" port |
<host> | ::= host name or IP address |
<port> | ::= numeric port number |
This connection inherits the connection options from SocketConnection
.
Additional behavior, such as the selection of a certificate, cipher suite or a choice
of a specific protocol can be achieved by using the ConnectionOption
s
below.
Certificate
is used to supply a string containing the Subject distinguished name
of the X.509 client certificate in the string representation defined by clause 3 of
RFC 4514.
If the secure connection cannot be established due to errors related to certificates, a
CertificateException
is thrown.
Protocol
is used to supply a string to select a minimum version of the SSL/TLS protocol.
If the implementation does not support the selected protocol,
Connector.open
fails with a ConnectionNotFoundException
.
If no Protocol
connection option is passed and the implementation supports
multiple versions of the protocol, the implementation defaults to the highest version
of the protocol (SSLv3 < TLS1.0 < TLS1.1 < TLS1.2).
CipherSuite
is used to supply a string to select a set of specific cipher suites.
The table below lists all possible names for protocols and cipher suites;
the actual set of supported protocols and cipher suites are platform-dependent.
If none of the selected cipher suites can be used for the connection, Connector.open
fails with a ConnectionNotFoundException
.
Name | Type | Values | Remarks |
---|---|---|---|
"Certificate" | String | Subject distinguished name | Example: |
"Protocol" | String | "SSLv3", "TLSv1", "TLSv1.1", "TLSv1.2" | The protocol parameter is case insensitive, only one protocol option is permitted. It denotes the minimum requested protocol version, where SSLv3 < TLSv1 < TLSv1.1 < TLSv1.2 |
"CipherSuite" | String |
The cipher suite string can be one of the following:
|
Multiple cipher suites may be specified in one Connector.open call
simultaneously. The sequence of these cipher suites indicates the order in
which the negotiation with the communication partner shall be performed. |
SecureConnection
using TLS1.2 and Elliptic Curve cipher suite
would be used to establish a TLS connection to "host.com" on port 79.
ConnectionOption<String> protocol = new ConnectionOption<String>("Protocol", "TLSv1.2"); ConnectionOption<String> cipher = new ConnectionOption<String>("CipherSuite", "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA"); SecureConnection sc = (SecureConnection) Connector.open("ssl://host.com:79", protocol, cipher); SecurityInfo info = sc.getSecurityInfo(); boolean isTLS = (info.getProtocolName().equals("TLS")); sc.setSocketOption(SocketConnection.LINGER, 5); InputStream is = sc.openInputStream(); OutputStream os = sc.openOutputStream(); os.write("Hello World\r\n".getBytes()); int ch = 0; while(ch != -1) { ch = is.read(); } is.close(); os.close(); sc.close();
Modifier and Type | Method and Description |
---|---|
SecurityInfo |
getSecurityInfo()
Return the security information associated with this connection
when it was opened.
|
getAccessPoint, getAddress, getLocalAddress, getLocalPort, getPort, getSocketOption, setSocketOption
openDataInputStream, openInputStream
openDataOutputStream, openOutputStream
close
SecurityInfo getSecurityInfo() throws java.io.IOException
java.io.IOException
- if an arbitrary connection failure occursCopyright (c) 2014, Oracle and/or its affiliates. All rights reserved. Use of this specification is subject to license terms.