Package org.glassfish.grizzly.config.dom
Interface Ssl
-
- All Superinterfaces:
ConfigBeanProxy
,PropertyBag
public interface Ssl extends ConfigBeanProxy, PropertyBag
Define SSL processing parameters
-
-
Nested Class Summary
-
Nested classes/interfaces inherited from interface org.jvnet.hk2.config.ConfigBeanProxy
ConfigBeanProxy.Duck
-
Nested classes/interfaces inherited from interface org.jvnet.hk2.config.types.PropertyBag
PropertyBag.Duck
-
-
Field Summary
Fields Modifier and Type Field Description static boolean
ALLOW_LAZY_INIT
static boolean
CLIENT_AUTH_ENABLED
static String
CLIENT_AUTH_PATTERN
static int
DEFAULT_SSL_INACTIVITY_TIMEOUT
static long
HANDSHAKE_TIMEOUT_MILLIS
static boolean
HSTS_ENABLED
static boolean
HSTS_PRELOAD
static boolean
HSTS_SUBDOMAINS
static int
MAX_CERT_LENGTH
static String
PASSWORD_PROVIDER
static boolean
RENEGOTIATE_ON_CLIENT_AUTH_WANT
static String
SSL
static String
STORE_TYPE_PATTERN
static String
TLS
static boolean
TLS_ROLLBACK_ENABLED
static String
TLS12
static boolean
TLS12_ENABLED
static String
TLS13
static boolean
TLS13_ENABLED
-
Method Summary
All Methods Instance Methods Abstract Methods Modifier and Type Method Description String
getAllowLazyInit()
Does SSL configuration allow implementation to initialize it lazily wayString
getCertNickname()
Nickname of the server certificate in the certificate database or the PKCS#11 token.String
getClassname()
@Pattern(regexp="(|need|want)") String
getClientAuth()
Determines if if the engine will request (want) or require (need) client authentication.String
getClientAuthEnabled()
Determines whether client authentication is performed on every request, independent of ACL-based access control.String
getCrlFile()
String
getHandshakeTimeoutMillis()
Handshake modeString
getHstsEnabled()
Determines whether Strict Transport Security is setString
getHstsPreload()
String
getHstsSubdomains()
String
getKeyAlgorithm()
String
getKeyStore()
Location of the keystore fileString
getKeyStorePassword()
password of the keystore fileString
getKeyStorePasswordProvider()
@Pattern(regexp="(JKS|NSS)") String
getKeyStoreType()
type of the keystore fileString
getRenegotiateOnClientAuthWant()
Determines whether or not ssl session renegotiation will occur if client-auth is set to want.String
getSniEnabled()
String
getSsl3TlsCiphers()
A comma-separated list of the SSL3 ciphers used, with the prefix + to enable or - to disable, for example +SSL_RSA_WITH_RC4_128_MD5.String
getSSLInactivityTimeout()
String
getTls12Enabled()
Determines whether TLS 1.2 is enabled.String
getTls13Enabled()
Determines whether TLS 1.3 is enabled.String
getTlsRollbackEnabled()
Determines whether TLS rollback is enabled.String
getTlsSessionCacheSize()
How large the TLS session cache can getString
getTlsSessionTimeout()
How long before TLS sessions expire from the cacheString
getTrustAlgorithm()
String
getTrustMaxCertLength()
String
getTrustStore()
String
getTrustStorePassword()
password of the truststore fileString
getTrustStorePasswordProvider()
@Pattern(regexp="(JKS|NSS)") String
getTrustStoreType()
type of the truststore filevoid
setAllowLazyInit(String value)
void
setCertNickname(String value)
void
setClassname(String value)
void
setClientAuth(String value)
void
setClientAuthEnabled(String value)
void
setCrlFile(String crlFile)
void
setHandshakeTimeoutMillis(String timeoutMillis)
void
setHstsEnabled(String value)
void
setHstsPreload(String value)
void
setHstsSubdomains()
void
setKeyAlgorithm(String algorithm)
void
setKeyStore(String location)
void
setKeyStorePassword(String password)
void
setKeyStorePasswordProvider(String provider)
void
setKeyStoreType(String type)
void
setRenegotiateOnClientAuthWant(boolean renegotiateClientAuthWant)
void
setSniEnabled(String value)
void
setSsl3TlsCiphers(String value)
void
setSSLInactivityTimeout(int handshakeTimeout)
void
setTls12Enabled(String value)
void
setTls13Enabled(String value)
void
setTlsRollbackEnabled(String value)
void
setTlsSessionCacheSize(String size)
void
setTlsSessionTimeout(String timeout)
void
setTrustAlgorithm(String algorithm)
void
setTrustMaxCertLength(String maxLength)
void
setTrustStore(String location)
void
setTrustStorePassword(String password)
void
