Class SSLContext
- java.lang.Object
-
- org.apache.tomcat.jni.SSLContext
-
public final class SSLContext extends Object
SSL Context- Author:
- Mladen Turk
-
-
Constructor Summary
Constructors Constructor Description SSLContext()
-
Method Summary
All Methods Static Methods Concrete Methods Deprecated Methods Modifier and Type Method Description static void
clearOptions(long ctx, int options)
Clears OpenSSL Options.static int
free(long ctx)
Free the resources used by the Contextstatic int
getMode(long ctx)
Call SSL_CTX_get_modestatic int
getOptions(long ctx)
Get OpenSSL Option.static long
getSessionCacheMode(long ctx)
Get the mode of the current used internal session cache.static long
getSessionCacheSize(long ctx)
Get the size of the internal session cache.static long
getSessionCacheTimeout(long ctx)
Get the timeout for the internal session cache in seconds.static long
make(long pool, int protocol, int mode)
Initialize new SSL contextstatic long
sessionAccept(long ctx)
Session resumption statistics methods.static long
sessionAcceptGood(long ctx)
static long
sessionAcceptRenegotiate(long ctx)
static long
sessionCacheFull(long ctx)
static long
sessionCbHits(long ctx)
static long
sessionConnect(long ctx)
static long
sessionConnectGood(long ctx)
static long
sessionConnectRenegotiate(long ctx)
static long
sessionHits(long ctx)
static long
sessionMisses(long ctx)
static long
sessionNumber(long ctx)
static long
sessionTicketKeyFail(long ctx)
static long
sessionTicketKeyNew(long ctx)
TLS session ticket key resumption statistics.static long
sessionTicketKeyRenew(long ctx)
static long
sessionTicketKeyResume(long ctx)
static long
sessionTimeouts(long ctx)
static void
setAlpnProtos(long ctx, String[] alpnProtos, int selectorFailureBehavior)
Set application layer protocol for application layer protocol negotiation extensionstatic void
setBIO(long ctx, long bio, int dir)
Associate BIOCallback for input or output data capture.static boolean
setCACertificate(long ctx, String file, String path)
Set File and Directory of concatenated PEM-encoded CA Certificates for Client Auth
This directive sets the all-in-one file where you can assemble the Certificates of Certification Authorities (CA) whose clients you deal with.static boolean
setCACertificateBio(long ctx, long certBio)
Set concatenated PEM-encoded CA Certificates for Client Auth
This directive sets the all-in-one BIO where you can assemble the Certificates of Certification Authorities (CA) whose clients you deal with.static boolean
setCARevocation(long ctx, String file, String path)
Set File of concatenated PEM-encoded CA CRLs or directory of PEM-encoded CA Certificates for Client Auth
This directive sets the all-in-one file where you can assemble the Certificate Revocation Lists (CRL) of Certification Authorities (CA) whose clients you deal with.static boolean
setCertificate(long ctx, String cert, String key, String password)
Set Certificatestatic boolean
setCertificate(long ctx, String cert, String key, String password, int idx)
Deprecated.static boolean
setCertificateBio(long ctx, long certBio, long keyBio, String password)
Set Certificatestatic boolean
setCertificateBio(long ctx, long certBio, long keyBio, String password, int idx)
Deprecated.UsesetCertificateBio(long, long, long, String)
Set Certificatestatic boolean
setCertificateChainBio(long ctx, long bio, boolean skipfirst)
Set BIO of PEM-encoded Server CA Certificatesstatic boolean
setCertificateChainFile(long ctx, String file, boolean skipfirst)
Set File of PEM-encoded Server CA Certificates
This directive sets the optional all-in-one file where you can assemble the certificates of Certification Authorities (CA) which form the certificate chain of the server certificate.static void
setCertRequestedCallback(long ctx, CertificateRequestedCallback callback)
Allow to hookCertificateRequestedCallback
into the certificate choosing process.static void
setCertVerifyCallback(long ctx, CertificateVerifier verifier)
Allow to hookCertificateVerifier
into the handshake processing.static boolean
setCipherSuite(long ctx, String ciphers)
Cipher Suite available for negotiation in SSL handshake.static void
setContextId(long ctx, String id)
