Package org.wildfly.openssl

Class SSLImpl

java.lang.Object
org.wildfly.openssl.SSL
org.wildfly.openssl.SSLImpl
public class SSLImpl extends SSL
Class that contains all static native methods to interact with OpenSSL

  • Constructor Details

    • SSLImpl

      public SSLImpl()

  • Method Details

    • initialize

      protected void initialize(String libCryptoPath, String libSslPath)
      Specified by:
      initialize in class SSL

    • version

      protected String version()
      Specified by:
      version in class SSL

    • versionNumber

      protected long versionNumber()
      Description copied from class: SSL
      Return OpenSSL version number.
      Specified by:
      versionNumber in class SSL
      Returns:
      the version number

    • hasOp

      protected boolean hasOp(int op)
      Description copied from class: SSL
      Return true if all the requested SSL_OP_* are supported by OpenSSL.

      Note that for versions of tcnative < 1.1.25, this method will return true if and only if op= SSL.SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION and tcnative supports that flag.

      Specified by:
      hasOp in class SSL
      Parameters:
      op - Bitwise-OR of all SSL_OP_* to test.
      Returns:
      true if all SSL_OP_* are supported by OpenSSL library.

    • newSSL

      protected long newSSL(long ctx, boolean server)
      Description copied from class: SSL
      SSL_new
      Specified by:
      newSSL in class SSL
      Parameters:
      ctx - Server or Client context to use.
      server - if true configure SSL instance to use accept handshake routines if false configure SSL instance to use connect handshake routines
      Returns:
      pointer to SSL instance (SSL *)

    • pendingWrittenBytesInBIO

      protected int pendingWrittenBytesInBIO(long bio)
      Description copied from class: SSL
      BIO_ctrl_pending.
      Specified by:
      pendingWrittenBytesInBIO in class SSL
      Parameters:
      bio - BIO pointer (BIO *)

    • pendingReadableBytesInSSL

      protected int pendingReadableBytesInSSL(long ssl)
      Description copied from class: SSL
      SSL_pending.
      Specified by:
      pendingReadableBytesInSSL in class SSL
      Parameters:
      ssl - SSL pointer (SSL *)

    • writeToBIO

      protected int writeToBIO(long bio, long wbuf, int wlen)
      Description copied from class: SSL
      BIO_write.
      Specified by:
      writeToBIO in class SSL
      Parameters:
      bio -
      wbuf -
      wlen -

    • readFromBIO

      protected int readFromBIO(long bio, long rbuf, int rlen)
      Description copied from class: SSL
      BIO_read.
      Specified by:
      readFromBIO in class SSL
      Parameters:
      bio -
      rbuf -
      rlen -

    • writeToSSL

      protected int writeToSSL(long ssl, long wbuf, int wlen)
      Description copied from class: SSL
      SSL_write.
      Specified by:
      writeToSSL in class SSL
      Parameters:
      ssl - the SSL instance (SSL *)
      wbuf -
      wlen -

    • readFromSSL

      protected int readFromSSL(long ssl, long rbuf, int rlen)
      Description copied from class: SSL
      SSL_read
      Specified by:
      readFromSSL in class SSL
      Parameters:
      ssl - the SSL instance (SSL *)
      rbuf -
      rlen -

    • getShutdown

      protected int getShutdown(long ssl)
      Description copied from class: SSL
      SSL_get_shutdown
      Specified by:
      getShutdown in class SSL
      Parameters:
      ssl - the SSL instance (SSL *)

    • freeSSL

      protected void freeSSL(long ssl)
      Description copied from class: SSL
      SSL_free
      Specified by:
      freeSSL in class SSL
      Parameters:
      ssl - the SSL instance (SSL *)

    • makeNetworkBIO

      protected long makeNetworkBIO(long ssl)
      Description copied from class: SSL
      Wire up internal and network BIOs for the given SSL instance.

