java.lang.Object | |
↳ | javax.net.ssl.SSLEngine |
The abstract implementation of secure communications using SSL, TLS, or other protocols. It includes the setup, handshake, and encrypt/decrypt functionality needed to create a secure connection.
SSLEngine
instances obtained from default SSLContext
are configured as
follows:
Protocol | Supported (API Levels) | Enabled by default (API Levels) |
---|---|---|
SSLv3 | 1+ | 1+ |
TLSv1 | 1+ | 1+ |
TLSv1.1 | 20+ | 20+ |
TLSv1.2 | 20+ | 20+ |
Cipher suite | Supported (API Levels) | Enabled by default (API Levels) |
---|---|---|
SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA | 9–22 | 9–19 |
SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA | 9–22 | 9–19 |
SSL_DHE_DSS_WITH_DES_CBC_SHA | 9–22 | 9–19 |
SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA | 9–22 | 9–19 |
SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA | 9–22 | 9–19 |
SSL_DHE_RSA_WITH_DES_CBC_SHA | 9–22 | 9–19 |
SSL_DH_anon_EXPORT_WITH_DES40_CBC_SHA | 9–22 | |
SSL_DH_anon_EXPORT_WITH_RC4_40_MD5 | 9–22 | |
SSL_DH_anon_WITH_3DES_EDE_CBC_SHA | 9–22 | |
SSL_DH_anon_WITH_DES_CBC_SHA | 9–22 | |
SSL_DH_anon_WITH_RC4_128_MD5 | 9–22 | |
SSL_RSA_EXPORT_WITH_DES40_CBC_SHA | 9–22 | 9–19 |
SSL_RSA_EXPORT_WITH_RC4_40_MD5 | 9–22 | 9–19 |
SSL_RSA_WITH_3DES_EDE_CBC_SHA | 9+ | 9–19 |
SSL_RSA_WITH_DES_CBC_SHA | 9–22 | 9–19 |
SSL_RSA_WITH_NULL_MD5 | 9–22 | |
SSL_RSA_WITH_NULL_SHA | 9–22 | |
SSL_RSA_WITH_RC4_128_MD5 | 9+ | 9–19 |
SSL_RSA_WITH_RC4_128_SHA | 9+ | 9+ |
TLS_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA | 1–8 | 1–8 |
TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA | 1–8 | 1–8 |
TLS_DHE_DSS_WITH_AES_128_CBC_SHA | 9–22 | 9–22 |
TLS_DHE_DSS_WITH_AES_128_CBC_SHA256 | 20–22 | |
TLS_DHE_DSS_WITH_AES_128_GCM_SHA256 | 20–22 | |
TLS_DHE_DSS_WITH_AES_256_CBC_SHA | 9–22 | 20–22 |
TLS_DHE_DSS_WITH_AES_256_CBC_SHA256 | 20–22 | |
TLS_DHE_DSS_WITH_AES_256_GCM_SHA384 | 20–22 | |
TLS_DHE_DSS_WITH_DES_CBC_SHA | 1–8 | 1–8 |
TLS_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA | 1–8 | 1–8 |
TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA | 1–8 | 1–8 |
TLS_DHE_RSA_WITH_AES_128_CBC_SHA | 9+ | 9+ |
TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 | 20+ | |
TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 | 20+ | 20+ |
TLS_DHE_RSA_WITH_AES_256_CBC_SHA | 9+ | 20+ |
TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 | 20+ | |
TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 | 20+ | 20+ |
TLS_DHE_RSA_WITH_DES_CBC_SHA | 1–8 | 1–8 |
TLS_DH_DSS_EXPORT_WITH_DES40_CBC_SHA | 1–8 | |
TLS_DH_DSS_WITH_3DES_EDE_CBC_SHA | 1–8 | |
TLS_DH_DSS_WITH_DES_CBC_SHA | 1–8 | |
TLS_DH_RSA_EXPORT_WITH_DES40_CBC_SHA | 1–8 | |
TLS_DH_RSA_WITH_3DES_EDE_CBC_SHA | 1–8 | |
TLS_DH_RSA_WITH_DES_CBC_SHA | 1–8 | |
TLS_DH_anon_EXPORT_WITH_DES40_CBC_SHA | 1–8 | |
TLS_DH_anon_WITH_3DES_EDE_CBC_SHA | 1–8 | |
TLS_DH_anon_WITH_AES_128_CBC_SHA | 9–22 | |
TLS_DH_anon_WITH_AES_128_CBC_SHA256 | 20–22 | |
TLS_DH_anon_WITH_AES_128_GCM_SHA256 | 20–22 | |
TLS_DH_anon_WITH_AES_256_CBC_SHA | 9–22 | |
TLS_DH_anon_WITH_AES_256_CBC_SHA256 | 20–22 | |
TLS_DH_anon_WITH_AES_256_GCM_SHA384 | 20–22 | |
TLS_DH_anon_WITH_DES_CBC_SHA | 1–8 | |
TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA | 20–22 | |
TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA | 20+ | 20+ |
TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 | 20+ | |
TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 | 20+ | 20+ |
TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA | 20+ | 20+ |
TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 | 20+ | |
TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 | 20+ | 20+ |
TLS_ECDHE_ECDSA_WITH_NULL_SHA | 20–22 | |
TLS_ECDHE_ECDSA_WITH_RC4_128_SHA | 20+ | 20+ |
TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA | 20–22 | |
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA | 20+ | 20+ |
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 | 20+ | |
TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 | 20+ | 20+ |
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA | 20+ | 20+ |
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 | 20+ | |
TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 | 20+ | 20+ |
TLS_ECDHE_RSA_WITH_NULL_SHA | 20–22 | |
TLS_ECDHE_RSA_WITH_RC4_128_SHA | 20+ | 20+ |
TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA | 20–22 | |
TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA | 20–22 | |
TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256 | 20–22 | |
TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256 | 20–22 | |
TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA | 20–22 | |
TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384 | 20–22 | |
TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384 | 20–22 | |
TLS_ECDH_ECDSA_WITH_NULL_SHA | 20–22 | |
TLS_ECDH_ECDSA_WITH_RC4_128_SHA | 20–22 | |
TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA | 20–22 | |
TLS_ECDH_RSA_WITH_AES_128_CBC_SHA | 20–22 | |
TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256 | 20–22 | |
TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256 | 20–22 | |
TLS_ECDH_RSA_WITH_AES_256_CBC_SHA | 20–22 | |
TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384 | 20–22 | |
TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384 | 20–22 | |
TLS_ECDH_RSA_WITH_NULL_SHA | 20–22 | |
TLS_ECDH_RSA_WITH_RC4_128_SHA | 20–22 | |
TLS_ECDH_anon_WITH_3DES_EDE_CBC_SHA | 20–22 | |
TLS_ECDH_anon_WITH_AES_128_CBC_SHA | 20–22 | |
TLS_ECDH_anon_WITH_AES_256_CBC_SHA | 20–22 | |
TLS_ECDH_anon_WITH_NULL_SHA | 20–22 | |
TLS_ECDH_anon_WITH_RC4_128_SHA | 20–22 | |
TLS_EMPTY_RENEGOTIATION_INFO_SCSV | 20+ | 20+ |
TLS_FALLBACK_SCSV | 21+ | |
TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA | 21+ | 21+ |
TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA | 21+ | 21+ |
TLS_NULL_WITH_NULL_NULL | 1–8 | |
TLS_PSK_WITH_3DES_EDE_CBC_SHA | 21–22 | |
TLS_PSK_WITH_AES_128_CBC_SHA | 21+ | 21+ |
TLS_PSK_WITH_AES_256_CBC_SHA | 21+ | 21+ |
TLS_PSK_WITH_RC4_128_SHA | 21+ | |
TLS_RSA_EXPORT_WITH_DES40_CBC_SHA | 1–8 | 1–8 |
TLS_RSA_WITH_3DES_EDE_CBC_SHA | 1–8 | 1–8 |
TLS_RSA_WITH_AES_128_CBC_SHA | 9+ | 9+ |
TLS_RSA_WITH_AES_128_CBC_SHA256 | 20+ | |
TLS_RSA_WITH_AES_128_GCM_SHA256 | 20+ | 20+ |
TLS_RSA_WITH_AES_256_CBC_SHA | 9+ | 20+ |
TLS_RSA_WITH_AES_256_CBC_SHA256 | 20+ | |
TLS_RSA_WITH_AES_256_GCM_SHA384 | 20+ | 20+ |
TLS_RSA_WITH_DES_CBC_SHA | 1–8 | 1–8 |
TLS_RSA_WITH_NULL_MD5 | 1–8 | |
TLS_RSA_WITH_NULL_SHA | 1–8 | |
TLS_RSA_WITH_NULL_SHA256 | 20–22 |
NOTE: PSK cipher suites are enabled by default only if the SSLContext
through
which the engine was created has been initialized with a PSKKeyManager
.
