SSLServerSocket (Java SE 9 & JDK 9 ) (original) (raw)
Constructor Detail
* #### SSLServerSocket
protected SSLServerSocket()
throws [IOException](../../../java/io/IOException.html "class in java.io")
Used only by subclasses.
Create an unbound TCP server socket using the default authentication context.
Throws:
`[IOException](../../../java/io/IOException.html "class in java.io")` \- if an I/O error occurs when creating the socket
* #### SSLServerSocket
protected SSLServerSocket(int port)
throws [IOException](../../../java/io/IOException.html "class in java.io")
Used only by subclasses.
Create a TCP server socket on a port, using the default authentication context. The connection backlog defaults to fifty connections queued up before the system starts to reject new connection requests.
A port number of `0` creates a socket on any free port.
If there is a security manager, its `checkListen` method is called with the `port` argument as its argument to ensure the operation is allowed. This could result in a SecurityException.
Parameters:
`port` \- the port on which to listen
Throws:
`[IOException](../../../java/io/IOException.html "class in java.io")` \- if an I/O error occurs when creating the socket
`[SecurityException](../../../java/lang/SecurityException.html "class in java.lang")` \- if a security manager exists and its`checkListen` method doesn't allow the operation.
`[IllegalArgumentException](../../../java/lang/IllegalArgumentException.html "class in java.lang")` \- if the port parameter is outside the specified range of valid port values, which is between 0 and 65535, inclusive.
See Also:
[SecurityManager.checkListen(int)](../../../java/lang/SecurityManager.html#checkListen-int-)
* #### SSLServerSocket
protected SSLServerSocket(int port,
int backlog)
throws [IOException](../../../java/io/IOException.html "class in java.io")
Used only by subclasses.
Create a TCP server socket on a port, using the default authentication context and a specified backlog of connections.
A port number of `0` creates a socket on any free port.
The `backlog` argument is the requested maximum number of pending connections on the socket. Its exact semantics are implementation specific. In particular, an implementation may impose a maximum length or may choose to ignore the parameter altogther. The value provided should be greater than `0`. If it is less than or equal to`0`, then an implementation specific default will be used.
If there is a security manager, its `checkListen` method is called with the `port` argument as its argument to ensure the operation is allowed. This could result in a SecurityException.
Parameters:
`port` \- the port on which to listen
`backlog` \- requested maximum length of the queue of incoming connections.
Throws:
`[IOException](../../../java/io/IOException.html "class in java.io")` \- if an I/O error occurs when creating the socket
`[SecurityException](../../../java/lang/SecurityException.html "class in java.lang")` \- if a security manager exists and its`checkListen` method doesn't allow the operation.
`[IllegalArgumentException](../../../java/lang/IllegalArgumentException.html "class in java.lang")` \- if the port parameter is outside the specified range of valid port values, which is between 0 and 65535, inclusive.
See Also:
[SecurityManager.checkListen(int)](../../../java/lang/SecurityManager.html#checkListen-int-)
* #### SSLServerSocket
protected SSLServerSocket(int port,
int backlog,
[InetAddress](../../../java/net/InetAddress.html "class in java.net") address)
throws [IOException](../../../java/io/IOException.html "class in java.io")
Used only by subclasses.
Create a TCP server socket on a port, using the default authentication context and a specified backlog of connections as well as a particular specified network interface. This constructor is used on multihomed hosts, such as those used for firewalls or as routers, to control through which interface a network service is provided.
If there is a security manager, its `checkListen` method is called with the `port` argument as its argument to ensure the operation is allowed. This could result in a SecurityException.
A port number of `0` creates a socket on any free port.
The `backlog` argument is the requested maximum number of pending connections on the socket. Its exact semantics are implementation specific. In particular, an implementation may impose a maximum length or may choose to ignore the parameter altogther. The value provided should be greater than `0`. If it is less than or equal to`0`, then an implementation specific default will be used.
If _address_ is null, it will default accepting connections on any/all local addresses.
Parameters:
`port` \- the port on which to listen
`backlog` \- requested maximum length of the queue of incoming connections.
`address` \- the address of the network interface through which connections will be accepted
Throws:
`[IOException](../../../java/io/IOException.html "class in java.io")` \- if an I/O error occurs when creating the socket
`[SecurityException](../../../java/lang/SecurityException.html "class in java.lang")` \- if a security manager exists and its`checkListen` method doesn't allow the operation.
`[IllegalArgumentException](../../../java/lang/IllegalArgumentException.html "class in java.lang")` \- if the port parameter is outside the specified range of valid port values, which is between 0 and 65535, inclusive.