      Warning: you must explicitly free this resource by calling freeBIO

      While the SSL's internal/application data BIO will be freed when freeSSL is called on the provided SSL instance, you must call freeBIO on the returned network BIO.

      Specified by:
      makeNetworkBIO in class SSL
      Parameters:
      ssl - the SSL instance (SSL *)
      Returns:
      pointer to the Network BIO (BIO *)

    • freeBIO

      protected void freeBIO(long bio)
      Description copied from class: SSL
      BIO_free
      Specified by:
      freeBIO in class SSL
      Parameters:
      bio -

    • shutdownSSL

      protected int shutdownSSL(long ssl)
      Description copied from class: SSL
      SSL_shutdown
      Specified by:
      shutdownSSL in class SSL
      Parameters:
      ssl - the SSL instance (SSL *)

    • getLastErrorNumber

      protected int getLastErrorNumber()
      Description copied from class: SSL
      Get the error number representing the last error OpenSSL encountered on this thread.
      Specified by:
      getLastErrorNumber in class SSL

    • getCipherForSSL

      protected String getCipherForSSL(long ssl)
      Description copied from class: SSL
      SSL_get_cipher.
      Specified by:
      getCipherForSSL in class SSL
      Parameters:
      ssl - the SSL instance (SSL *)

    • getVersion

      protected String getVersion(long ssl)
      Description copied from class: SSL
      SSL_get_version
      Specified by:
      getVersion in class SSL
      Parameters:
      ssl - the SSL instance (SSL *)

    • doHandshake

      protected int doHandshake(long ssl)
      Description copied from class: SSL
      SSL_do_handshake
      Specified by:
      doHandshake in class SSL
      Parameters:
      ssl - the SSL instance (SSL *)

    • saveServerCipher

      protected void saveServerCipher(long ssl, int serverCipher)
      Specified by:
      saveServerCipher in class SSL

    • getSSLError

      protected int getSSLError(long ssl, int code)
      Specified by:
      getSSLError in class SSL

    • renegotiate

      protected int renegotiate(long ssl)
      Description copied from class: SSL
      SSL_renegotiate
      Specified by:
      renegotiate in class SSL
      Parameters:
      ssl - the SSL instance (SSL *)

    • isInInit

      protected int isInInit(long SSL)
      Description copied from class: SSL
      SSL_in_init.
      Specified by:
      isInInit in class SSL
      Parameters:
      SSL -

    • getAlpnSelected

      protected String getAlpnSelected(long ssl)
      Description copied from class: SSL
      SSL_get0_alpn_selected
      Specified by:
      getAlpnSelected in class SSL
      Parameters:
      ssl - the SSL instance (SSL *)

    • enableAlpn

      protected void enableAlpn(long ssl)
      Description copied from class: SSL
      enables ALPN on the server side
      Specified by:
      enableAlpn in class SSL

    • isAlpnSupported

      protected boolean isAlpnSupported()
      Specified by:
      isAlpnSupported in class SSL

    • getPeerCertChain

      protected byte[][] getPeerCertChain(long ssl)
      Description copied from class: SSL
      Get the peer certificate chain or null if non was send.
      Specified by:
      getPeerCertChain in class SSL

    • getPeerCertificate

      protected byte[] getPeerCertificate(long ssl)
      Description copied from class: SSL
      Get the peer certificate or null if non was send.
      Specified by:
      getPeerCertificate in class SSL

    • getErrorString

      protected String getErrorString(long errorNumber)
      Specified by:
      getErrorString in class SSL

    • getTime

      protected long getTime(long ssl)
      Description copied from class: SSL
      SSL_get_time
      Specified by:
      getTime in class SSL
      Parameters:
      ssl - the SSL instance (SSL *)
      Returns:
      returns the time at which the session ssl was established. The time is given in seconds since the Epoch