setTrustStorePasswordProvider(String provider)
void
setTrustStoreType(String type)
-
Methods inherited from interface org.jvnet.hk2.config.ConfigBeanProxy
createChild, deepCopy, getParent, getParent
-
Methods inherited from interface org.jvnet.hk2.config.types.PropertyBag
addProperty, getProperty, getProperty, getPropertyValue, getPropertyValue, lookupProperty, removeProperty, removeProperty
-
-
-
-
Field Detail
-
ALLOW_LAZY_INIT
static final boolean ALLOW_LAZY_INIT
- See Also:
- Constant Field Values
-
CLIENT_AUTH_ENABLED
static final boolean CLIENT_AUTH_ENABLED
- See Also:
- Constant Field Values
-
TLS12_ENABLED
static final boolean TLS12_ENABLED
- See Also:
- Constant Field Values
-
TLS13_ENABLED
static final boolean TLS13_ENABLED
- See Also:
- Constant Field Values
-
TLS_ROLLBACK_ENABLED
static final boolean TLS_ROLLBACK_ENABLED
- See Also:
- Constant Field Values
-
HSTS_ENABLED
static final boolean HSTS_ENABLED
- See Also:
- Constant Field Values
-
HSTS_SUBDOMAINS
static final boolean HSTS_SUBDOMAINS
- See Also:
- Constant Field Values
-
HSTS_PRELOAD
static final boolean HSTS_PRELOAD
- See Also:
- Constant Field Values
-
RENEGOTIATE_ON_CLIENT_AUTH_WANT
static final boolean RENEGOTIATE_ON_CLIENT_AUTH_WANT
- See Also:
- Constant Field Values
-
MAX_CERT_LENGTH
static final int MAX_CERT_LENGTH
- See Also:
- Constant Field Values
-
DEFAULT_SSL_INACTIVITY_TIMEOUT
static final int DEFAULT_SSL_INACTIVITY_TIMEOUT
- See Also:
- Constant Field Values
-
CLIENT_AUTH_PATTERN
static final String CLIENT_AUTH_PATTERN
- See Also:
- Constant Field Values
-
STORE_TYPE_PATTERN
static final String STORE_TYPE_PATTERN
- See Also:
- Constant Field Values
-
PASSWORD_PROVIDER
static final String PASSWORD_PROVIDER
- See Also:
- Constant Field Values
-
HANDSHAKE_TIMEOUT_MILLIS
static final long HANDSHAKE_TIMEOUT_MILLIS
- See Also:
- Constant Field Values
-
TLS13
static final String TLS13
- See Also:
- Constant Field Values
-
TLS12
static final String TLS12
- See Also:
- Constant Field Values
-
TLS
static final String TLS
- See Also:
- Constant Field Values
-
SSL
static final String SSL
- See Also:
- Constant Field Values
-
-
Method Detail
-
getCertNickname
String getCertNickname()
Nickname of the server certificate in the certificate database or the PKCS#11 token. In the certificate, the name format is token name:nickname. Including the token name: part of the name in this attribute is optional.
-
setCertNickname
void setCertNickname(String value)
-
getClientAuthEnabled
String getClientAuthEnabled()
Determines whether client authentication is performed on every request, independent of ACL-based access control.
-
setClientAuthEnabled
void setClientAuthEnabled(String value)
-
getClientAuth
@Pattern(regexp="(|need|want)") @Pattern(regexp="(|need|want)") String getClientAuth()
Determines if if the engine will request (want) or require (need) client authentication. Valid values: want, need, or left blank
-
setClientAuth
void setClientAuth(String value)
-
getCrlFile
String getCrlFile()
-
setCrlFile
void setCrlFile(String crlFile)
-
getKeyAlgorithm
String getKeyAlgorithm()
-
setKeyAlgorithm
void setKeyAlgorithm(String algorithm)
-
getKeyStoreType
@Pattern(regexp="(JKS|NSS)") @Pattern(regexp="(JKS|NSS)") String getKeyStoreType()
type of the keystore file
-
setKeyStoreType
void setKeyStoreType(String type)
-
getKeyStorePasswordProvider
String getKeyStorePasswordProvider()
-
setKeyStorePasswordProvider
void setKeyStorePasswordProvider(String provider)
-
getKeyStorePassword
String getKeyStorePassword()
password of the keystore file
-
setKeyStorePassword
void setKeyStorePassword(String password)
-
getKeyStore
String getKeyStore()
Location of the keystore file
-
setKeyStore
void setKeyStore(String location)
-
getClassname
String getClassname()
-
setClassname
void setClassname(String value)
-
getSsl3TlsCiphers
String getSsl3TlsCiphers()
A comma-separated list of the SSL3 ciphers used, with the prefix + to enable or - to disable, for example +SSL_RSA_WITH_RC4_128_MD5. Allowed SSL3/TLS values are those that are supported by the JVM for the given security provider and security service configuration. If no value is specified, all supported ciphers are assumed to be enabled.