See Also:
[SecurityManager.checkListen(int)](../../../java/lang/SecurityManager.html#checkListen-int-)
Method Detail
* #### getEnabledCipherSuites
public abstract [String](../../../java/lang/String.html "class in java.lang")[] getEnabledCipherSuites()
Returns the list of cipher suites which are currently enabled for use by newly accepted connections.
If this list has not been explicitly modified, a system-provided default guarantees a minimum quality of service in all enabled cipher suites.
Note that even if a suite is enabled, it may never be used. This can occur if the peer does not support it, or its use is restricted, or the requisite certificates (and private keys) for the suite are not available, or an anonymous suite is enabled but authentication is required.
The returned array includes cipher suites from the list of standard cipher suite names in the [ JSSE Cipher Suite Names](../../../../specs/security/standard-names.html#jsse-cipher-suite-names) section of the Java Cryptography Architecture Standard Algorithm Name Documentation, and may also include other cipher suites that the provider supports.
Returns:
an array of cipher suites enabled
See Also:
[getSupportedCipherSuites()](../../../javax/net/ssl/SSLServerSocket.html#getSupportedCipherSuites--), [setEnabledCipherSuites(String \[\])](../../../javax/net/ssl/SSLServerSocket.html#setEnabledCipherSuites-java.lang.String:A-)
* #### setEnabledCipherSuites
public abstract void setEnabledCipherSuites([String](../../../java/lang/String.html "class in java.lang")[] suites)
Sets the cipher suites enabled for use by accepted connections.
The cipher suites must have been listed by getSupportedCipherSuites() as being supported. Following a successful call to this method, only suites listed in the `suites` parameter are enabled for use.
Suites that require authentication information which is not available in this ServerSocket's authentication context will not be used in any case, even if they are enabled.
Note that the standard list of cipher suite names may be found in the[ JSSE Cipher Suite Names](../../../../specs/security/standard-names.html#jsse-cipher-suite-names) section of the Java Cryptography Architecture Standard Algorithm Name Documentation. Providers may support cipher suite names not found in this list or might not use the recommended name for a certain cipher suite.
`SSLSocket`s returned from `accept()` inherit this setting.
Parameters:
`suites` \- Names of all the cipher suites to enable
Throws:
`[IllegalArgumentException](../../../java/lang/IllegalArgumentException.html "class in java.lang")` \- when one or more of ciphers named by the parameter is not supported, or when the parameter is null.
See Also:
[getSupportedCipherSuites()](../../../javax/net/ssl/SSLServerSocket.html#getSupportedCipherSuites--), [getEnabledCipherSuites()](../../../javax/net/ssl/SSLServerSocket.html#getEnabledCipherSuites--)
* #### getSupportedCipherSuites
public abstract [String](../../../java/lang/String.html "class in java.lang")[] getSupportedCipherSuites()
Returns the names of the cipher suites which could be enabled for use on an SSL connection.
Normally, only a subset of these will actually be enabled by default, since this list may include cipher suites which do not meet quality of service requirements for those defaults. Such cipher suites are useful in specialized applications.
The returned array includes cipher suites from the list of standard cipher suite names in the [ JSSE Cipher Suite Names](../../../../specs/security/standard-names.html#jsse-cipher-suite-names) section of the Java Cryptography Architecture Standard Algorithm Name Documentation, and may also include other cipher suites that the provider supports.
Returns:
an array of cipher suite names
See Also:
[getEnabledCipherSuites()](../../../javax/net/ssl/SSLServerSocket.html#getEnabledCipherSuites--), [setEnabledCipherSuites(String \[\])](../../../javax/net/ssl/SSLServerSocket.html#setEnabledCipherSuites-java.lang.String:A-)
* #### getSupportedProtocols
public abstract [String](../../../java/lang/String.html "class in java.lang")[] getSupportedProtocols()
Returns the names of the protocols which could be enabled for use.
Returns:
an array of protocol names supported
See Also:
[getEnabledProtocols()](../../../javax/net/ssl/SSLServerSocket.html#getEnabledProtocols--), [setEnabledProtocols(String \[\])](../../../javax/net/ssl/SSLServerSocket.html#setEnabledProtocols-java.lang.String:A-)
* #### getEnabledProtocols
public abstract [String](../../../java/lang/String.html "class in java.lang")[] getEnabledProtocols()
Returns the names of the protocols which are currently enabled for use by the newly accepted connections.
Note that even if a protocol is enabled, it may never be used. This can occur if the peer does not support the protocol, or its use is restricted, or there are no enabled cipher suites supported by the protocol.