Protected Constructors | |||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|
Creates a new
SSLEngine instance.
| |||||||||||
Creates a new
SSLEngine instance with the specified host and
port.
|
Public Methods | |||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|
Initiates a handshake on this engine.
| |||||||||||
Notifies this engine instance that no more inbound network data will be
sent to this engine.
| |||||||||||
Notifies this engine instance that no more outbound application data will
be sent to this engine.
| |||||||||||
Returns a delegate task for this engine instance.
| |||||||||||
Returns whether new SSL sessions may be established by this engine.
| |||||||||||
Returns the SSL cipher suite names that are enabled in this engine
instance.
| |||||||||||
Returns the protocol version names that are enabled in this engine
instance.
| |||||||||||
Returns the status of the handshake of this engine instance.
| |||||||||||
Returns whether this engine instance will require client authentication.
| |||||||||||
Returns the name of the peer host.
| |||||||||||
Returns the port number of the peer host.
| |||||||||||
Returns a new SSLParameters based on this SSLSocket's current
cipher suites, protocols, and client authentication settings.
| |||||||||||
Returns the SSL session for this engine instance.
| |||||||||||
Returns the SSL cipher suite names that are supported by this engine.
| |||||||||||
Returns the protocol names that are supported by this engine.
| |||||||||||
Returns whether this engine is set to act in client mode when
handshaking.
| |||||||||||
Returns whether this engine will request client authentication.
| |||||||||||
Returns whether no more inbound data will be accepted by this engine.
| |||||||||||
Returns whether no more outbound data will be produced by this engine.
| |||||||||||
Sets whether new SSL sessions may be established by this engine instance.
| |||||||||||
Sets the SSL cipher suite names that should be enabled in this engine
instance.
| |||||||||||
Sets the protocol version names that should be enabled in this engine
instance.
| |||||||||||
Sets whether this engine must require client authentication.
| |||||||||||
Sets various SSL handshake parameters based on the SSLParameter
argument.
| |||||||||||
Sets whether this engine should act in client (or server) mode when
handshaking.
| |||||||||||
Sets whether this engine should request client authentication.
| |||||||||||
Decodes the incoming network data buffer into the application data
buffer.
| |||||||||||
Decodes the incoming network data buffer into application data buffers.
| |||||||||||
Decodes the incoming network data buffer into the application data
buffers.
| |||||||||||
Encodes the outgoing application data buffers into the network data
buffer.
| |||||||||||
Encodes the outgoing application data buffers into the network data
buffer.
| |||||||||||
Encodes the outgoing application data buffer into the network data
buffer.
|
[Expand]
Inherited Methods | |||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|
From class
java.lang.Object
|
Creates a new SSLEngine
instance with the specified host and
port.
host | the name of the host. |
---|---|
port | the port of the host. |
Initiates a handshake on this engine.
Calling this method is not needed for the initial handshake: it will be
called by wrap
or unwrap
if the initial handshake has not
been started yet.
SSLException | if starting the handshake fails. |
---|---|
IllegalStateException | if the engine does not have all the needed settings (e.g. client/server mode not set). |
Notifies this engine instance that no more inbound network data will be sent to this engine.
SSLException | if this engine did not receive a needed protocol specific close notification message from the peer. |
---|
Notifies this engine instance that no more outbound application data will be sent to this engine.
Returns a delegate task for this engine instance. Some engine operations
may require the results of blocking or long running operations, and the
SSLEngineResult
instances returned by this engine may indicate
that a delegated task result is needed. In this case the
run
method of the returned Runnable
delegated task must be called.
null
if none are available.
Returns whether new SSL sessions may be established by this engine.
true
if new session may be established, false
if
existing sessions must be reused.
Returns the SSL cipher suite names that are enabled in this engine instance.
Returns the protocol version names that are enabled in this engine instance.
Returns the status of the handshake of this engine instance.
Returns whether this engine instance will require client authentication.
true
if this engine will require client authentication,
false
if no client authentication is needed.
Returns the name of the peer host.
null
if none is available.
Returns the port number of the peer host.
-1
is none is
available.
Returns a new SSLParameters based on this SSLSocket's current cipher suites, protocols, and client authentication settings.
Returns the SSL session for this engine instance.
Returns the SSL cipher suite names that are supported by this engine.
These cipher suites can be enabled using
setEnabledCipherSuites(String[])
.
Returns the protocol names that are supported by this engine. These
protocols can be enables using setEnabledProtocols(String[])
.
Returns whether this engine is set to act in client mode when handshaking.
true
if the engine is set to do handshaking in client
mode.
Returns whether this engine will request client authentication.
true
if client authentication will be requested,
false
otherwise.
Returns whether no more inbound data will be accepted by this engine.
true
if no more inbound data will be accepted by this
engine, false
otherwise.
Returns whether no more outbound data will be produced by this engine.
true
if no more outbound data will be producted by this
engine, otherwise
false.