Set Session context id.static int
setMode(long ctx, int mode)
Call SSL_CTX_set_modestatic void
setNextProtos(long ctx, String nextProtos)
Deprecated.static void
setNpnProtos(long ctx, String[] nextProtos, int selectorFailureBehavior)
Set next protocol for next protocol negotiation extensionstatic void
setOptions(long ctx, int options)
Set OpenSSL Option.static void
setQuietShutdown(long ctx, boolean mode)
Sets the "quiet shutdown" flag for ctx to be mode.static void
setRandom(long ctx, String file)
Set file for randomnessstatic long
setSessionCacheMode(long ctx, long mode)
Set the mode of the internal session cache and return the previous used mode.static long
setSessionCacheSize(long ctx, long size)
Set the size of the internal session cache.static long
setSessionCacheTimeout(long ctx, long timeoutSeconds)
Set the timeout for the internal session cache in seconds.static boolean
setSessionIdContext(long ctx, byte[] sidCtx)
Set the context within which session be reused (server side only) http://www.openssl.org/docs/ssl/SSL_CTX_set_session_id_context.htmlstatic void
setSessionTicketKeys(long ctx, byte[] keys)
Deprecated.static void
setSessionTicketKeys(long ctx, SessionTicketKey[] keys)
Set TLS session ticket keys.static void
setShutdownType(long ctx, int type)
Set SSL connection shutdown type
The following levels are available for level:static void
setTmpDH(long ctx, String cert)
Set DH parametersstatic void
setTmpDHLength(long ctx, int length)
Set length of the DH to use.static void
setTmpECDHByCurveName(long ctx, String curveName)
Set ECDH elliptic curve by namestatic void
setVerify(long ctx, int level, int depth)
Set Type of Client Certificate verification and Maximum depth of CA Certificates in Client Certificate verification.
-
-
-
Method Detail
-
make
public static long make(long pool, int protocol, int mode) throws Exception
Initialize new SSL context- Parameters:
pool
- The pool to use.protocol
- The SSL protocol to use. It can be any combination of the following:SSL.SSL_PROTOCOL_SSLV2
SSL.SSL_PROTOCOL_SSLV3
SSL.SSL_PROTOCOL_TLSV1
SSL.SSL_PROTOCOL_TLSV1_1
SSL.SSL_PROTOCOL_TLSV1_2
SSL.SSL_PROTOCOL_ALL
( == all TLS versions, no SSL)mode
- SSL mode to useSSL_MODE_CLIENT SSL_MODE_SERVER SSL_MODE_COMBINED
- Throws:
Exception
-
free
public static int free(long ctx)
Free the resources used by the Context- Parameters:
ctx
- Server or Client context to free.- Returns:
- APR Status code.
-
setContextId
public static void setContextId(long ctx, String id)
Set Session context id. Usually host:port combination.- Parameters:
ctx
- Context to use.id
- String that uniquely identifies this context.
-
setBIO
public static void setBIO(long ctx, long bio, int dir)
Associate BIOCallback for input or output data capture.
First word in the output string will contain error level in the form:[ERROR] -- Critical error messages [WARN] -- Warning messages [INFO] -- Informational messages [DEBUG] -- Debugging messaged
Callback can use that word to determine application logging level by intercepting write call. If the bio is set to 0 no error messages will be displayed. Default is to use the stderr output stream.- Parameters:
ctx
- Server or Client context to use.bio
- BIO handle to use, created with SSL.newBIOdir
- BIO direction (1 for input 0 for output).
-
setOptions
public static void setOptions(long ctx, int options)
Set OpenSSL Option.- Parameters:
ctx
- Server or Client context to use.options
- See SSL.SSL_OP_* for option flags.
-
getOptions
public static int getOptions(long ctx)
Get OpenSSL Option.- Parameters:
ctx
- Server or Client context to use.- Returns:
- options See SSL.SSL_OP_* for option flags.
-
clearOptions
public static void clearOptions(long ctx, int options)
Clears OpenSSL Options.- Parameters:
ctx
- Server or Client context to use.options
- See SSL.SSL_OP_* for option flags.
-
setQuietShutdown
public static void setQuietShutdown(long ctx, boolean mode)
Sets the "quiet shutdown" flag for ctx to be mode. SSL objects created from ctx inherit the mode valid at the time and may be 0 or 1.
Normally when a SSL connection is finished, the parties must send out "close notify" alert messages using L<SSL_shutdown(3)|SSL_shutdown(3)> for a clean shutdown.
