COM.claymoresystems.sslg
Class SSLPolicyInt
Object
COM.claymoresystems.sslg.SSLPolicyInt
public class SSLPolicyInt
extends Object
SSLPolicyInt.java
Copyright (C) 1999, Claymore Systems, Inc.
All Rights Reserved.
ekr@rtfm.com Wed May 5 08:47:37 1999
This package is a SSLv3/TLS implementation written by Eric Rescorla
<ekr@rtfm.com> and licensed by Claymore Systems, Inc.
Redistribution and use in source and binary forms, with or without
modification, are permitted provided that the following conditions
are met:
1. Redistributions of source code must retain the above copyright
notice, this list of conditions and the following disclaimer.
2. Redistributions in binary form must reproduce the above copyright
notice, this list of conditions and the following disclaimer in the
documentation and/or other materials provided with the distribution.
3. All advertising materials mentioning features or use of this software
must display the following acknowledgement:
This product includes software developed by Claymore Systems, Inc.
4. Neither the name of Claymore Systems, Inc. nor the name of Eric
Rescorla may be used to endorse or promote products derived from this
software without specific prior written permission.
THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
SUCH DAMAGE.
$Id: SSLPolicyInt.java,v 1.10 2002/08/20 01:04:50 ekr Exp $
TLS_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA
public static final short TLS_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA
- 17
TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA
public static final short TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA
- 19
TLS_DHE_DSS_WITH_DES_CBC_SHA
public static final short TLS_DHE_DSS_WITH_DES_CBC_SHA
- 18
TLS_DHE_DSS_WITH_NULL_SHA
public static final short TLS_DHE_DSS_WITH_NULL_SHA
- 103
TLS_DHE_DSS_WITH_RC4_128_SHA
public static final short TLS_DHE_DSS_WITH_RC4_128_SHA
- 102
TLS_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA
public static final short TLS_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA
- 20
TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA
public static final short TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA
- 22
TLS_DHE_RSA_WITH_DES_CBC_SHA
public static final short TLS_DHE_RSA_WITH_DES_CBC_SHA
- 21
TLS_DH_DSS_EXPORT_WITH_DES40_CBC_SHA
public static final short TLS_DH_DSS_EXPORT_WITH_DES40_CBC_SHA
- 11
TLS_DH_DSS_WITH_3DES_EDE_CBC_SHA
public static final short TLS_DH_DSS_WITH_3DES_EDE_CBC_SHA
- 13
TLS_DH_DSS_WITH_DES_CBC_SHA
public static final short TLS_DH_DSS_WITH_DES_CBC_SHA
- 12
TLS_DH_RSA_EXPORT_WITH_DES40_CBC_SHA
public static final short TLS_DH_RSA_EXPORT_WITH_DES40_CBC_SHA
- 14
TLS_DH_RSA_WITH_3DES_EDE_CBC_SHA
public static final short TLS_DH_RSA_WITH_3DES_EDE_CBC_SHA
- 16
TLS_DH_RSA_WITH_DES_CBC_SHA
public static final short TLS_DH_RSA_WITH_DES_CBC_SHA
- 15
TLS_DH_anon_EXPORT_WITH_DES40_CBC_SHA
public static final short TLS_DH_anon_EXPORT_WITH_DES40_CBC_SHA
- 25
TLS_DH_anon_EXPORT_WITH_RC4_40_MD5
public static final short TLS_DH_anon_EXPORT_WITH_RC4_40_MD5
- 23
TLS_DH_anon_WITH_3DES_EDE_CBC_SHA
public static final short TLS_DH_anon_WITH_3DES_EDE_CBC_SHA
- 27
TLS_DH_anon_WITH_DES_CBC_SHA
public static final short TLS_DH_anon_WITH_DES_CBC_SHA
- 26
TLS_DH_anon_WITH_RC4_128_MD5
public static final short TLS_DH_anon_WITH_RC4_128_MD5
- 24
TLS_RSA_EXPORT_WITH_DES40_CBC_SHA
public static final short TLS_RSA_EXPORT_WITH_DES40_CBC_SHA
- 8
TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5
public static final short TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5
- 6
TLS_RSA_EXPORT_WITH_RC4_40_MD5
public static final short TLS_RSA_EXPORT_WITH_RC4_40_MD5
- 3
TLS_RSA_WITH_3DES_EDE_CBC_SHA
public static final short TLS_RSA_WITH_3DES_EDE_CBC_SHA
- 10
TLS_RSA_WITH_DES_CBC_SHA
public static final short TLS_RSA_WITH_DES_CBC_SHA
- 9
TLS_RSA_WITH_IDEA_CBC_SHA
public static final short TLS_RSA_WITH_IDEA_CBC_SHA
- 7
TLS_RSA_WITH_NULL_MD5
public static final short TLS_RSA_WITH_NULL_MD5
- 1
TLS_RSA_WITH_NULL_SHA
public static final short TLS_RSA_WITH_NULL_SHA
- 2
TLS_RSA_WITH_RC4_128_MD5
public static final short TLS_RSA_WITH_RC4_128_MD5
- 4
TLS_RSA_WITH_RC4_128_SHA
public static final short TLS_RSA_WITH_RC4_128_SHA
- 5
acceptUnverifiableCertificates
public void acceptUnverifiableCertificates(boolean accept)
allow unverifiable certificates. If we encounter a certificate
which cannot be verified by a known root, we ordinarily reject,
but this accepts that behavior to be overridden. The value of
getCertificateChain() will be null.