    • setSSLVerify

      protected void setSSLVerify(long ssl, int level, int depth)
      Description copied from class: SSL
      Set Type of Client Certificate verification and Maximum depth of CA Certificates in Client Certificate verification.
      This directive sets the Certificate verification level for the Client Authentication. Notice that this directive can be used both in per-server and per-directory context. In per-server context it applies to the client authentication process used in the standard SSL handshake when a connection is established. In per-directory context it forces a SSL renegotiation with the reconfigured client verification level after the HTTP request was read but before the HTTP response is sent.
      The following levels are available for level: 
       SSL_CVERIFY_NONE           - No client Certificate is required at all
 SSL_CVERIFY_OPTIONAL       - The client may present a valid Certificate
 SSL_CVERIFY_REQUIRE        - The client has to present a valid Certificate
 SSL_CVERIFY_OPTIONAL_NO_CA - The client may present a valid Certificate
                              but it need not to be (successfully) verifiable

      The depth actually is the maximum number of intermediate certificate issuers, i.e. the number of CA certificates which are max allowed to be followed while verifying the client certificate. A depth of 0 means that self-signed client certificates are accepted only, the default depth of 1 means the client certificate can be self-signed or has to be signed by a CA which is directly known to the server (i.e. the CA's certificate is under setCACertificatePath, etc.
      Specified by:
      setSSLVerify in class SSL
      Parameters:
      ssl - the SSL instance (SSL *)
      level - Type of Client Certificate verification.
      depth - Maximum depth of CA Certificates in Client Certificate verification.

    • setOptions

      protected void setOptions(long ssl, long options)
      Description copied from class: SSL
      Set OpenSSL Option.
      Specified by:
      setOptions in class SSL
      Parameters:
      ssl - the SSL instance (SSL *)
      options - See SSL.SSL_OP_* for option flags.

    • getOptions

      protected long getOptions(long ssl)
      Description copied from class: SSL
      Get OpenSSL Option.
      Specified by:
      getOptions in class SSL
      Parameters:
      ssl - the SSL instance (SSL *)
      Returns:
      options See SSL.SSL_OP_* for option flags.

    • getCiphers

      protected String[] getCiphers(long ssl)
      Description copied from class: SSL
      Returns all Returns the cipher suites that are available for negotiation in an SSL handshake.
      Specified by:
      getCiphers in class SSL
      Parameters:
      ssl - the SSL instance (SSL *)
      Returns:
      ciphers

    • setCipherSuites

      protected boolean setCipherSuites(long ssl, String ciphers) throws Exception
      Description copied from class: SSL
      Returns the cipher suites available for negotiation in SSL handshake.
      This complex directive uses a colon-separated cipher-spec string consisting of OpenSSL cipher specifications to configure the Cipher Suite the client is permitted to negotiate in the SSL handshake phase. Notice that this directive can be used both in per-server and per-directory context. In per-server context it applies to the standard SSL handshake when a connection is established. In per-directory context it forces a SSL renegotiation with the reconfigured Cipher Suite after the HTTP request was read but before the HTTP response is sent.
      Specified by:
      setCipherSuites in class SSL
      Parameters:
      ssl - the SSL instance (SSL *)
      ciphers - an SSL cipher specification
      Throws:
      Exception

    • setCipherSuitesTLS13

      protected boolean setCipherSuitesTLS13(long ssl, String ciphers) throws Exception
      Description copied from class: SSL
      Sets the cipher suites available for negotiation in the SSL handshake.
      This is a simple colon (":") separated list of TLSv1.3 ciphersuite names in order of preference.
      Specified by:
      setCipherSuitesTLS13 in class SSL
      Parameters:
      ssl - the SSL instance (SSL *)
      ciphers - an SSL cipher specification
      Throws:
      Exception

    • setServerNameIndication

      protected boolean setServerNameIndication(long ssl, String hostName)
      Specified by:
      setServerNameIndication in class SSL

    • getSession

      protected long getSession(long ssl)
      Description copied from class: SSL
      Returns the pointer reference to the SSL session. https://www.openssl.org/docs/manmaster/ssl/SSL_get_session.html

      This uses the SSL_get1_session(). The SSL.invalidateSession(long) SSL_SESSION_free} needs to explicitly be called once to decrement the reference count.