When setting the "quiet shutdown" flag to 1, SSL.shutdown will set the internal flags to SSL_SENT_SHUTDOWN|SSL_RECEIVED_SHUTDOWN. (SSL_shutdown then behaves like called with SSL_SENT_SHUTDOWN|SSL_RECEIVED_SHUTDOWN.) The session is thus considered to be shutdown, but no "close notify" alert is sent to the peer. This behaviour violates the TLS standard. The default is normal shutdown behaviour as described by the TLS standard.- Parameters:
ctx
- Server or Client context to use.mode
- True to set the quiet shutdown.
-
setCipherSuite
public static boolean setCipherSuite(long ctx, String ciphers) throws Exception
Cipher Suite available for negotiation in SSL handshake.
This complex directive uses a colon-separated cipher-spec string consisting of OpenSSL cipher specifications to configure the Cipher Suite the client is permitted to negotiate in the SSL handshake phase. Notice that this directive can be used both in per-server and per-directory context. In per-server context it applies to the standard SSL handshake when a connection is established. In per-directory context it forces a SSL renegotiation with the reconfigured Cipher Suite after the HTTP request was read but before the HTTP response is sent.- Parameters:
ctx
- Server or Client context to use.ciphers
- An SSL cipher specification.- Throws:
Exception
-
setCARevocation
public static boolean setCARevocation(long ctx, String file, String path) throws Exception
Set File of concatenated PEM-encoded CA CRLs or directory of PEM-encoded CA Certificates for Client Auth
This directive sets the all-in-one file where you can assemble the Certificate Revocation Lists (CRL) of Certification Authorities (CA) whose clients you deal with. These are used for Client Authentication. Such a file is simply the concatenation of the various PEM-encoded CRL files, in order of preference.
The files in this directory have to be PEM-encoded and are accessed through hash filenames. So usually you can't just place the Certificate files there: you also have to create symbolic links named hash-value.N. And you should always make sure this directory contains the appropriate symbolic links. Use the Makefile which comes with mod_ssl to accomplish this task.- Parameters:
ctx
- Server or Client context to use.file
- File of concatenated PEM-encoded CA CRLs for Client Auth.path
- Directory of PEM-encoded CA Certificates for Client Auth.- Throws:
Exception
-
setCertificateChainFile
public static boolean setCertificateChainFile(long ctx, String file, boolean skipfirst)
Set File of PEM-encoded Server CA Certificates
This directive sets the optional all-in-one file where you can assemble the certificates of Certification Authorities (CA) which form the certificate chain of the server certificate. This starts with the issuing CA certificate of of the server certificate and can range up to the root CA certificate. Such a file is simply the concatenation of the various PEM-encoded CA Certificate files, usually in certificate chain order.
But be careful: Providing the certificate chain works only if you are using a single (either RSA or DSA) based server certificate. If you are using a coupled RSA+DSA certificate pair, this will work only if actually both certificates use the same certificate chain. Else the browsers will be confused in this situation.- Parameters:
ctx
- Server or Client context to use.file
- File of PEM-encoded Server CA Certificates.skipfirst
- Skip first certificate if chain file is inside certificate file.
-
setCertificateChainBio
public static boolean setCertificateChainBio(long ctx, long bio, boolean skipfirst)
Set BIO of PEM-encoded Server CA CertificatesThis directive sets the optional all-in-one file where you can assemble the certificates of Certification Authorities (CA) which form the certificate chain of the server certificate. This starts with the issuing CA certificate of of the server certificate and can range up to the root CA certificate. Such a file is simply the concatenation of the various PEM-encoded CA Certificate files, usually in certificate chain order.
But be careful: Providing the certificate chain works only if you are using a single (either RSA or DSA) based server certificate. If you are using a coupled RSA+DSA certificate pair, this will work only if actually both certificates use the same certificate chain. Otherwsie the browsers will be confused in this situation.
- Parameters:
ctx
- Server or Client context to use.bio
- BIO of PEM-encoded Server CA Certificates.skipfirst
- Skip first certificate if chain file is inside certificate file.
-
setCertificate
@Deprecated public static boolean setCertificate(long ctx, String cert, String key, String password, int idx) throws Exception
Deprecated.UsesetCertificate(long, String, String, String)
Set Certificate
Point setCertificateFile at a PEM encoded certificate. If the certificate is encrypted, then you will be prompted for a pass phrase. Note that a kill -HUP will prompt again. A test certificate can be generated with `make certificate' under built time. Keep in mind that if you've both a RSA and a DSA certificate you can configure both in parallel (to also allow the use of DSA ciphers, etc.)
