Package com.aerospike.client.policy

Class TlsPolicy

java.lang.Object
com.aerospike.client.policy.TlsPolicy
public final class TlsPolicy extends Object
TLS connection policy. Secure TLS connections are supported for synchronous commands and netty backed asynchronous commands.

  • Field Details

    • context

      public SSLContext context
      Optional SSLContext configuration instead using default SSLContext.

      Default: null (use default SSLContext).

    • nettyContext

      public NettyTlsContext nettyContext
      Optional NettyTlsContext configuration. This field is used when the same NettyTlsContext instance needs to be shared between multiple AerospikeClient instances. If this field is null, the AerospikeClient constructor will create a new NettyTlsContext when netty eventloops are used with TLS. 
      
 // Share NettyTlsContext across AerospikeClient instances.
 TlsPolicy tp = new TlsPolicy();
 tp.protocols = new String[] {"TLSv1", "TLSv1.1", "TLSv1.2"};
 tp.nettyContext = new NettyTlsContext(tp);

 ClientPolicy cp = new ClientPolicy();
 cp.tlsPolicy = tp;

 AerospikeClient cluster1 = new AerospikeClient(cp, "host1", 3000);
 AerospikeClient cluster2 = new AerospikeClient(cp, "host2", 3000);
      Default: null (create NettyTlsContext for each AerospikeClient instance when netty is used).

    • protocols

      public String[] protocols
      Allowable TLS protocols that the client can use for secure connections. Available cipher names can be obtained by SSLSocket.getSupportedProtocols() Multiple protocols can be specified. Example: 
       
 TlsPolicy policy = new TlsPolicy();
 policy.protocols = new String[] {"TLSv1", "TLSv1.1", "TLSv1.2"};
      Default: TLSv1.2 (Only allow TLSv1.2 protocol)

    • ciphers

      public String[] ciphers
      Allowable TLS ciphers that the client can use for secure connections. Available cipher names can be obtained by SSLSocket.getSupportedCipherSuites() Multiple ciphers can be specified.

      Default: null (Allow default ciphers defined by JVM)

    • revokeCertificates

      public BigInteger[] revokeCertificates
      Reject certificates whose serial numbers match a serial number in this array.

      Default: null (Do not exclude by certificate serial number)

    • forLoginOnly

      public boolean forLoginOnly
      Use TLS connections only for login authentication. All other communication with the server will be done with non-TLS connections.

      Default: false (Use TLS connections for all communication with server.)

  • Constructor Details

    • TlsPolicy

      public TlsPolicy(TlsPolicy other)
      Copy TLS policy from another TLS policy.

    • TlsPolicy

      public TlsPolicy()
      Default constructor.

  • Method Details

    • setContext

      public void setContext(SSLContext context)

    • setNettyContext

      public void setNettyContext(NettyTlsContext nettyContext)

    • setProtocols

      public void setProtocols(String[] protocols)

    • setCiphers

      public void setCiphers(String[] ciphers)

    • setRevokeCertificates

      public void setRevokeCertificates(BigInteger[] revokeCertificates)

    • setForLoginOnly

      public void setForLoginOnly(boolean forLoginOnly)