Package org.wildfly.openssl

Class SSL

java.lang.Object
org.wildfly.openssl.SSL
Direct Known Subclasses:
SSLImpl
public abstract class SSL extends Object
Class that contains all native methods to interact with OpenSSL

  • Field Summary

    Fields
    Modifier and Type
    Field
    Description
    static final String
    MAC_HOMEBREW_OPENSSL_PATH
     
    static final String
    ORG_WILDFLY_LIBWFSSL_PATH
     
    static final String
    ORG_WILDFLY_OPENSSL_PATH
     
    static final String
    ORG_WILDFLY_OPENSSL_PATH_LIBCRYPTO
     
    static final String
    ORG_WILDFLY_OPENSSL_PATH_LIBSSL
     

  • Constructor Summary

    Constructors
    Constructor
    Description
    SSL()
     

  • Method Summary

    Modifier and Type
    Method
    Description
    protected abstract long
    bufferAddress(ByteBuffer buffer)
     
    protected abstract void
    clearSSLContextOptions(long ctx, long options)
    Clears OpenSSL Options.
    protected abstract void
    clearSSLOptions(long ssl, long options)
    Clears OpenSSL Options.
    protected abstract int
    doHandshake(long ssl)
    SSL_do_handshake
    protected abstract void
    enableAlpn(long ssl)
    enables ALPN on the server side
    protected abstract void
    freeBIO(long bio)
    BIO_free
    protected abstract void
    freeSSL(long ssl)
    SSL_free
    protected abstract int
    freeSSLContext(long ctx)
    Free the resources used by the Context
    protected abstract String
    getAlpnSelected(long ssl)
    SSL_get0_alpn_selected
    protected abstract String
    getCipherForSSL(long ssl)
    SSL_get_cipher.
    protected abstract String[]
    getCiphers(long ssl)
    Returns all Returns the cipher suites that are available for negotiation in an SSL handshake.
    protected abstract String
    getErrorString(long errorNumber)
     
    static SSL
    getInstance()
     
    protected abstract int
    getLastErrorNumber()
    Get the error number representing the last error OpenSSL encountered on this thread.
    protected abstract int
    getMaxProtoVersion(long ssl)
    Get the maximum supported protocol version.
    protected abstract int
    getMinProtoVersion(long ssl)
    Get the minimum supported protocol version.
    protected abstract long
    getOptions(long ssl)
    Get OpenSSL Option.
    protected abstract byte[][]
    getPeerCertChain(long ssl)
    Get the peer certificate chain or null if non was send.
    protected abstract byte[]
    getPeerCertificate(long ssl)
    Get the peer certificate or null if non was send.
    protected abstract long
    getSession(long ssl)
    Returns the pointer reference to the SSL session.
    protected abstract long
    getSessionCacheMode(long ctx)
    Get the mode of the current used internal session cache.
    protected abstract long
    getSessionCacheSize(long ctx)
    Get the size of the internal session cache.
    protected abstract long
    getSessionCacheTimeout(long ctx)
    Get the timeout for the internal session cache in seconds.
    protected abstract byte[]
    getSessionId(long ssl)
    Returns the ID of the session as byte array representation.
    protected abstract int
    getShutdown(long ssl)
    SSL_get_shutdown
    protected abstract int
    getSSLError(long ssl, int code)
     
    protected abstract boolean
    getSSLSessionReused(long ssl)
    Return whether or not the SSL session was reused.
    protected abstract long
    getTime(long ssl)
    SSL_get_time
    protected abstract String
    getVersion(long ssl)
    SSL_get_version
    protected abstract boolean
    hasOp(int op)
    Return true if all the requested SSL_OP_* are supported by OpenSSL.
    protected abstract void
    initialize(String libCryptoPath, String libSslPath)
     
    protected abstract void
    invalidateSession(long ctx)
    invalidates the current SSL session
    protected abstract boolean
    isAlpnSupported()
     
    protected abstract int
    isInInit(long SSL)
    SSL_in_init.
    protected abstract long
    makeNetworkBIO(long ssl)
    Wire up internal and network BIOs for the given SSL instance.
    protected abstract long
    makeSSLContext(int protocol, int mode)
    Create a new SSL context.
    protected abstract long
    newSSL(long ctx, boolean server)
    SSL_new
    protected abstract int
    pendingReadableBytesInSSL(long ssl)
    SSL_pending.
    protected abstract int
    pendingWrittenBytesInBIO(long bio)
    BIO_ctrl_pending.
    protected abstract int
    readFromBIO(long bio, long rbuf, int rlen)
    BIO_read.
    protected abstract int
    readFromSSL(long ssl, long rbuf, int rlen)
    SSL_read
    protected abstract void
    registerSessionContext(long context, org.wildfly.openssl.OpenSSLSessionContext openSSLSessionContext)
     