If the key is not combined with the certificate, use key param to point at the key file. Keep in mind that if you've both a RSA and a DSA private key you can configure both in parallel (to also allow the use of DSA ciphers, etc.)
- Parameters:
ctx
- Server or Client context to use.cert
- Certificate file.key
- Private Key file to use if not in cert.password
- Certificate password. If null and certificate is encrypted, password prompt will be displayed.idx
- deprecated and ignored.- Throws:
Exception
-
setCertificate
public static boolean setCertificate(long ctx, String cert, String key, String password) throws Exception
Set CertificatePoint setCertificateFile at a PEM encoded certificate. If the certificate is encrypted, then you will be prompted for a pass phrase. Note that a kill -HUP will prompt again. A test certificate can be generated with `make certificate' under built time. Keep in mind that if you've both a RSA and a DSA certificate you can configure both in parallel (to also allow the use of DSA ciphers, etc.)
If the key is not combined with the certificate, use key param to point at the key file. Keep in mind that if you've both a RSA and a DSA private key you can configure both in parallel (to also allow the use of DSA ciphers, etc.)
- Parameters:
ctx
- Server or Client context to use.cert
- Certificate file.key
- Private Key file to use if not in cert.password
- Certificate password. If null and certificate is encrypted, password prompt will be displayed.- Throws:
Exception
-
setCertificateBio
@Deprecated public static boolean setCertificateBio(long ctx, long certBio, long keyBio, String password, int idx) throws Exception
Deprecated.UsesetCertificateBio(long, long, long, String)
Set CertificatePoint setCertificate at a PEM encoded certificate stored in a BIO. If the certificate is encrypted, then you will be prompted for a pass phrase. Note that a kill -HUP will prompt again. A test certificate can be generated with `make certificate' under built time. Keep in mind that if you've both a RSA and a DSA certificate you can configure both in parallel (to also allow the use of DSA ciphers, etc.)
If the key is not combined with the certificate, use key param to point at the key file. Keep in mind that if you've both a RSA and a DSA private key you can configure both in parallel (to also allow the use of DSA ciphers, etc.)
- Parameters:
ctx
- Server or Client context to use.certBio
- Certificate BIO.keyBio
- Private Key BIO to use if not in cert.password
- Certificate password. If null and certificate is encrypted, password prompt will be displayed.idx
- deprecated and ignored.- Throws:
Exception
-
setCertificateBio
public static boolean setCertificateBio(long ctx, long certBio, long keyBio, String password) throws Exception
Set CertificatePoint setCertificate at a PEM encoded certificate stored in a BIO. If the certificate is encrypted, then you will be prompted for a pass phrase. Note that a kill -HUP will prompt again. A test certificate can be generated with `make certificate' under built time. Keep in mind that if you've both a RSA and a DSA certificate you can configure both in parallel (to also allow the use of DSA ciphers, etc.)
If the key is not combined with the certificate, use key param to point at the key file. Keep in mind that if you've both a RSA and a DSA private key you can configure both in parallel (to also allow the use of DSA ciphers, etc.)
- Parameters:
ctx
- Server or Client context to use.certBio
- Certificate BIO.keyBio
- Private Key BIO to use if not in cert.password
- Certificate password. If null and certificate is encrypted, password prompt will be displayed.- Throws:
Exception
-
setSessionCacheSize
public static long setSessionCacheSize(long ctx, long size)
Set the size of the internal session cache. http://www.openssl.org/docs/ssl/SSL_CTX_sess_set_cache_size.html
-
getSessionCacheSize
public static long getSessionCacheSize(long ctx)
Get the size of the internal session cache. http://www.openssl.org/docs/ssl/SSL_CTX_sess_get_cache_size.html
-
setSessionCacheTimeout
public static long setSessionCacheTimeout(long ctx, long timeoutSeconds)
Set the timeout for the internal session cache in seconds. http://www.openssl.org/docs/ssl/SSL_CTX_set_timeout.html
-
getSessionCacheTimeout
public static long getSessionCacheTimeout(long ctx)
Get the timeout for the internal session cache in seconds. http://www.openssl.org/docs/ssl/SSL_CTX_set_timeout.html
-
setSessionCacheMode
public static long setSessionCacheMode(long ctx, long mode)
Set the mode of the internal session cache and return the previous used mode.
-
getSessionCacheMode
public static long getSessionCacheMode(long ctx)
Get the mode of the current used internal session cache.