Sets whether new SSL sessions may be established by this engine instance.
flag | true if new SSL sessions may be established,
false if existing SSL sessions must be reused.
|
---|
Sets the SSL cipher suite names that should be enabled in this engine
instance. Only cipher suites listed by getSupportedCipherSuites()
are allowed.
suites | the SSL cipher suite names to be enabled. |
---|
IllegalArgumentException | if one of the specified cipher suites is not supported, or if
suites is null .
|
---|
Sets the protocol version names that should be enabled in this engine
instance. Only protocols listed by getSupportedProtocols()
are
allowed.
protocols | the protocol version names to be enabled. |
---|
IllegalArgumentException | if one of the protocol version names is not supported, or if
protocols is null .
|
---|
Sets whether this engine must require client authentication. The client authentication is one of:
setWantClientAuth(boolean)
.need | true if client authentication is required,
false if no authentication is needed.
|
---|
Sets various SSL handshake parameters based on the SSLParameter argument. Specifically, sets the SSLEngine's enabled cipher suites if the parameter's cipher suites are non-null. Similarly sets the enabled protocols. If the parameters specify the want or need for client authentication, those requirements are set on the SSLEngine, otherwise both are set to false.
Sets whether this engine should act in client (or server) mode when handshaking.
mode | true if this engine should act in client mode,
false if not. |
---|
IllegalArgumentException | if this method is called after starting the initial handshake. |
---|
Sets whether this engine should request client authentication. The client authentication is one of the following:
setNeedClientAuth(boolean)
.want | true if client authentication should be requested,
false if no authentication is needed.
|
---|
Decodes the incoming network data buffer into the application data buffer. If a handshake has not been started yet, it will automatically be started.
src | the buffer with incoming network data |
---|---|
dst | the destination buffer for incoming application data. |
SSLException | if a problem occurred while processing the data. |
---|---|
ReadOnlyBufferException | if one of the destination buffers is read-only. |
IllegalArgumentException | if src or dst is null . |
IllegalStateException | if the engine does not have all the needed settings (e.g. client/server mode not set). |
Decodes the incoming network data buffer into application data buffers. If a handshake has not been started yet, it will automatically be started.
src | the buffer with incoming network data |
---|---|
dsts | the array of destination buffers for incoming application data. |
offset | the offset in the array of destination buffers to which data is to be transferred. |
length | the maximum number of destination buffers to be used. |
SSLException | if a problem occurred while processing the data. |
---|---|
IndexOutOfBoundsException | if length is greater than
dsts.length - offset . |
ReadOnlyBufferException | if one of the destination buffers is read-only. |
IllegalArgumentException | if src , dsts , or one of the entries in
dsts is null . |
IllegalStateException | if the engine does not have all the needed settings (e.g. client/server mode not set). |
Decodes the incoming network data buffer into the application data buffers. If a handshake has not been started yet, it will automatically be started.
src | the buffer with incoming network data |
---|---|
dsts | the array of destination buffers for incoming application data. |
SSLException | if a problem occurred while processing the data. |
---|---|
ReadOnlyBufferException | if one of the destination buffers is read-only. |
IllegalArgumentException | if src or dsts is null . |
IllegalStateException | if the engine does not have all the needed settings (e.g. client/server mode not set). |
Encodes the outgoing application data buffers into the network data buffer. If a handshake has not been started yet, it will automatically be started.
srcs | the array of source buffers of outgoing application data. |
---|---|
dst | the destination buffer for network data. |
SSLException | if a problem occurred while processing the data. |
---|---|
ReadOnlyBufferException | if the destination buffer is readonly. |
IllegalArgumentException | if srcs or dst is null . |
IllegalStateException | if the engine does not have all the needed settings (e.g. client/server mode not set). |
Encodes the outgoing application data buffers into the network data buffer. If a handshake has not been started yet, it will automatically be started.
srcs | the array of source buffers of outgoing application data. |
---|---|
offset | the offset in the array of source buffers from which data is to be retrieved. |
length | the maximum number of source buffers to be used. |
dst | the destination buffer for network data. |
SSLException | if a problem occurred while processing the data. |
---|---|
IndexOutOfBoundsException | if length is greater than
srcs.length - offset . |
ReadOnlyBufferException | if the destination buffer is readonly. |
IllegalArgumentException | if srcs , dst , or one the entries in
srcs is null . |
IllegalStateException | if the engine does not have all the needed settings (e.g. client/server mode not set). |
Encodes the outgoing application data buffer into the network data buffer. If a handshake has not been started yet, it will automatically be started.
src | the source buffers of outgoing application data. |
---|---|
dst | the destination buffer for network data. |
SSLException | if a problem occurred while processing the data. |
---|---|
ReadOnlyBufferException | if the destination buffer is readonly. |
IllegalArgumentException | if src or dst is null . |
IllegalStateException | if the engine does not have all the needed settings (e.g. client/server mode not set). |