Returns:
an array of protocol names
See Also:
[getSupportedProtocols()](../../../javax/net/ssl/SSLServerSocket.html#getSupportedProtocols--), [setEnabledProtocols(String \[\])](../../../javax/net/ssl/SSLServerSocket.html#setEnabledProtocols-java.lang.String:A-)
* #### setEnabledProtocols
public abstract void setEnabledProtocols([String](../../../java/lang/String.html "class in java.lang")[] protocols)
Controls which particular protocols are enabled for use by accepted connections.
The protocols must have been listed by getSupportedProtocols() as being supported. Following a successful call to this method, only protocols listed in the `protocols` parameter are enabled for use.
`SSLSocket`s returned from `accept()` inherit this setting.
Parameters:
`protocols` \- Names of all the protocols to enable.
Throws:
`[IllegalArgumentException](../../../java/lang/IllegalArgumentException.html "class in java.lang")` \- when one or more of the protocols named by the parameter is not supported or when the protocols parameter is null.
See Also:
[getEnabledProtocols()](../../../javax/net/ssl/SSLServerSocket.html#getEnabledProtocols--), [getSupportedProtocols()](../../../javax/net/ssl/SSLServerSocket.html#getSupportedProtocols--)
* #### setNeedClientAuth
public abstract void setNeedClientAuth(boolean need)
Controls whether `accept`ed server-mode`SSLSockets` will be initially configured to_require_ client authentication.
A socket's client authentication setting is one of the following:
* client authentication required
* client authentication requested
* no client authentication desired
Unlike [setWantClientAuth(boolean)](../../../javax/net/ssl/SSLServerSocket.html#setWantClientAuth-boolean-), if the accepted socket's option is set and the client chooses not to provide authentication information about itself, _the negotiations will stop and the connection will be dropped_.
Calling this method overrides any previous setting made by this method or [setWantClientAuth(boolean)](../../../javax/net/ssl/SSLServerSocket.html#setWantClientAuth-boolean-).
The initial inherited setting may be overridden by calling[SSLSocket.setNeedClientAuth(boolean)](../../../javax/net/ssl/SSLSocket.html#setNeedClientAuth-boolean-) or[SSLSocket.setWantClientAuth(boolean)](../../../javax/net/ssl/SSLSocket.html#setWantClientAuth-boolean-).
Parameters:
`need` \- set to true if client authentication is required, or false if no client authentication is desired.
See Also:
[getNeedClientAuth()](../../../javax/net/ssl/SSLServerSocket.html#getNeedClientAuth--), [setWantClientAuth(boolean)](../../../javax/net/ssl/SSLServerSocket.html#setWantClientAuth-boolean-), [getWantClientAuth()](../../../javax/net/ssl/SSLServerSocket.html#getWantClientAuth--), [setUseClientMode(boolean)](../../../javax/net/ssl/SSLServerSocket.html#setUseClientMode-boolean-)
* #### getNeedClientAuth
public abstract boolean getNeedClientAuth()
Returns:
true if client authentication is required, or false if no client authentication is desired.
See Also:
[setNeedClientAuth(boolean)](../../../javax/net/ssl/SSLServerSocket.html#setNeedClientAuth-boolean-), [setWantClientAuth(boolean)](../../../javax/net/ssl/SSLServerSocket.html#setWantClientAuth-boolean-), [getWantClientAuth()](../../../javax/net/ssl/SSLServerSocket.html#getWantClientAuth--), [setUseClientMode(boolean)](../../../javax/net/ssl/SSLServerSocket.html#setUseClientMode-boolean-)
* #### setWantClientAuth
public abstract void setWantClientAuth(boolean want)
Controls whether `accept`ed server-mode`SSLSockets` will be initially configured to_request_ client authentication.
A socket's client authentication setting is one of the following:
* client authentication required
* client authentication requested
* no client authentication desired
Unlike [setNeedClientAuth(boolean)](../../../javax/net/ssl/SSLServerSocket.html#setNeedClientAuth-boolean-), if the accepted socket's option is set and the client chooses not to provide authentication information about itself, _the negotiations will continue_.
Calling this method overrides any previous setting made by this method or [setNeedClientAuth(boolean)](../../../javax/net/ssl/SSLServerSocket.html#setNeedClientAuth-boolean-).
The initial inherited setting may be overridden by calling[SSLSocket.setNeedClientAuth(boolean)](../../../javax/net/ssl/SSLSocket.html#setNeedClientAuth-boolean-) or[SSLSocket.setWantClientAuth(boolean)](../../../javax/net/ssl/SSLSocket.html#setWantClientAuth-boolean-).
Parameters:
`want` \- set to true if client authentication is requested, or false if no client authentication is desired.