    protected abstract int
    renegotiate(long ssl)
    SSL_renegotiate
    protected abstract void
    saveServerCipher(long ssl, int cipher)
     
    protected abstract long
    sessionAccept(long ctx)
    Session resumption statistics methods.
    protected abstract long
    sessionAcceptGood(long ctx)
     
    protected abstract long
    sessionAcceptRenegotiate(long ctx)
     
    protected abstract long
    sessionCacheFull(long ctx)
     
    protected abstract long
    sessionCbHits(long ctx)
     
    protected abstract long
    sessionConnect(long ctx)
     
    protected abstract long
    sessionConnectGood(long ctx)
     
    protected abstract long
    sessionConnectRenegotiate(long ctx)
     
    protected abstract long
    sessionHits(long ctx)
     
    protected abstract long
    sessionMisses(long ctx)
     
    protected abstract long
    sessionNumber(long ctx)
     
    protected abstract long
    sessionTimeouts(long ctx)
     
    protected abstract void
    setAlpnProtos(long ssl, String[] alpnProtos)
    Set application layer protocol for application layer protocol negotiation extension.
    protected abstract boolean
    setCARevocation(long ctx, String file, String path)
    Set File of concatenated PEM-encoded CA CRLs or directory of PEM-encoded CA Certificates for Client Auth
    This directive sets the all-in-one file where you can assemble the Certificate Revocation Lists (CRL) of Certification Authorities (CA) whose clients you deal with.
    protected abstract boolean
    setCertificate(long ctx, byte[] cert, byte[][] encodedIntermediaries, byte[] key, int idx)
    Set Certificate
    Point setCertificateFile at a PEM encoded certificate.
    protected abstract void
    setCertVerifyCallback(long ctx, org.wildfly.openssl.CertificateVerifier verifier)
    Allow to hook CertificateVerifier into the handshake processing.
    protected abstract boolean
    setCipherSuite(long ctx, String ciphers)
    Cipher Suite available for negotiation in SSL handshake.
    protected abstract boolean
    setCipherSuites(long ssl, String ciphers)
    Returns the cipher suites available for negotiation in SSL handshake.
    protected abstract boolean
    setCipherSuitesTLS13(long ssl, String ciphers)
    Sets the cipher suites available for negotiation in the SSL handshake.
    protected abstract boolean
    setCipherSuiteTLS13(long ctx, String ciphers)
    Sets the cipher suites available for negotiation in the SSL handshake.
    protected abstract void
    setMaxProtoVersion(long ssl, int version)
    Set the maximum supported protocol version.
    protected abstract void
    setMinProtoVersion(long ssl, int version)
    Set the minimum supported protocol version.
    protected abstract void
    setOptions(long ssl, long options)
    Set OpenSSL Option.
    protected abstract void
    setServerALPNCallback(long ssl, org.wildfly.openssl.ServerALPNCallback callback)
    Sets the server ALPN callback for a spcific engine
    protected abstract boolean
    setServerNameIndication(long ssl, String hostName)
     
    protected abstract void
    setSession(long ssl, long session)
    Sets the session for the SSL instance.
    protected abstract long
    setSessionCacheMode(long ctx, long mode)
    Set the mode of the internal session cache and return the previous used mode.
    protected abstract long
    setSessionCacheSize(long ctx, long size)
    Set the size of the internal session cache.
    protected abstract long
    setSessionCacheTimeout(long ctx, long timeoutSeconds)
    Set the timeout for the internal session cache in seconds.
    protected abstract boolean
    setSessionIdContext(long ctx, byte[] sidCtx)
    Set the context within which session be reused (server side only) http://www.openssl.org/docs/ssl/SSL_CTX_set_session_id_context.html
    protected abstract void
    setSessionTicketKeys(long ctx, byte[] keys)
    Set TLS session keys.
    protected abstract void
    setSSLContextOptions(long ctx, long options)
    Set OpenSSL Option.
    protected abstract void
    setSSLOptions(long ssl, long options)
    Set OpenSSL Option.
    protected abstract void
    setSSLVerify(long ssl, int level, int depth)
    Set Type of Client Certificate verification and Maximum depth of CA Certificates in Client Certificate verification.
    protected abstract int
    shutdownSSL(long ssl)
    SSL_shutdown
    protected abstract String
    version()
     
    protected abstract long
    versionNumber()
    Return OpenSSL version number.
    protected abstract int
    writeToBIO(long bio, long wbuf, int wlen)
    BIO_write.
    protected abstract int
    writeToSSL(long ssl, long wbuf, int wlen)
    SSL_write.