-
setSsl3TlsCiphers
void setSsl3TlsCiphers(String value)
-
getTls12Enabled
String getTls12Enabled()
Determines whether TLS 1.2 is enabled.
-
setTls12Enabled
void setTls12Enabled(String value)
-
getTls13Enabled
String getTls13Enabled()
Determines whether TLS 1.3 is enabled.
-
setTls13Enabled
void setTls13Enabled(String value)
-
getTlsRollbackEnabled
String getTlsRollbackEnabled()
Determines whether TLS rollback is enabled. TLS rollback should be enabled for Microsoft Internet Explorer 5.0 and 5.5. NOT Used in PE
-
setTlsRollbackEnabled
void setTlsRollbackEnabled(String value)
-
getHstsEnabled
String getHstsEnabled()
Determines whether Strict Transport Security is set
-
setHstsEnabled
void setHstsEnabled(String value)
-
getHstsSubdomains
String getHstsSubdomains()
-
setHstsSubdomains
void setHstsSubdomains()
-
getHstsPreload
String getHstsPreload()
-
setHstsPreload
void setHstsPreload(String value)
-
getTrustAlgorithm
String getTrustAlgorithm()
-
setTrustAlgorithm
void setTrustAlgorithm(String algorithm)
-
getTrustMaxCertLength
String getTrustMaxCertLength()
-
setTrustMaxCertLength
void setTrustMaxCertLength(String maxLength)
-
getTrustStore
String getTrustStore()
-
setTrustStore
void setTrustStore(String location)
-
getTrustStoreType
@Pattern(regexp="(JKS|NSS)") @Pattern(regexp="(JKS|NSS)") String getTrustStoreType()
type of the truststore file
-
setTrustStoreType
void setTrustStoreType(String type)
-
getTrustStorePasswordProvider
String getTrustStorePasswordProvider()
-
setTrustStorePasswordProvider
void setTrustStorePasswordProvider(String provider)
-
getTrustStorePassword
String getTrustStorePassword()
password of the truststore file
-
setTrustStorePassword
void setTrustStorePassword(String password)
-
getAllowLazyInit
String getAllowLazyInit()
Does SSL configuration allow implementation to initialize it lazily way
-
setAllowLazyInit
void setAllowLazyInit(String value)
-
getSSLInactivityTimeout
String getSSLInactivityTimeout()
- Returns:
- the timeout within which there must be activity from the client. Defaults to 30 seconds.
-
setSSLInactivityTimeout
void setSSLInactivityTimeout(int handshakeTimeout)
-
getSniEnabled
String getSniEnabled()
- Returns:
- whether SNI support is enabled defaults to false
-
setSniEnabled
void setSniEnabled(String value)
-
getRenegotiateOnClientAuthWant
String getRenegotiateOnClientAuthWant()
Determines whether or not ssl session renegotiation will occur if client-auth is set to want. This may be set to
false
under the assumption that if a certificate wasn't available during the initial handshake, it won't be available during a renegotiation.This configuration option defaults to
true
.- Returns:
true
if ssl session renegotiation will occur if client-auth is want.- Since:
- 2.1.2
-
setRenegotiateOnClientAuthWant
void setRenegotiateOnClientAuthWant(boolean renegotiateClientAuthWant)
- Since:
- 2.1.2
-
getHandshakeTimeoutMillis
String getHandshakeTimeoutMillis()
Handshake mode
-
setHandshakeTimeoutMillis
void setHandshakeTimeoutMillis(String timeoutMillis)
-
getTlsSessionTimeout
String getTlsSessionTimeout()
How long before TLS sessions expire from the cache- Returns:
-
setTlsSessionTimeout
void setTlsSessionTimeout(String timeout)
-
getTlsSessionCacheSize
String getTlsSessionCacheSize()
How large the TLS session cache can get- Returns:
-
setTlsSessionCacheSize
void setTlsSessionCacheSize(String size)
-
-