      From the OpenSSL documentation:

      If the data is to be kept, SSL_get1_session() will increment the reference count, so that the session will not be implicitly removed by other operations but stays in memory. In order to remove the session SSL_SESSION_free must be explicitly called once to decrement the reference count again.

      Specified by:
      getSession in class SSL
      Parameters:
      ssl - the SSL instance (SSL *)
      Returns:
      the pointer reference to the SSL session

    • setSession

      protected void setSession(long ssl, long session)
      Description copied from class: SSL
      Sets the session for the SSL instance. https://www.openssl.org/docs/manmaster/ssl/SSL_set_session.html
      Specified by:
      setSession in class SSL
      Parameters:
      ssl - the SSL instance (SSL *)
      session - the pointer to the SSL session to set the SSL instance to

    • getSessionId

      protected byte[] getSessionId(long ssl)
      Description copied from class: SSL
      Returns the ID of the session as byte array representation.
      Specified by:
      getSessionId in class SSL
      Parameters:
      ssl - the SSL instance (SSL *)
      Returns:
      the session as byte array representation obtained via SSL_SESSION_get_id.

    • bufferAddress

      protected long bufferAddress(ByteBuffer buffer)
      Specified by:
      bufferAddress in class SSL

    • makeSSLContext

      protected long makeSSLContext(int protocol, int mode) throws Exception
      Description copied from class: SSL
      Create a new SSL context.
      Specified by:
      makeSSLContext in class SSL
      Parameters:
      protocol - The SSL protocol to use. It can be any combination of the following: 
                       SSL.SSL_PROTOCOL_SSLV2
                 SSL.SSL_PROTOCOL_SSLV3
                 SSL.SSL_PROTOCOL_TLSV1
                 SSL.SSL_PROTOCOL_TLSV1_1
                 SSL.SSL_PROTOCOL_TLSV1_2
                 SSL.SSL_PROTOCOL_TLSV1_3
                 SSL.SSL_PROTOCOL_ALL ( == all TLS versions, no SSL)
      mode - SSL mode to use 
                       SSL_MODE_CLIENT
                 SSL_MODE_SERVER
                 SSL_MODE_COMBINED
      Returns:
      The Java representation of a pointer to the newly created SSL Context
      Throws:
      Exception - If the SSL Context could not be created

    • freeSSLContext

      protected int freeSSLContext(long ctx)
      Description copied from class: SSL
      Free the resources used by the Context
      Specified by:
      freeSSLContext in class SSL
      Parameters:
      ctx - Server or Client context to free.
      Returns:
      APR Status code.

    • setSSLContextOptions

      protected void setSSLContextOptions(long ctx, long options)
      Description copied from class: SSL
      Set OpenSSL Option.
      Specified by:
      setSSLContextOptions in class SSL
      Parameters:
      ctx - Server or Client context to use.
      options - See SSL.SSL_OP_* for option flags.

    • clearSSLContextOptions

      protected void clearSSLContextOptions(long ctx, long options)
      Description copied from class: SSL
      Clears OpenSSL Options.
      Specified by:
      clearSSLContextOptions in class SSL
      Parameters:
      ctx - Server or Client context to use.
      options - See SSL.SSL_OP_* for option flags.

    • setSSLOptions

      protected void setSSLOptions(long ssl, long options)
      Description copied from class: SSL
      Set OpenSSL Option.
      Specified by:
      setSSLOptions in class SSL
      Parameters:
      ssl - Server or Client SSL to use.
      options - See SSL.SSL_OP_* for option flags.