Setting this value to true completely compromises security against
active attack. This should only be used for testing purposes.
accept
- a boolean indicating whether unverifiable certificates should be accepted
acceptUnverifiableCertificatesP
public boolean acceptUnverifiableCertificatesP()
return whether unverifiable certificates are accepted
- a boolean indicating whether unverifiable certs will be accepted
dhAlwaysEphemeralP
public boolean dhAlwaysEphemeralP()
getCipherSuiteName
public static String getCipherSuiteName(int num)
get the name of a cipher from the number
- the name
getCipherSuiteNumber
public static int getCipherSuiteNumber(String name)
get the number of a cipher from the name
- the number (or -1)
getCipherSuites
public short[] getCipherSuites()
Return the allowed cipherSuites
- a short[] containing all the cipherSuites currently allowed
getSessionLifetime
public int getSessionLifetime()
return the lifetime of a session
- the lifetime setting, in seconds
handshakeOnConnect
public void handshakeOnConnect(boolean value)
handshakeOnConnectP
public boolean handshakeOnConnectP()
negotiateTLS
public void negotiateTLS(boolean tls)
Set whether to try to negotiate TLS. IF this value is false,
SSLv3 will be negotiated. The default is true/yes.
tls
- a boolean indicating whether to try to negotiate TLS
negotiateTLSP
public boolean negotiateTLSP()
return whether TLS is to be negotiated
- a boolean indicating whether TLS negotiation is attempted.
requireClientAuth
public void requireClientAuth(boolean val)
Set whether or not to require client authentication when
negotiating (this is relevant only for servers)
val
- a boolean specifying whether client auth is required. The default is no
requireClientAuthP
public boolean requireClientAuthP()
Get whether client auth is required. This is relevant only
for servers
- val a boolean indicating whether client auth is required
setCipherSuites
public void setCipherSuites(short[] cS)
Specify which cipherSuites may be negotiated.
Currently there is no check made as to whether these cipherSuites
are in fact negotiatable given the current keying material. This
is a bug.
Currently supported cipher suites:
TLS_DHE_DSS_EXPORT_WITH_DES40_RSA
TLS_DHE_DSS_WITH_DES_CBC_SHA
TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA
TLS_RSA_WITH_3DES_EDE_CBC_SHA,
TLS_RSA_WITH_DES_CBC_SHA,
TLS_RSA_WITH_RC4_128_MD5,
TLS_RSA_WITH_RC4_128_SHA,
TLS_RSA_EXPORT_WITH_RC4_40_MD5,
TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5,
TLS_RSA_EXPORT_WITH_DES40_CBC_SHA
cS
- the list of allowed cipherSuites as an array of shorts. The values are specified as constants in this class
setDHAlwaysEphemeral
public void setDHAlwaysEphemeral(boolean dhephemeral)
Force the creation of a new ephemeral DH key for each connection
Only set this to false if you are using a Sophie-Germain or other prime designed
to resist small subgroup attacks.
dhephemeral
- a boolean indicating whether to force a new DH key for each connection--default to true
setSessonLifetime
public void setSessonLifetime(int lifetime)
Set the lifetime of a cached session. Any attempt to resume a
session after it has expired will fail. This has no effect on
sessions that are currently active, however.
lifetime
- lifetime of a cached session in seconds. Default is 86400 (1 day)
waitOnClose
public void waitOnClose(boolean v)
waitOnCloseP
public boolean waitOnCloseP()
Copyright (c) 1999-2001 Claymore Systems, Inc., All Rights Reserved.