org.glassfish.grizzly.config.dom

Interface Ssl

All Superinterfaces:

ConfigBeanProxy, PropertyBag

public interface Ssl
extends ConfigBeanProxy, PropertyBag

Define SSL processing parameters

Nested Class Summary

Nested classes/interfaces inherited from interface org.jvnet.hk2.config.ConfigBeanProxy

ConfigBeanProxy.Duck

Nested classes/interfaces inherited from interface org.jvnet.hk2.config.types.PropertyBag

PropertyBag.Duck

Field Summary

Fields

Modifier and Type	Field and Description
static boolean	ALLOW_LAZY_INIT
static boolean	CLIENT_AUTH_ENABLED
static String	CLIENT_AUTH_PATTERN
static int	DEFAULT_SSL_INACTIVITY_TIMEOUT
static long	HANDSHAKE_TIMEOUT_MILLIS
static int	MAX_CERT_LENGTH
static String	PASSWORD_PROVIDER
static boolean	RENEGOTIATE_ON_CLIENT_AUTH_WANT
static String	SSL
static String	SSL2
static String	SSL2_CIPHERS_PATTERN
static boolean	SSL2_ENABLED
static String	SSL2_HELLO
static String	SSL3
static boolean	SSL3_ENABLED
static String	STORE_TYPE_PATTERN
static String	TLS
static boolean	TLS_ENABLED
static boolean	TLS_ROLLBACK_ENABLED
static String	TLS1
static String	TLS11
static boolean	TLS11_ENABLED
static String	TLS12
static boolean	TLS12_ENABLED
static String	TLS13
static boolean	TLS13_ENABLED

Method Summary

Modifier and Type	Method and Description
String	getAllowLazyInit() Does SSL configuration allow implementation to initialize it lazily way
String	getCertNickname() Nickname of the server certificate in the certificate database or the PKCS#11 token.
String	getClassname()
@Pattern(regexp="(|need|want)") String	getClientAuth() Determines if if the engine will request (want) or require (need) client authentication.
String	getClientAuthEnabled() Determines whether SSL3 client authentication is performed on every request, independent of ACL-based access control.
String	getCrlFile()
String	getHandshakeTimeoutMillis() Handshake mode
String	getKeyAlgorithm()
String	getKeyStore() Location of the keystore file
String	getKeyStorePassword() password of the keystore file
String	getKeyStorePasswordProvider()
@Pattern(regexp="(JKS|NSS)") String	getKeyStoreType() type of the keystore file
String	getRenegotiateOnClientAuthWant() Determines whether or not ssl session renegotiation will occur if client-auth is set to want.
String	getSniEnabled()
@Pattern(regexp="((\\+|\\-)(rc2|rc2export|rc4|rc4export|idea|des|desede3)(\\s*,\\s*(\\+|\\-)(rc2|rc2export|rc4|rc4export|idea|des|desede3))*)*") String	getSsl2Ciphers() A comma-separated list of the SSL2 ciphers used, with the prefix + to enable or - to disable, for example +rc4.
String	getSsl2Enabled() Determines whether SSL2 is enabled.
String	getSsl3Enabled() Determines whether SSL3 is enabled.
String	getSsl3TlsCiphers() A comma-separated list of the SSL3 ciphers used, with the prefix + to enable or - to disable, for example +SSL_RSA_WITH_RC4_128_MD5.
String	getSSLInactivityTimeout()
String	getTls11Enabled() Determines whether TLS 1.1 is enabled.
String	getTls12Enabled() Determines whether TLS 1.2 is enabled.
String	getTls13Enabled() Determines whether TLS 1.3 is enabled.
String	getTlsEnabled() Determines whether TLS is enabled.
String	getTlsRollbackEnabled() Determines whether TLS rollback is enabled.
String	getTlsSessionCacheSize() How large the TLS session cache can get
String	getTlsSessionTimeout() How long before TLS sessions expire from the cache
String	getTrustAlgorithm()
String	getTrustMaxCertLength()
String	getTrustStore()
String	getTrustStorePassword() password of the truststore file
String	getTrustStorePasswordProvider()
@Pattern(regexp="(JKS|NSS)") String	getTrustStoreType() type of the truststore file
void	setAllowLazyInit(String value)
void	setCertNickname(String value)
void	setClassname(String value)
void	setClientAuth(String value)
void	setClientAuthEnabled(String value)
void	setCrlFile(String crlFile)
void	setHandshakeTimeoutMillis(String timeoutMillis)
void	setKeyAlgorithm(String algorithm)
void	setKeyStore(String location)
void	setKeyStorePassword(String password)
void	setKeyStorePasswordProvider(String provider)
void	setKeyStoreType(String type)
void	setRenegotiateOnClientAuthWant(boolean renegotiateClientAuthWant)
void	setSniEnabled(String value)
void	setSsl2Ciphers(String value)
void	setSsl2Enabled(String value)
void	setSsl3Enabled(String value)
void	setSsl3TlsCiphers(String value)
void	setSSLInactivityTimeout(int handshakeTimeout)
void	setTls11Enabled(String value)
void	setTls12Enabled(String value)
void	setTls13Enabled(String value)
void	setTlsEnabled(String value)
void	setTlsRollbackEnabled(String value)
void	setTlsSessionCacheSize(String size)
void	setTlsSessionTimeout(String timeout)
void	setTrustAlgorithm(String algorithm)
void	setTrustMaxCertLength(String maxLength)
void	setTrustStore(String location)
void	setTrustStorePassword(String password)
void	setTrustStorePasswordProvider(String provider)
void	setTrustStoreType(String type)