-
sessionAccept
public static long sessionAccept(long ctx)
Session resumption statistics methods. http://www.openssl.org/docs/ssl/SSL_CTX_sess_number.html
-
sessionAcceptGood
public static long sessionAcceptGood(long ctx)
-
sessionAcceptRenegotiate
public static long sessionAcceptRenegotiate(long ctx)
-
sessionCacheFull
public static long sessionCacheFull(long ctx)
-
sessionCbHits
public static long sessionCbHits(long ctx)
-
sessionConnect
public static long sessionConnect(long ctx)
-
sessionConnectGood
public static long sessionConnectGood(long ctx)
-
sessionConnectRenegotiate
public static long sessionConnectRenegotiate(long ctx)
-
sessionHits
public static long sessionHits(long ctx)
-
sessionMisses
public static long sessionMisses(long ctx)
-
sessionNumber
public static long sessionNumber(long ctx)
-
sessionTimeouts
public static long sessionTimeouts(long ctx)
-
sessionTicketKeyNew
public static long sessionTicketKeyNew(long ctx)
TLS session ticket key resumption statistics.
-
sessionTicketKeyResume
public static long sessionTicketKeyResume(long ctx)
-
sessionTicketKeyRenew
public static long sessionTicketKeyRenew(long ctx)
-
sessionTicketKeyFail
public static long sessionTicketKeyFail(long ctx)
-
setSessionTicketKeys
public static void setSessionTicketKeys(long ctx, SessionTicketKey[] keys)
Set TLS session ticket keys.The first key in the list is the primary key. Tickets dervied from the other keys in the list will be accepted but updated to a new ticket using the primary key. This is useful for implementing ticket key rotation.
- See Also:
- RFC 5077
-
setSessionTicketKeys
@Deprecated public static void setSessionTicketKeys(long ctx, byte[] keys)
Deprecated.Set TLS session keys.
-
setCACertificate
public static boolean setCACertificate(long ctx, String file, String path) throws Exception
Set File and Directory of concatenated PEM-encoded CA Certificates for Client Auth
This directive sets the all-in-one file where you can assemble the Certificates of Certification Authorities (CA) whose clients you deal with. These are used for Client Authentication. Such a file is simply the concatenation of the various PEM-encoded Certificate files, in order of preference. This can be used alternatively and/or additionally to path.
The files in this directory have to be PEM-encoded and are accessed through hash filenames. So usually you can't just place the Certificate files there: you also have to create symbolic links named hash-value.N. And you should always make sure this directory contains the appropriate symbolic links. Use the Makefile which comes with mod_ssl to accomplish this task.- Parameters:
ctx
- Server or Client context to use.file
- File of concatenated PEM-encoded CA Certificates for Client Auth.path
- Directory of PEM-encoded CA Certificates for Client Auth.- Throws:
Exception
-
setCACertificateBio
public static boolean setCACertificateBio(long ctx, long certBio)
Set concatenated PEM-encoded CA Certificates for Client Auth
This directive sets the all-in-one BIO where you can assemble the Certificates of Certification Authorities (CA) whose clients you deal with. These are used for Client Authentication. Such a BIO is simply the concatenation of the various PEM-encoded Certificate files, in order of preference. This can be used alternatively and/or additionally to path.- Parameters:
ctx
- Server context to use.certBio
- Directory of PEM-encoded CA Certificates for Client Auth.- Returns:
true
if successful,false
otherwise.
-
setRandom
public static void setRandom(long ctx, String file)
Set file for randomness- Parameters:
ctx
- Server or Client context to use.file
- random file.
-
setShutdownType
public static void setShutdownType(long ctx, int type)
Set SSL connection shutdown type
The following levels are available for level:SSL_SHUTDOWN_TYPE_STANDARD SSL_SHUTDOWN_TYPE_UNCLEAN SSL_SHUTDOWN_TYPE_ACCURATE
- Parameters:
ctx
- Server or Client context to use.type
- Shutdown type to use.
-
setVerify
public static void setVerify(long ctx, int level, int depth)
Set Type of Client Certificate verification and Maximum depth of CA Certificates in Client Certificate verification.
This directive sets the Certificate verification level for the Client Authentication. Notice that this directive can be used both in per-server and per-directory context. In per-server context it applies to the client authentication process used in the standard SSL handshake when a connection is established. In per-directory context it forces a SSL renegotiation with the reconfigured client verification level after the HTTP request was read but before the HTTP response is sent.