    • clearSSLOptions

      protected void clearSSLOptions(long ssl, long options)
      Description copied from class: SSL
      Clears OpenSSL Options.
      Specified by:
      clearSSLOptions in class SSL
      Parameters:
      ssl - Server or Client SSL to use.
      options - See SSL.SSL_OP_* for option flags.

    • setCipherSuite

      protected boolean setCipherSuite(long ctx, String ciphers) throws Exception
      Description copied from class: SSL
      Cipher Suite available for negotiation in SSL handshake.
      This complex directive uses a colon-separated cipher-spec string consisting of OpenSSL cipher specifications to configure the Cipher Suite the client is permitted to negotiate in the SSL handshake phase. Notice that this directive can be used both in per-server and per-directory context. In per-server context it applies to the standard SSL handshake when a connection is established. In per-directory context it forces a SSL renegotiation with the reconfigured Cipher Suite after the HTTP request was read but before the HTTP response is sent.
      Specified by:
      setCipherSuite in class SSL
      Parameters:
      ctx - Server or Client context to use.
      ciphers - An SSL cipher specification.
      Throws:
      Exception

    • setCipherSuiteTLS13

      protected boolean setCipherSuiteTLS13(long ctx, String ciphers) throws Exception
      Description copied from class: SSL
      Sets the cipher suites available for negotiation in the SSL handshake.
      This is a simple colon (":") separated list of TLSv1.3 ciphersuite names in order of preference.
      Specified by:
      setCipherSuiteTLS13 in class SSL
      Parameters:
      ctx - Server or Client context to use.
      ciphers - an SSL cipher specification
      Throws:
      Exception

    • setCARevocation

      protected boolean setCARevocation(long ctx, String file, String path) throws Exception
      Description copied from class: SSL
      Set File of concatenated PEM-encoded CA CRLs or directory of PEM-encoded CA Certificates for Client Auth
      This directive sets the all-in-one file where you can assemble the Certificate Revocation Lists (CRL) of Certification Authorities (CA) whose clients you deal with. These are used for Client Authentication. Such a file is simply the concatenation of the various PEM-encoded CRL files, in order of preference.
      The files in this directory have to be PEM-encoded and are accessed through hash filenames. So usually you can't just place the Certificate files there: you also have to create symbolic links named hash-value.N. And you should always make sure this directory contains the appropriate symbolic links. Use the Makefile which comes with mod_ssl to accomplish this task.
      Specified by:
      setCARevocation in class SSL
      Parameters:
      ctx - Server or Client context to use.
      file - File of concatenated PEM-encoded CA CRLs for Client Auth.
      path - Directory of PEM-encoded CA Certificates for Client Auth.
      Throws:
      Exception

    • setCertificate

      protected boolean setCertificate(long ctx, byte[] cert, byte[][] encodedIntermediaries, byte[] key, int idx) throws Exception
      Description copied from class: SSL
      Set Certificate
      Point setCertificateFile at a PEM encoded certificate. If the certificate is encrypted, then you will be prompted for a pass phrase. Note that a kill -HUP will prompt again. A test certificate can be generated with `make certificate' under built time. Keep in mind that if you've both a RSA and a DSA certificate you can configure both in parallel (to also allow the use of DSA ciphers, etc.)
      If the key is not combined with the certificate, use key param to point at the key file. Keep in mind that if you've both a RSA and a DSA private key you can configure both in parallel (to also allow the use of DSA ciphers, etc.)
      Specified by:
      setCertificate in class SSL
      Parameters:
      ctx - Server or Client context to use.
      cert - Certificate file.
      encodedIntermediaries -
      key - Private Key file to use if not in cert.
      idx - Certificate index SSL_AIDX_RSA or SSL_AIDX_DSA.
      Throws:
      Exception

    • setSessionCacheSize

      protected long setSessionCacheSize(long ctx, long size)
      Description copied from class: SSL
      Set the size of the internal session cache. http://www.openssl.org/docs/ssl/SSL_CTX_sess_set_cache_size.html
      Specified by:
      setSessionCacheSize in class SSL

