public interface SecureServerConnection extends ServerSocketConnection
ServerSocketConnection
s and
provides a secure server socket using a protocol such as the Secure
Sockets Layer (SSL) or Transport Layer Security (TLS).
The support for listening on a specific AccessPoint and returning the
AccessPoints
listening
for incoming connections is inherited from ServerSocketConnection
.
A secure server socket is created using a generic connection string with the
host omitted. For example, ssl://:79
defines an inbound secure server
socket on port 79
.
The acceptAndOpen()
method returns a
SecureConnection
instance.
This connection inherits the connection options from ServerSocketConnection
.
It also must support the Protocol
and CipherSuite
ConnectionOption
s defined by
SecureConnection
to select cipher suites or a specific protocol variant.
See SecureConnection
for their definition and a detailed
description of the behavior.
The SecureServerConnection
supports additional settings during
Connector.open
to select a X.509 server certificate
and to request or mandate client authentication.
ConnectionOption | Type | Values | Remarks |
---|---|---|---|
"Certificate" | String | Subject distinguished name | Example: "cn=Duke Inc,dc=example,dc=com" |
"ClientAuth" | String | "need"|"want" | used to request or mandate client authentication |
Certificate
is used to supply a string containing the Subject distinguished name
of the X.509 server certificate in the string representation defined by clause 3 of
RFC 4514.
If no certificate is provided, the implementation will use the hostname
that was provided during the SSL handshake as the distinguished name to lookup
the server certificate.
ClientAuth
can be used to request or mandate client authentication.
There are two valid values for this option:
SecureSockets
. SecureSockets
.
If no ClientAuth
connection option is specified, no client authentication
will be required during the SSL handshake and only server authentication will
be performed.
If the secure connection cannot be established due to errors related to certificates, a
CertificateException
is thrown.
Options with invalid values must result in IllegalArgumentException
to be thrown from Connector.open
.
Access to secure server socket connections may be restricted by the security
policy of the device. Connector.open
MUST check access for the
initial server socket connection and acceptAndOpen
MUST check
before returning each new SecureConnection
.
IllegalArgumentException
is thrown.
<secure_connection_string> | ::= "ssl://" | "ssl://"<hostport> |
<hostport> | ::= host ":" port |
<host> | ::= omitted for inbound connections, See SecureConnection |
<port> | ::= numeric port number (omitted for system assigned port) |
SecureConnection
,
ServerSocketConnection
getAccessPoints, getLocalAddress, getLocalPort
acceptAndOpen
close
Copyright (c) 2014, Oracle and/or its affiliates. All rights reserved. Use of this specification is subject to license terms.