    Methods inherited from class java.lang.Object

    clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

  • Field Details

  • Constructor Details

    • SSL

      public SSL()

  • Method Details

    • getInstance

      public static SSL getInstance()

    • initialize

      protected abstract void initialize(String libCryptoPath, String libSslPath)

    • version

      protected abstract String version()

    • hasOp

      protected abstract boolean hasOp(int op)
      Return true if all the requested SSL_OP_* are supported by OpenSSL.

      Note that for versions of tcnative < 1.1.25, this method will return true if and only if op= SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION and tcnative supports that flag.

      Parameters:
      op - Bitwise-OR of all SSL_OP_* to test.
      Returns:
      true if all SSL_OP_* are supported by OpenSSL library.

    • newSSL

      protected abstract long newSSL(long ctx, boolean server)
      SSL_new
      Parameters:
      ctx - Server or Client context to use.
      server - if true configure SSL instance to use accept handshake routines if false configure SSL instance to use connect handshake routines
      Returns:
      pointer to SSL instance (SSL *)

    • pendingWrittenBytesInBIO

      protected abstract int pendingWrittenBytesInBIO(long bio)
      BIO_ctrl_pending.
      Parameters:
      bio - BIO pointer (BIO *)

    • pendingReadableBytesInSSL

      protected abstract int pendingReadableBytesInSSL(long ssl)
      SSL_pending.
      Parameters:
      ssl - SSL pointer (SSL *)

    • writeToBIO

      protected abstract int writeToBIO(long bio, long wbuf, int wlen)
      BIO_write.
      Parameters:
      bio -
      wbuf -
      wlen -

    • readFromBIO

      protected abstract int readFromBIO(long bio, long rbuf, int rlen)
      BIO_read.
      Parameters:
      bio -
      rbuf -
      rlen -

    • writeToSSL

      protected abstract int writeToSSL(long ssl, long wbuf, int wlen)
      SSL_write.
      Parameters:
      ssl - the SSL instance (SSL *)
      wbuf -
      wlen -

    • readFromSSL

      protected abstract int readFromSSL(long ssl, long rbuf, int rlen)
      SSL_read
      Parameters:
      ssl - the SSL instance (SSL *)
      rbuf -
      rlen -

    • getShutdown

      protected abstract int getShutdown(long ssl)
      SSL_get_shutdown
      Parameters:
      ssl - the SSL instance (SSL *)

    • freeSSL

      protected abstract void freeSSL(long ssl)
      SSL_free
      Parameters:
      ssl - the SSL instance (SSL *)

    • makeNetworkBIO

      protected abstract long makeNetworkBIO(long ssl)
      Wire up internal and network BIOs for the given SSL instance.

      Warning: you must explicitly free this resource by calling freeBIO

      While the SSL's internal/application data BIO will be freed when freeSSL is called on the provided SSL instance, you must call freeBIO on the returned network BIO.

      Parameters:
      ssl - the SSL instance (SSL *)
      Returns:
      pointer to the Network BIO (BIO *)

    • freeBIO

      protected abstract void freeBIO(long bio)
      BIO_free
      Parameters:
      bio -

    • shutdownSSL

      protected abstract int shutdownSSL(long ssl)
      SSL_shutdown
      Parameters:
      ssl - the SSL instance (SSL *)

    • getLastErrorNumber

      protected abstract int getLastErrorNumber()
      Get the error number representing the last error OpenSSL encountered on this thread.