    • getSessionCacheSize

      protected long getSessionCacheSize(long ctx)
      Description copied from class: SSL
      Get the size of the internal session cache. http://www.openssl.org/docs/ssl/SSL_CTX_sess_get_cache_size.html
      Specified by:
      getSessionCacheSize in class SSL

    • setSessionCacheTimeout

      protected long setSessionCacheTimeout(long ctx, long timeoutSeconds)
      Description copied from class: SSL
      Set the timeout for the internal session cache in seconds. http://www.openssl.org/docs/ssl/SSL_CTX_set_timeout.html
      Specified by:
      setSessionCacheTimeout in class SSL

    • getSessionCacheTimeout

      protected long getSessionCacheTimeout(long ctx)
      Description copied from class: SSL
      Get the timeout for the internal session cache in seconds. http://www.openssl.org/docs/ssl/SSL_CTX_set_timeout.html
      Specified by:
      getSessionCacheTimeout in class SSL

    • setSessionCacheMode

      protected long setSessionCacheMode(long ctx, long mode)
      Description copied from class: SSL
      Set the mode of the internal session cache and return the previous used mode.
      Specified by:
      setSessionCacheMode in class SSL

    • getSessionCacheMode

      protected long getSessionCacheMode(long ctx)
      Description copied from class: SSL
      Get the mode of the current used internal session cache.
      Specified by:
      getSessionCacheMode in class SSL

    • sessionAccept

      protected long sessionAccept(long ctx)
      Description copied from class: SSL
      Session resumption statistics methods. http://www.openssl.org/docs/ssl/SSL_CTX_sess_number.html
      Specified by:
      sessionAccept in class SSL

    • sessionAcceptGood

      protected long sessionAcceptGood(long ctx)
      Specified by:
      sessionAcceptGood in class SSL

    • sessionAcceptRenegotiate

      protected long sessionAcceptRenegotiate(long ctx)
      Specified by:
      sessionAcceptRenegotiate in class SSL

    • sessionCacheFull

      protected long sessionCacheFull(long ctx)
      Specified by:
      sessionCacheFull in class SSL

    • sessionCbHits

      protected long sessionCbHits(long ctx)
      Specified by:
      sessionCbHits in class SSL

    • sessionConnect

      protected long sessionConnect(long ctx)
      Specified by:
      sessionConnect in class SSL

    • sessionConnectGood

      protected long sessionConnectGood(long ctx)
      Specified by:
      sessionConnectGood in class SSL

    • sessionConnectRenegotiate

      protected long sessionConnectRenegotiate(long ctx)
      Specified by:
      sessionConnectRenegotiate in class SSL

    • sessionHits

      protected long sessionHits(long ctx)
      Specified by:
      sessionHits in class SSL

    • sessionMisses

      protected long sessionMisses(long ctx)
      Specified by:
      sessionMisses in class SSL

    • sessionNumber

      protected long sessionNumber(long ctx)
      Specified by:
      sessionNumber in class SSL

    • sessionTimeouts

      protected long sessionTimeouts(long ctx)
      Specified by:
      sessionTimeouts in class SSL

    • setSessionTicketKeys

      protected void setSessionTicketKeys(long ctx, byte[] keys)
      Description copied from class: SSL
      Set TLS session keys. This allows us to share keys across TFEs.
      Specified by:
      setSessionTicketKeys in class SSL

    • invalidateSession

      protected void invalidateSession(long ctx)
      Description copied from class: SSL
      invalidates the current SSL session
      Specified by:
      invalidateSession in class SSL

    • registerSessionContext

      protected void registerSessionContext(long context, org.wildfly.openssl.OpenSSLSessionContext openSSLSessionContext)
      Specified by:
      registerSessionContext in class SSL

    • setCertVerifyCallback

      protected void setCertVerifyCallback(long ctx, org.wildfly.openssl.CertificateVerifier verifier)
      Description copied from class: SSL
      Allow to hook CertificateVerifier into the handshake processing. This will call SSL_CTX_set_cert_verify_callback and so replace the default verification callback used by openssl
      Specified by:
      setCertVerifyCallback in class SSL
      Parameters:
      ctx - Server or Client context to use.
      verifier - the verifier to call during handshake.