Methods inherited from interface org.jvnet.hk2.config.ConfigBeanProxy

createChild, deepCopy, getParent, getParent

Methods inherited from interface org.jvnet.hk2.config.types.PropertyBag

addProperty, getProperty, getProperty, getPropertyValue, getPropertyValue, lookupProperty, removeProperty, removeProperty

Field Detail

ALLOW_LAZY_INIT

static final boolean ALLOW_LAZY_INIT

See Also:

Constant Field Values

CLIENT_AUTH_ENABLED

static final boolean CLIENT_AUTH_ENABLED

See Also:

Constant Field Values

SSL2_ENABLED

static final boolean SSL2_ENABLED

See Also:

Constant Field Values

SSL3_ENABLED

static final boolean SSL3_ENABLED

See Also:

Constant Field Values

TLS_ENABLED

static final boolean TLS_ENABLED

See Also:

Constant Field Values

TLS11_ENABLED

static final boolean TLS11_ENABLED

See Also:

Constant Field Values

TLS12_ENABLED

static final boolean TLS12_ENABLED

See Also:

Constant Field Values

TLS13_ENABLED

static final boolean TLS13_ENABLED

See Also:

Constant Field Values

TLS_ROLLBACK_ENABLED

static final boolean TLS_ROLLBACK_ENABLED

See Also:

Constant Field Values

RENEGOTIATE_ON_CLIENT_AUTH_WANT

static final boolean RENEGOTIATE_ON_CLIENT_AUTH_WANT

See Also:

Constant Field Values

MAX_CERT_LENGTH

static final int MAX_CERT_LENGTH

See Also:

Constant Field Values

DEFAULT_SSL_INACTIVITY_TIMEOUT

static final int DEFAULT_SSL_INACTIVITY_TIMEOUT

See Also:

Constant Field Values

CLIENT_AUTH_PATTERN

static final String CLIENT_AUTH_PATTERN

See Also:

Constant Field Values

STORE_TYPE_PATTERN

static final String STORE_TYPE_PATTERN

See Also:

Constant Field Values

PASSWORD_PROVIDER

static final String PASSWORD_PROVIDER

See Also:

Constant Field Values

SSL2_CIPHERS_PATTERN

static final String SSL2_CIPHERS_PATTERN

See Also:

Constant Field Values

HANDSHAKE_TIMEOUT_MILLIS

static final long HANDSHAKE_TIMEOUT_MILLIS

See Also:

Constant Field Values

TLS13

static final String TLS13

See Also:

Constant Field Values

TLS12

static final String TLS12

See Also:

Constant Field Values

TLS11

static final String TLS11

See Also:

Constant Field Values

TLS1

static final String TLS1

See Also:

Constant Field Values

TLS

static final String TLS

See Also:

Constant Field Values

SSL3

static final String SSL3

See Also:

Constant Field Values

SSL2

static final String SSL2

See Also:

Constant Field Values

SSL

static final String SSL

See Also:

Constant Field Values

SSL2_HELLO

static final String SSL2_HELLO

See Also:

Constant Field Values

Method Detail

getCertNickname

String getCertNickname()

Nickname of the server certificate in the certificate database or the PKCS#11 token. In the certificate, the name format is token name:nickname. Including the token name: part of the name in this attribute is optional.

setCertNickname

void setCertNickname(String value)

getClientAuthEnabled

String getClientAuthEnabled()

Determines whether SSL3 client authentication is performed on every request, independent of ACL-based access control.

setClientAuthEnabled

void setClientAuthEnabled(String value)

getClientAuth

@Pattern(regexp="(|need|want)")
@Pattern(regexp="(|need|want)") String getClientAuth()

Determines if if the engine will request (want) or require (need) client authentication. Valid values: want, need, or left blank

setClientAuth

void setClientAuth(String value)

getCrlFile

String getCrlFile()

setCrlFile

void setCrlFile(String crlFile)

getKeyAlgorithm

String getKeyAlgorithm()

setKeyAlgorithm

void setKeyAlgorithm(String algorithm)

getKeyStoreType

@Pattern(regexp="(JKS|NSS)")
@Pattern(regexp="(JKS|NSS)") String getKeyStoreType()

type of the keystore file

setKeyStoreType

void setKeyStoreType(String type)

getKeyStorePasswordProvider

String getKeyStorePasswordProvider()

setKeyStorePasswordProvider

void setKeyStorePasswordProvider(String provider)

getKeyStorePassword

String getKeyStorePassword()

password of the keystore file

setKeyStorePassword

void setKeyStorePassword(String password)

getKeyStore

String getKeyStore()

Location of the keystore file

setKeyStore

void setKeyStore(String location)

getClassname

String getClassname()

setClassname

void setClassname(String value)

getSsl2Ciphers

@Pattern(regexp="((\\+|\\-)(rc2|rc2export|rc4|rc4export|idea|des|desede3)(\\s*,\\s*(\\+|\\-)(rc2|rc2export|rc4|rc4export|idea|des|desede3))*)*")
@Pattern(regexp="((\\+|\\-)(rc2|rc2export|rc4|rc4export|idea|des|desede3)(\\s*,\\s*(\\+|\\-)(rc2|rc2export|rc4|rc4export|idea|des|desede3))*)*") String getSsl2Ciphers()

A comma-separated list of the SSL2 ciphers used, with the prefix + to enable or - to disable, for example +rc4. Allowed values are rc4, rc4export, rc2, rc2export, idea, des, desede3. If no value is specified, all supported ciphers are assumed to be enabled. NOT Used in PE

setSsl2Ciphers

void setSsl2Ciphers(String value)

getSsl2Enabled

String getSsl2Enabled()

Determines whether SSL2 is enabled. NOT Used in PE. SSL2 is not supported by either iiop or web-services. When this element is used as a child of the iiop-listener element then the only allowed value for this attribute is "false".

setSsl2Enabled

void setSsl2Enabled(String value)

getSsl3Enabled

String getSsl3Enabled()

Determines whether SSL3 is enabled. If both SSL2 and SSL3 are enabled for a virtual server, the server tries SSL3 encryption first. If that fails, the server tries SSL2 encryption.

setSsl3Enabled

void setSsl3Enabled(String value)

getSsl3TlsCiphers

String getSsl3TlsCiphers()