    • getCipherForSSL

      protected abstract String getCipherForSSL(long ssl)
      SSL_get_cipher.
      Parameters:
      ssl - the SSL instance (SSL *)

    • getVersion

      protected abstract String getVersion(long ssl)
      SSL_get_version
      Parameters:
      ssl - the SSL instance (SSL *)

    • versionNumber

      protected abstract long versionNumber()
      Return OpenSSL version number.
      Returns:
      the version number

    • doHandshake

      protected abstract int doHandshake(long ssl)
      SSL_do_handshake
      Parameters:
      ssl - the SSL instance (SSL *)

    • getSSLError

      protected abstract int getSSLError(long ssl, int code)

    • saveServerCipher

      protected abstract void saveServerCipher(long ssl, int cipher)

    • renegotiate

      protected abstract int renegotiate(long ssl)
      SSL_renegotiate
      Parameters:
      ssl - the SSL instance (SSL *)

    • isInInit

      protected abstract int isInInit(long SSL)
      SSL_in_init.
      Parameters:
      SSL -

    • getAlpnSelected

      protected abstract String getAlpnSelected(long ssl)
      SSL_get0_alpn_selected
      Parameters:
      ssl - the SSL instance (SSL *)

    • enableAlpn

      protected abstract void enableAlpn(long ssl)
      enables ALPN on the server side

    • isAlpnSupported

      protected abstract boolean isAlpnSupported()

    • getPeerCertChain

      protected abstract byte[][] getPeerCertChain(long ssl)
      Get the peer certificate chain or null if non was send.

    • getPeerCertificate

      protected abstract byte[] getPeerCertificate(long ssl)
      Get the peer certificate or null if non was send.

    • getErrorString

      protected abstract String getErrorString(long errorNumber)

    • getTime

      protected abstract long getTime(long ssl)
      SSL_get_time
      Parameters:
      ssl - the SSL instance (SSL *)
      Returns:
      returns the time at which the session ssl was established. The time is given in seconds since the Epoch

    • setSSLVerify

      protected abstract void setSSLVerify(long ssl, int level, int depth)
      Set Type of Client Certificate verification and Maximum depth of CA Certificates in Client Certificate verification.
      This directive sets the Certificate verification level for the Client Authentication. Notice that this directive can be used both in per-server and per-directory context. In per-server context it applies to the client authentication process used in the standard SSL handshake when a connection is established. In per-directory context it forces a SSL renegotiation with the reconfigured client verification level after the HTTP request was read but before the HTTP response is sent.
      The following levels are available for level: 
       SSL_CVERIFY_NONE           - No client Certificate is required at all
 SSL_CVERIFY_OPTIONAL       - The client may present a valid Certificate
 SSL_CVERIFY_REQUIRE        - The client has to present a valid Certificate
 SSL_CVERIFY_OPTIONAL_NO_CA - The client may present a valid Certificate
                              but it need not to be (successfully) verifiable

      The depth actually is the maximum number of intermediate certificate issuers, i.e. the number of CA certificates which are max allowed to be followed while verifying the client certificate. A depth of 0 means that self-signed client certificates are accepted only, the default depth of 1 means the client certificate can be self-signed or has to be signed by a CA which is directly known to the server (i.e. the CA's certificate is under setCACertificatePath, etc.
      Parameters:
      ssl - the SSL instance (SSL *)
      level - Type of Client Certificate verification.
      depth - Maximum depth of CA Certificates in Client Certificate verification.

    • setOptions

      protected abstract void setOptions(long ssl, long options)
      Set OpenSSL Option.
      Parameters:
      ssl - the SSL instance (SSL *)
      options - See SSL.SSL_OP_* for option flags.

    • getOptions

      protected abstract long getOptions(long ssl)
      Get OpenSSL Option.
      Parameters:
      ssl - the SSL instance (SSL *)
      Returns:
      options See SSL.SSL_OP_* for option flags.

    • getCiphers

      protected abstract String[] getCiphers(long ssl)
      Returns all Returns the cipher suites that are available for negotiation in an SSL handshake.
      Parameters:
      ssl - the SSL instance (SSL *)
      Returns:
      ciphers

    • setCipherSuites

      protected abstract boolean setCipherSuites(long ssl, String ciphers) throws Exception
      Returns the cipher suites available for negotiation in SSL handshake.
      This complex directive uses a colon-separated cipher-spec string consisting of OpenSSL cipher specifications to configure the Cipher Suite the client is permitted to negotiate in the SSL handshake phase. Notice that this directive can be used both in per-server and per-directory context. In per-server context it applies to the standard SSL handshake when a connection is established. In per-directory context it forces a SSL renegotiation with the reconfigured Cipher Suite after the HTTP request was read but before the HTTP response is sent.
      Parameters:
      ssl - the SSL instance (SSL *)
      ciphers - an SSL cipher specification
      Throws:
      Exception