See Also:
[getWantClientAuth()](../../../javax/net/ssl/SSLServerSocket.html#getWantClientAuth--), [setNeedClientAuth(boolean)](../../../javax/net/ssl/SSLServerSocket.html#setNeedClientAuth-boolean-), [getNeedClientAuth()](../../../javax/net/ssl/SSLServerSocket.html#getNeedClientAuth--), [setUseClientMode(boolean)](../../../javax/net/ssl/SSLServerSocket.html#setUseClientMode-boolean-)
* #### getWantClientAuth
public abstract boolean getWantClientAuth()
Returns:
true if client authentication is requested, or false if no client authentication is desired.
See Also:
[setWantClientAuth(boolean)](../../../javax/net/ssl/SSLServerSocket.html#setWantClientAuth-boolean-), [setNeedClientAuth(boolean)](../../../javax/net/ssl/SSLServerSocket.html#setNeedClientAuth-boolean-), [getNeedClientAuth()](../../../javax/net/ssl/SSLServerSocket.html#getNeedClientAuth--), [setUseClientMode(boolean)](../../../javax/net/ssl/SSLServerSocket.html#setUseClientMode-boolean-)
* #### setUseClientMode
public abstract void setUseClientMode(boolean mode)
Controls whether accepted connections are in the (default) SSL server mode, or the SSL client mode.
Servers normally authenticate themselves, and clients are not required to do so.
In rare cases, TCP servers need to act in the SSL client mode on newly accepted connections. For example, FTP clients acquire server sockets and listen there for reverse connections from the server. An FTP client would use an SSLServerSocket in "client" mode to accept the reverse connection while the FTP server uses an SSLSocket with "client" mode disabled to initiate the connection. During the resulting handshake, existing SSL sessions may be reused.
`SSLSocket`s returned from `accept()` inherit this setting.
Parameters:
`mode` \- true if newly accepted connections should use SSL client mode.
See Also:
[getUseClientMode()](../../../javax/net/ssl/SSLServerSocket.html#getUseClientMode--)
* #### getUseClientMode
public abstract boolean getUseClientMode()
Returns true if accepted connections will be in SSL client mode.
Returns:
true if the connection should use SSL client mode.
See Also:
[setUseClientMode(boolean)](../../../javax/net/ssl/SSLServerSocket.html#setUseClientMode-boolean-)
* #### setEnableSessionCreation
public abstract void setEnableSessionCreation(boolean flag)
Controls whether new SSL sessions may be established by the sockets which are created from this server socket.
`SSLSocket`s returned from `accept()` inherit this setting.
Parameters:
`flag` \- true indicates that sessions may be created; this is the default. false indicates that an existing session must be resumed.
See Also:
[getEnableSessionCreation()](../../../javax/net/ssl/SSLServerSocket.html#getEnableSessionCreation--)
* #### getEnableSessionCreation
public abstract boolean getEnableSessionCreation()
Returns true if new SSL sessions may be established by the sockets which are created from this server socket.
Returns:
true indicates that sessions may be created; this is the default. false indicates that an existing session must be resumed
See Also:
[setEnableSessionCreation(boolean)](../../../javax/net/ssl/SSLServerSocket.html#setEnableSessionCreation-boolean-)
* #### getSSLParameters
public [SSLParameters](../../../javax/net/ssl/SSLParameters.html "class in javax.net.ssl") getSSLParameters()
Returns the SSLParameters in effect for newly accepted connections. The ciphersuites and protocols of the returned SSLParameters are always non-null.
Returns:
the SSLParameters in effect for newly accepted connections
Since:
1.7
See Also:
[setSSLParameters(SSLParameters)](../../../javax/net/ssl/SSLServerSocket.html#setSSLParameters-javax.net.ssl.SSLParameters-)
* #### setSSLParameters
public void setSSLParameters([SSLParameters](../../../javax/net/ssl/SSLParameters.html "class in javax.net.ssl") params)
Applies SSLParameters to newly accepted connections.
This means:
* If `params.getCipherSuites()` is non-null,`setEnabledCipherSuites()` is called with that value.
* If `params.getProtocols()` is non-null,`setEnabledProtocols()` is called with that value.
* If `params.getNeedClientAuth()` or`params.getWantClientAuth()` return `true`,`setNeedClientAuth(true)` and`setWantClientAuth(true)` are called, respectively; otherwise `setWantClientAuth(false)` is called.
* If `params.getServerNames()` is non-null, the socket will configure its server names with that value.
* If `params.getSNIMatchers()` is non-null, the socket will configure its SNI matchers with that value.
Parameters:
`params` \- the parameters
Throws:
`[IllegalArgumentException](../../../java/lang/IllegalArgumentException.html "class in java.lang")` \- if the setEnabledCipherSuites() or the setEnabledProtocols() call fails
Since:
1.7
See Also:
[getSSLParameters()](../../../javax/net/ssl/SSLServerSocket.html#getSSLParameters--)