public interface SecureServerConnection extends ServerSocketConnection
ServerSocketConnections and provides a secure server socket using a protocol such as the Secure Sockets Layer (SSL) or Transport Layer Security (TLS). The support for listening on a specific AccessPoint and returning the
AccessPointslistening for incoming connections is inherited from
A secure server socket is created using a generic connection string with the
host omitted. For example,
ssl://:79 defines an inbound secure server
socket on port
acceptAndOpen() method returns a
This connection inherits the connection options from
It also must support the
ConnectionOptions defined by
SecureConnection to select cipher suites or a specific protocol variant.
SecureConnection for their definition and a detailed
description of the behavior.
SecureServerConnection supports additional settings during
Connector.open to select a X.509 server certificate
and to request or mandate client authentication.
|"Certificate"||String||Subject distinguished name||Example: "cn=Duke Inc,dc=example,dc=com"|
|"ClientAuth"||String||"need"|"want"||used to request or mandate client authentication|
Certificate is used to supply a string containing the Subject distinguished name
of the X.509 server certificate in the string representation defined by clause 3 of
If no certificate is provided, the implementation will use the hostname
that was provided during the SSL handshake as the distinguished name to lookup
the server certificate.
ClientAuth can be used to request or mandate client authentication.
There are two valid values for this option:
ClientAuth connection option is specified, no client authentication
will be required during the SSL handshake and only server authentication will
If the secure connection cannot be established due to errors related to certificates, a
CertificateException is thrown.
Options with invalid values must result in
to be thrown from
Access to secure server socket connections may be restricted by the security
policy of the device.
Connector.open MUST check access for the
initial server socket connection and
acceptAndOpen MUST check
before returning each new
|<secure_connection_string>||::= "ssl://" | "ssl://"<hostport>|
|<hostport>||::= host ":" port|
|<host>||::= omitted for inbound connections, See SecureConnection|
|<port>||::= numeric port number (omitted for system assigned port)|
getAccessPoints, getLocalAddress, getLocalPort
Copyright (c) 2014, Oracle and/or its affiliates. All Rights Reserved. Use of this specification is subject to license terms.