    • setCipherSuitesTLS13

      protected abstract boolean setCipherSuitesTLS13(long ssl, String ciphers) throws Exception
      Sets the cipher suites available for negotiation in the SSL handshake.
      This is a simple colon (":") separated list of TLSv1.3 ciphersuite names in order of preference.
      Parameters:
      ssl - the SSL instance (SSL *)
      ciphers - an SSL cipher specification
      Throws:
      Exception

    • setServerNameIndication

      protected abstract boolean setServerNameIndication(long ssl, String hostName)

    • getSession

      protected abstract long getSession(long ssl)
      Returns the pointer reference to the SSL session. https://www.openssl.org/docs/manmaster/ssl/SSL_get_session.html

      This uses the SSL_get1_session(). The invalidateSession(long) SSL_SESSION_free} needs to explicitly be called once to decrement the reference count.

      From the OpenSSL documentation:

      If the data is to be kept, SSL_get1_session() will increment the reference count, so that the session will not be implicitly removed by other operations but stays in memory. In order to remove the session SSL_SESSION_free must be explicitly called once to decrement the reference count again.

      Parameters:
      ssl - the SSL instance (SSL *)
      Returns:
      the pointer reference to the SSL session

    • setSession

      protected abstract void setSession(long ssl, long session)
      Sets the session for the SSL instance. https://www.openssl.org/docs/manmaster/ssl/SSL_set_session.html
      Parameters:
      ssl - the SSL instance (SSL *)
      session - the pointer to the SSL session to set the SSL instance to

    • getSessionId

      protected abstract byte[] getSessionId(long ssl)
      Returns the ID of the session as byte array representation.
      Parameters:
      ssl - the SSL instance (SSL *)
      Returns:
      the session as byte array representation obtained via SSL_SESSION_get_id.

    • bufferAddress

      protected abstract long bufferAddress(ByteBuffer buffer)

    • makeSSLContext

      protected abstract long makeSSLContext(int protocol, int mode) throws Exception
      Create a new SSL context.
      Parameters:
      protocol - The SSL protocol to use. It can be any combination of the following: 
                       SSL_PROTOCOL_SSLV2
                 SSL_PROTOCOL_SSLV3
                 SSL_PROTOCOL_TLSV1
                 SSL_PROTOCOL_TLSV1_1
                 SSL_PROTOCOL_TLSV1_2
                 SSL_PROTOCOL_TLSV1_3
                 SSL_PROTOCOL_ALL ( == all TLS versions, no SSL)
      mode - SSL mode to use 
                       SSL_MODE_CLIENT
                 SSL_MODE_SERVER
                 SSL_MODE_COMBINED
      Returns:
      The Java representation of a pointer to the newly created SSL Context
      Throws:
      Exception - If the SSL Context could not be created

    • freeSSLContext

      protected abstract int freeSSLContext(long ctx)
      Free the resources used by the Context
      Parameters:
      ctx - Server or Client context to free.
      Returns:
      APR Status code.

    • setSSLContextOptions

      protected abstract void setSSLContextOptions(long ctx, long options)
      Set OpenSSL Option.
      Parameters:
      ctx - Server or Client context to use.
      options - See SSL.SSL_OP_* for option flags.

    • clearSSLContextOptions

      protected abstract void clearSSLContextOptions(long ctx, long options)
      Clears OpenSSL Options.
      Parameters:
      ctx - Server or Client context to use.
      options - See SSL.SSL_OP_* for option flags.

    • setSSLOptions

      protected abstract void setSSLOptions(long ssl, long options)
      Set OpenSSL Option.
      Parameters:
      ssl - Server or Client SSL to use.
      options - See SSL.SSL_OP_* for option flags.

    • clearSSLOptions

      protected abstract void clearSSLOptions(long ssl, long options)
      Clears OpenSSL Options.
      Parameters:
      ssl - Server or Client SSL to use.
      options - See SSL.SSL_OP_* for option flags.