    • setAlpnProtos

      protected void setAlpnProtos(long ssl, String[] alpnProtos)
      Description copied from class: SSL
      Set application layer protocol for application layer protocol negotiation extension.

      This should only be called by the client.

      Specified by:
      setAlpnProtos in class SSL
      Parameters:
      ssl - SSL Engine to use
      alpnProtos - protocols in priority order

    • setServerALPNCallback

      protected void setServerALPNCallback(long ssl, org.wildfly.openssl.ServerALPNCallback callback)
      Description copied from class: SSL
      Sets the server ALPN callback for a spcific engine
      Specified by:
      setServerALPNCallback in class SSL
      Parameters:
      ssl - The SSL engine
      callback - the callbackto use

    • setSessionIdContext

      protected boolean setSessionIdContext(long ctx, byte[] sidCtx)
      Description copied from class: SSL
      Set the context within which session be reused (server side only) http://www.openssl.org/docs/ssl/SSL_CTX_set_session_id_context.html
      Specified by:
      setSessionIdContext in class SSL
      Parameters:
      ctx - Server context to use.
      sidCtx - can be any kind of binary data, it is therefore possible to use e.g. the name of the application and/or the hostname and/or service name
      Returns:
      true if success, false otherwise.

    • setMinProtoVersion

      protected void setMinProtoVersion(long ssl, int version)
      Description copied from class: SSL
      Set the minimum supported protocol version. This will call SSL_set_min_proto_version. See https://www.openssl.org/docs/manmaster/man3/SSL_set_min_proto_version.html.
      Specified by:
      setMinProtoVersion in class SSL
      Parameters:
      ssl - the SSL engine
      version - the minimum supported protocol version

    • setMaxProtoVersion

      protected void setMaxProtoVersion(long ssl, int version)
      Description copied from class: SSL
      Set the maximum supported protocol version. This will call SSL_set_max_proto_version. See https://www.openssl.org/docs/manmaster/man3/SSL_set_max_proto_version.html.
      Specified by:
      setMaxProtoVersion in class SSL
      Parameters:
      ssl - the SSL engine
      version - the maximum supported protocol version

    • getMinProtoVersion

      protected int getMinProtoVersion(long ssl)
      Description copied from class: SSL
      Get the minimum supported protocol version. This will call SSL_get_min_proto_version. See https://www.openssl.org/docs/manmaster/man3/SSL_get_min_proto_version.html.
      Specified by:
      getMinProtoVersion in class SSL
      Parameters:
      ssl - the SSL engine
      Returns:
      the minimum supported protocol version

    • getMaxProtoVersion

      protected int getMaxProtoVersion(long ssl)
      Description copied from class: SSL
      Get the maximum supported protocol version. This will call SSL_get_max_proto_version. See https://www.openssl.org/docs/manmaster/man3/SSL_get_max_proto_version.html.
      Specified by:
      getMaxProtoVersion in class SSL
      Parameters:
      ssl - the SSL engine
      Returns:
      the maximum supported protocol version

    • getSSLSessionReused

      protected boolean getSSLSessionReused(long ssl)
      Description copied from class: SSL
      Return whether or not the SSL session was reused. See https://www.openssl.org/docs/man1.1.1/man3/SSL_session_reused.html
      Specified by:
      getSSLSessionReused in class SSL
      Parameters:
      ssl - the SSL engine
      Returns:
      true if the SSL session was reused and false otherwise