public class SSLParameters extends Object
 SSLParameters can be created via the constructors in this class.
 Objects can also be obtained using the getSSLParameters()
 methods in
 SSLSocket and
 SSLServerSocket and
 SSLEngine or the
 getDefaultSSLParameters() and
 getSupportedSSLParameters()
 methods in SSLContext.
 
 SSLParameters can be applied to a connection via the methods
 SSLSocket.setSSLParameters() and
 SSLServerSocket.setSSLParameters()
 and SSLEngine.setSSLParameters().
SSLSocket, 
SSLEngine, 
SSLContext| Constructor and Description | 
|---|
| SSLParameters()Constructs SSLParameters. | 
| SSLParameters(String[] cipherSuites)Constructs SSLParameters from the specified array of ciphersuites. | 
| SSLParameters(String[] cipherSuites,
             String[] protocols)Constructs SSLParameters from the specified array of ciphersuites
 and protocols. | 
| Modifier and Type | Method and Description | 
|---|---|
| AlgorithmConstraints | getAlgorithmConstraints()Returns the cryptographic algorithm constraints. | 
| String[] | getCipherSuites()Returns a copy of the array of ciphersuites or null if none
 have been set. | 
| String | getEndpointIdentificationAlgorithm()Gets the endpoint identification algorithm. | 
| boolean | getNeedClientAuth()Returns whether client authentication should be required. | 
| String[] | getProtocols()Returns a copy of the array of protocols or null if none
 have been set. | 
| List<SNIServerName> | getServerNames()Returns a  Listcontaining allSNIServerNames of the
 Server Name Indication (SNI) parameter, or null if none has been set. | 
| Collection<SNIMatcher> | getSNIMatchers()Returns a  Collectioncontaining allSNIMatchers of the
 Server Name Indication (SNI) parameter, or null if none has been set. | 
| boolean | getUseCipherSuitesOrder()Returns whether the local cipher suites preference should be honored. | 
| boolean | getWantClientAuth()Returns whether client authentication should be requested. | 
| void | setAlgorithmConstraints(AlgorithmConstraints constraints)Sets the cryptographic algorithm constraints, which will be used
 in addition to any configured by the runtime environment. | 
| void | setCipherSuites(String[] cipherSuites)Sets the array of ciphersuites. | 
| void | setEndpointIdentificationAlgorithm(String algorithm)Sets the endpoint identification algorithm. | 
| void | setNeedClientAuth(boolean needClientAuth)Sets whether client authentication should be required. | 
| void | setProtocols(String[] protocols)Sets the array of protocols. | 
| void | setServerNames(List<SNIServerName> serverNames)Sets the desired  SNIServerNames of the Server Name
 Indication (SNI) parameter. | 
| void | setSNIMatchers(Collection<SNIMatcher> matchers)Sets the  SNIMatchers of the Server Name Indication (SNI)
 parameter. | 
| void | setUseCipherSuitesOrder(boolean honorOrder)Sets whether the local cipher suites preference should be honored. | 
| void | setWantClientAuth(boolean wantClientAuth)Sets whether client authentication should be requested. | 
public SSLParameters()
 The values of cipherSuites, protocols, cryptographic algorithm
 constraints, endpoint identification algorithm, server names and
 server name matchers are set to null, useCipherSuitesOrder,
 wantClientAuth and needClientAuth are set to false.
public SSLParameters(String[] cipherSuites)
 Calling this constructor is equivalent to calling the no-args
 constructor followed by
 setCipherSuites(cipherSuites);.
cipherSuites - the array of ciphersuites (or null)public SSLParameters(String[] cipherSuites, String[] protocols)
 Calling this constructor is equivalent to calling the no-args
 constructor followed by
 setCipherSuites(cipherSuites); setProtocols(protocols);.
cipherSuites - the array of ciphersuites (or null)protocols - the array of protocols (or null)public String[] getCipherSuites()
public void setCipherSuites(String[] cipherSuites)
cipherSuites - the array of ciphersuites (or null)public String[] getProtocols()
public void setProtocols(String[] protocols)
protocols - the array of protocols (or null)public boolean getWantClientAuth()
public void setWantClientAuth(boolean wantClientAuth)
needClientAuth flag.wantClientAuth - whether client authentication should be requestedpublic boolean getNeedClientAuth()
public void setNeedClientAuth(boolean needClientAuth)
wantClientAuth flag.needClientAuth - whether client authentication should be requiredpublic AlgorithmConstraints getAlgorithmConstraints()
setAlgorithmConstraints(AlgorithmConstraints)public void setAlgorithmConstraints(AlgorithmConstraints constraints)
 If the constraints parameter is non-null, every
 cryptographic algorithm, key and algorithm parameters used in the
 SSL/TLS handshake must be permitted by the constraints.
constraints - the algorithm constraints (or null)public String getEndpointIdentificationAlgorithm()
X509ExtendedTrustManager, 
setEndpointIdentificationAlgorithm(String)public void setEndpointIdentificationAlgorithm(String algorithm)
 If the algorithm parameter is non-null or non-empty, the
 endpoint identification/verification procedures must be handled during
 SSL/TLS handshaking.  This is to prevent man-in-the-middle attacks.
algorithm - The standard string name of the endpoint
     identification algorithm (or null).  See Appendix A in the 
     Java Cryptography Architecture API Specification & Reference 
     for information about standard algorithm names.X509ExtendedTrustManagerpublic final void setServerNames(List<SNIServerName> serverNames)
SNIServerNames of the Server Name
 Indication (SNI) parameter.
 