    • setCipherSuite

      protected abstract boolean setCipherSuite(long ctx, String ciphers) throws Exception
      Cipher Suite available for negotiation in SSL handshake.
      This complex directive uses a colon-separated cipher-spec string consisting of OpenSSL cipher specifications to configure the Cipher Suite the client is permitted to negotiate in the SSL handshake phase. Notice that this directive can be used both in per-server and per-directory context. In per-server context it applies to the standard SSL handshake when a connection is established. In per-directory context it forces a SSL renegotiation with the reconfigured Cipher Suite after the HTTP request was read but before the HTTP response is sent.
      Parameters:
      ctx - Server or Client context to use.
      ciphers - An SSL cipher specification.
      Throws:
      Exception

    • setCipherSuiteTLS13

      protected abstract boolean setCipherSuiteTLS13(long ctx, String ciphers) throws Exception
      Sets the cipher suites available for negotiation in the SSL handshake.
      This is a simple colon (":") separated list of TLSv1.3 ciphersuite names in order of preference.
      Parameters:
      ctx - Server or Client context to use.
      ciphers - an SSL cipher specification
      Throws:
      Exception

    • setCARevocation

      protected abstract boolean setCARevocation(long ctx, String file, String path) throws Exception
      Set File of concatenated PEM-encoded CA CRLs or directory of PEM-encoded CA Certificates for Client Auth
      This directive sets the all-in-one file where you can assemble the Certificate Revocation Lists (CRL) of Certification Authorities (CA) whose clients you deal with. These are used for Client Authentication. Such a file is simply the concatenation of the various PEM-encoded CRL files, in order of preference.
      The files in this directory have to be PEM-encoded and are accessed through hash filenames. So usually you can't just place the Certificate files there: you also have to create symbolic links named hash-value.N. And you should always make sure this directory contains the appropriate symbolic links. Use the Makefile which comes with mod_ssl to accomplish this task.
      Parameters:
      ctx - Server or Client context to use.
      file - File of concatenated PEM-encoded CA CRLs for Client Auth.
      path - Directory of PEM-encoded CA Certificates for Client Auth.
      Throws:
      Exception

    • setCertificate

      protected abstract boolean setCertificate(long ctx, byte[] cert, byte[][] encodedIntermediaries, byte[] key, int idx) throws Exception
      Set Certificate
      Point setCertificateFile at a PEM encoded certificate. If the certificate is encrypted, then you will be prompted for a pass phrase. Note that a kill -HUP will prompt again. A test certificate can be generated with `make certificate' under built time. Keep in mind that if you've both a RSA and a DSA certificate you can configure both in parallel (to also allow the use of DSA ciphers, etc.)
      If the key is not combined with the certificate, use key param to point at the key file. Keep in mind that if you've both a RSA and a DSA private key you can configure both in parallel (to also allow the use of DSA ciphers, etc.)
      Parameters:
      ctx - Server or Client context to use.
      cert - Certificate file.
      encodedIntermediaries -
      key - Private Key file to use if not in cert.
      idx - Certificate index SSL_AIDX_RSA or SSL_AIDX_DSA.
      Throws:
      Exception

    • setSessionCacheSize

      protected abstract long setSessionCacheSize(long ctx, long size)
      Set the size of the internal session cache. http://www.openssl.org/docs/ssl/SSL_CTX_sess_set_cache_size.html

    • getSessionCacheSize

      protected abstract long getSessionCacheSize(long ctx)
      Get the size of the internal session cache. http://www.openssl.org/docs/ssl/SSL_CTX_sess_get_cache_size.html

    • setSessionCacheTimeout

      protected abstract long setSessionCacheTimeout(long ctx, long timeoutSeconds)
      Set the timeout for the internal session cache in seconds. http://www.openssl.org/docs/ssl/SSL_CTX_set_timeout.html

    • getSessionCacheTimeout

      protected abstract long getSessionCacheTimeout(long ctx)
      Get the timeout for the internal session cache in seconds. http://www.openssl.org/docs/ssl/SSL_CTX_set_timeout.html

    • setSessionCacheMode

      protected abstract long setSessionCacheMode(long ctx, long mode)
      Set the mode of the internal session cache and return the previous used mode.

    • getSessionCacheMode

      protected abstract long getSessionCacheMode(long ctx)
      Get the mode of the current used internal session cache.