A comma-separated list of the SSL3 ciphers used, with the prefix + to enable or - to disable, for example +SSL_RSA_WITH_RC4_128_MD5. Allowed SSL3/TLS values are those that are supported by the JVM for the given security provider and security service configuration. If no value is specified, all supported ciphers are assumed to be enabled.

setSsl3TlsCiphers

void setSsl3TlsCiphers(String value)

getTlsEnabled

String getTlsEnabled()

Determines whether TLS is enabled.

setTlsEnabled

void setTlsEnabled(String value)

getTls11Enabled

String getTls11Enabled()

Determines whether TLS 1.1 is enabled.

setTls11Enabled

void setTls11Enabled(String value)

getTls12Enabled

String getTls12Enabled()

Determines whether TLS 1.2 is enabled.

setTls12Enabled

void setTls12Enabled(String value)

getTls13Enabled

String getTls13Enabled()

Determines whether TLS 1.3 is enabled.

setTls13Enabled

void setTls13Enabled(String value)

getTlsRollbackEnabled

String getTlsRollbackEnabled()

Determines whether TLS rollback is enabled. TLS rollback should be enabled for Microsoft Internet Explorer 5.0 and 5.5. NOT Used in PE

setTlsRollbackEnabled

void setTlsRollbackEnabled(String value)

getTrustAlgorithm

String getTrustAlgorithm()

setTrustAlgorithm

void setTrustAlgorithm(String algorithm)

getTrustMaxCertLength

String getTrustMaxCertLength()

setTrustMaxCertLength

void setTrustMaxCertLength(String maxLength)

getTrustStore

String getTrustStore()

setTrustStore

void setTrustStore(String location)

getTrustStoreType

@Pattern(regexp="(JKS|NSS)")
@Pattern(regexp="(JKS|NSS)") String getTrustStoreType()

type of the truststore file

setTrustStoreType

void setTrustStoreType(String type)

getTrustStorePasswordProvider

String getTrustStorePasswordProvider()

setTrustStorePasswordProvider

void setTrustStorePasswordProvider(String provider)

getTrustStorePassword

String getTrustStorePassword()

password of the truststore file

setTrustStorePassword

void setTrustStorePassword(String password)

getAllowLazyInit

String getAllowLazyInit()

Does SSL configuration allow implementation to initialize it lazily way

setAllowLazyInit

void setAllowLazyInit(String value)

getSSLInactivityTimeout

String getSSLInactivityTimeout()

Returns:

the timeout within which there must be activity from the client. Defaults to 30 seconds.

setSSLInactivityTimeout

void setSSLInactivityTimeout(int handshakeTimeout)

getSniEnabled

String getSniEnabled()

Returns:

whether SNI support is enabled defaults to false

setSniEnabled

void setSniEnabled(String value)

getRenegotiateOnClientAuthWant

String getRenegotiateOnClientAuthWant()

Determines whether or not ssl session renegotiation will occur if client-auth is set to want. This may be set to false under the assumption that if a certificate wasn't available during the initial handshake, it won't be available during a renegotiation.

This configuration option defaults to true.

Returns:

true if ssl session renegotiation will occur if client-auth is want.

Since:

2.1.2

setRenegotiateOnClientAuthWant

void setRenegotiateOnClientAuthWant(boolean renegotiateClientAuthWant)

Since:

2.1.2

getHandshakeTimeoutMillis

String getHandshakeTimeoutMillis()

Handshake mode

setHandshakeTimeoutMillis

void setHandshakeTimeoutMillis(String timeoutMillis)

getTlsSessionTimeout

String getTlsSessionTimeout()

How long before TLS sessions expire from the cache

Returns:

setTlsSessionTimeout

void setTlsSessionTimeout(String timeout)

getTlsSessionCacheSize

String getTlsSessionCacheSize()

How large the TLS session cache can get

Returns:

setTlsSessionCacheSize

void setTlsSessionCacheSize(String size)