 This method is only useful to SSLSockets or SSLEngines
 operating in client mode.
 
 Note that the serverNames list is cloned
 to protect against subsequent modification.
serverNames - the list of desired SNIServerNames (or null)NullPointerException - if the serverNames
         contains null elementIllegalArgumentException - if the serverNames
         contains more than one name of the same name typeSNIServerName, 
getServerNames()public final List<SNIServerName> getServerNames()
List containing all SNIServerNames of the
 Server Name Indication (SNI) parameter, or null if none has been set.
 
 This method is only useful to SSLSockets or SSLEngines
 operating in client mode.
 
For SSL/TLS connections, the underlying SSL/TLS provider may specify a default value for a certain server name type. In client mode, it is recommended that, by default, providers should include the server name indication whenever the server can be located by a supported server name type.
 It is recommended that providers initialize default Server Name
 Indications when creating SSLSocket/SSLEngines.
 In the following examples, the server name could be represented by an
 instance of SNIHostName which has been initialized with the
 hostname "www.example.com" and type
 StandardConstants.SNI_HOST_NAME.
 
     Socket socket =
         sslSocketFactory.createSocket("www.example.com", 443);
 
 or
 
     SSLEngine engine =
         sslContext.createSSLEngine("www.example.com", 443);
 
 SNIServerNamesList, 
setServerNames(List)public final void setSNIMatchers(Collection<SNIMatcher> matchers)
SNIMatchers of the Server Name Indication (SNI)
 parameter.
 
 This method is only useful to SSLSockets or SSLEngines
 operating in server mode.
 
 Note that the matchers collection is cloned to protect
 against subsequent modification.
matchers - the collection of SNIMatchers (or null)NullPointerException - if the matchers
         contains null elementIllegalArgumentException - if the matchers
         contains more than one name of the same name typeCollection, 
SNIMatcher, 
getSNIMatchers()public final Collection<SNIMatcher> getSNIMatchers()
Collection containing all SNIMatchers of the
 Server Name Indication (SNI) parameter, or null if none has been set.
 
 This method is only useful to SSLSockets or SSLEngines
 operating in server mode.
 
For better interoperability, providers generally will not define default matchers so that by default servers will ignore the SNI extension and continue the handshake.
SNIMatchersSNIMatcher, 
setSNIMatchers(Collection)public final void setUseCipherSuitesOrder(boolean honorOrder)
honorOrder - whether local cipher suites order in
        #getCipherSuites should be honored during
        SSL/TLS handshaking.getUseCipherSuitesOrder()public final boolean getUseCipherSuitesOrder()
#getCipherSuites
         should be honored during SSL/TLS handshaking.setUseCipherSuitesOrder(boolean) Submit a bug or feature 
For further API reference and developer documentation, see Java SE Documentation. That documentation contains more detailed, developer-targeted descriptions, with conceptual overviews, definitions of terms, workarounds, and working code examples.
 Copyright © 1993, 2017, Oracle and/or its affiliates.  All rights reserved. Use is subject to license terms. Also see the documentation redistribution policy.