    • sessionAccept

      protected abstract long sessionAccept(long ctx)
      Session resumption statistics methods. http://www.openssl.org/docs/ssl/SSL_CTX_sess_number.html

    • sessionAcceptGood

      protected abstract long sessionAcceptGood(long ctx)

    • sessionAcceptRenegotiate

      protected abstract long sessionAcceptRenegotiate(long ctx)

    • sessionCacheFull

      protected abstract long sessionCacheFull(long ctx)

    • sessionCbHits

      protected abstract long sessionCbHits(long ctx)

    • sessionConnect

      protected abstract long sessionConnect(long ctx)

    • sessionConnectGood

      protected abstract long sessionConnectGood(long ctx)

    • sessionConnectRenegotiate

      protected abstract long sessionConnectRenegotiate(long ctx)

    • sessionHits

      protected abstract long sessionHits(long ctx)

    • sessionMisses

      protected abstract long sessionMisses(long ctx)

    • sessionNumber

      protected abstract long sessionNumber(long ctx)

    • sessionTimeouts

      protected abstract long sessionTimeouts(long ctx)

    • setSessionTicketKeys

      protected abstract void setSessionTicketKeys(long ctx, byte[] keys)
      Set TLS session keys. This allows us to share keys across TFEs.

    • invalidateSession

      protected abstract void invalidateSession(long ctx)
      invalidates the current SSL session

    • registerSessionContext

      protected abstract void registerSessionContext(long context, org.wildfly.openssl.OpenSSLSessionContext openSSLSessionContext)

    • setCertVerifyCallback

      protected abstract void setCertVerifyCallback(long ctx, org.wildfly.openssl.CertificateVerifier verifier)
      Allow to hook CertificateVerifier into the handshake processing. This will call SSL_CTX_set_cert_verify_callback and so replace the default verification callback used by openssl
      Parameters:
      ctx - Server or Client context to use.
      verifier - the verifier to call during handshake.

    • setAlpnProtos

      protected abstract void setAlpnProtos(long ssl, String[] alpnProtos)
      Set application layer protocol for application layer protocol negotiation extension.

      This should only be called by the client.

      Parameters:
      ssl - SSL Engine to use
      alpnProtos - protocols in priority order

    • setServerALPNCallback

      protected abstract void setServerALPNCallback(long ssl, org.wildfly.openssl.ServerALPNCallback callback)
      Sets the server ALPN callback for a spcific engine
      Parameters:
      ssl - The SSL engine
      callback - the callbackto use

    • setSessionIdContext

      protected abstract boolean setSessionIdContext(long ctx, byte[] sidCtx)
      Set the context within which session be reused (server side only) http://www.openssl.org/docs/ssl/SSL_CTX_set_session_id_context.html
      Parameters:
      ctx - Server context to use.
      sidCtx - can be any kind of binary data, it is therefore possible to use e.g. the name of the application and/or the hostname and/or service name
      Returns:
      true if success, false otherwise.

    • setMinProtoVersion

      protected abstract void setMinProtoVersion(long ssl, int version)
      Set the minimum supported protocol version. This will call SSL_set_min_proto_version. See https://www.openssl.org/docs/manmaster/man3/SSL_set_min_proto_version.html.
      Parameters:
      ssl - the SSL engine
      version - the minimum supported protocol version

    • setMaxProtoVersion

      protected abstract void setMaxProtoVersion(long ssl, int version)
      Set the maximum supported protocol version. This will call SSL_set_max_proto_version. See https://www.openssl.org/docs/manmaster/man3/SSL_set_max_proto_version.html.
      Parameters:
      ssl - the SSL engine
      version - the maximum supported protocol version

    • getMinProtoVersion

      protected abstract int getMinProtoVersion(long ssl)
      Get the minimum supported protocol version. This will call SSL_get_min_proto_version. See https://www.openssl.org/docs/manmaster/man3/SSL_get_min_proto_version.html.
      Parameters:
      ssl - the SSL engine
      Returns:
      the minimum supported protocol version

    • getMaxProtoVersion

      protected abstract int getMaxProtoVersion(long ssl)
      Get the maximum supported protocol version. This will call SSL_get_max_proto_version. See https://www.openssl.org/docs/manmaster/man3/SSL_get_max_proto_version.html.
      Parameters:
      ssl - the SSL engine
      Returns:
      the maximum supported protocol version

    • getSSLSessionReused

      protected abstract boolean getSSLSessionReused(long ssl)
      Return whether or not the SSL session was reused. See https://www.openssl.org/docs/man1.1.1/man3/SSL_session_reused.html
      Parameters:
      ssl - the SSL engine
      Returns:
      true if the SSL session was reused and false otherwise