The following levels are available for level:SSL_CVERIFY_NONE - No client Certificate is required at all SSL_CVERIFY_OPTIONAL - The client may present a valid Certificate SSL_CVERIFY_REQUIRE - The client has to present a valid Certificate SSL_CVERIFY_OPTIONAL_NO_CA - The client may present a valid Certificate but it need not to be (successfully) verifiable
The depth actually is the maximum number of intermediate certificate issuers, i.e. the number of CA certificates which are max allowed to be followed while verifying the client certificate. A depth of 0 means that self-signed client certificates are accepted only, the default depth of 1 means the client certificate can be self-signed or has to be signed by a CA which is directly known to the server (i.e. the CA's certificate is undersetCACertificatePath
), etc.- Parameters:
ctx
- Server or Client context to use.level
- Type of Client Certificate verification.depth
- Maximum depth of CA Certificates in Client Certificate verification.
-
setCertVerifyCallback
public static void setCertVerifyCallback(long ctx, CertificateVerifier verifier)
Allow to hookCertificateVerifier
into the handshake processing. This will callSSL_CTX_set_cert_verify_callback
and so replace the default verification callback used by openssl- Parameters:
ctx
- Server or Client context to use.verifier
- the verifier to call during handshake.
-
setCertRequestedCallback
public static void setCertRequestedCallback(long ctx, CertificateRequestedCallback callback)
Allow to hookCertificateRequestedCallback
into the certificate choosing process. This will callSSL_CTX_set_client_cert_cb
and so replace the default verification callback used by openssl- Parameters:
ctx
- Server or Client context to use.callback
- the callback to call during certificate selection.
-
setNextProtos
@Deprecated public static void setNextProtos(long ctx, String nextProtos)
Deprecated.Set next protocol for next protocol negotiation extension- Parameters:
ctx
- Server context to use.nextProtos
- comma delimited list of protocols in priority order
-
setNpnProtos
public static void setNpnProtos(long ctx, String[] nextProtos, int selectorFailureBehavior)
Set next protocol for next protocol negotiation extension- Parameters:
ctx
- Server context to use.nextProtos
- protocols in priority orderselectorFailureBehavior
- seeSSL.SSL_SELECTOR_FAILURE_NO_ADVERTISE
andSSL.SSL_SELECTOR_FAILURE_CHOOSE_MY_LAST_PROTOCOL
-
setAlpnProtos
public static void setAlpnProtos(long ctx, String[] alpnProtos, int selectorFailureBehavior)
Set application layer protocol for application layer protocol negotiation extension- Parameters:
ctx
- Server context to use.alpnProtos
- protocols in priority orderselectorFailureBehavior
- seeSSL.SSL_SELECTOR_FAILURE_NO_ADVERTISE
andSSL.SSL_SELECTOR_FAILURE_CHOOSE_MY_LAST_PROTOCOL
-
setTmpDH
public static void setTmpDH(long ctx, String cert) throws Exception
Set DH parameters- Parameters:
ctx
- Server context to use.cert
- DH param file (can be generated from e.g.openssl dhparam -rand - 2048 > dhparam.pem
- see the OpenSSL documentation).- Throws:
Exception
-
setTmpDHLength
public static void setTmpDHLength(long ctx, int length)
Set length of the DH to use.- Parameters:
ctx
- Server context to use.length
- the length.
-
setTmpECDHByCurveName
public static void setTmpECDHByCurveName(long ctx, String curveName) throws Exception
Set ECDH elliptic curve by name- Parameters:
ctx
- Server context to use.curveName
- the name of the elliptic curve to use (available names can be obtained fromopenssl ecparam -list_curves
).- Throws:
Exception
-
setSessionIdContext
public static boolean setSessionIdContext(long ctx, byte[] sidCtx)
Set the context within which session be reused (server side only) http://www.openssl.org/docs/ssl/SSL_CTX_set_session_id_context.html- Parameters:
ctx
- Server context to use.sidCtx
- can be any kind of binary data, it is therefore possible to use e.g. the name of the application and/or the hostname and/or service name- Returns:
true
if success,false
otherwise.
-
setMode
public static int setMode(long ctx, int mode)
Call SSL_CTX_set_mode- Parameters:
ctx
- context to usemode
- the mode- Returns:
- the set mode.
-
getMode
public static int getMode(long ctx)
Call SSL_CTX_get_mode- Parameters:
ctx
- context to use- Returns:
- the mode.
-
-