Class SSL

java.lang.Object
org.apache.tomcat.jni.SSL
public final class SSL extends Object
JNI bindings for OpenSSL SSL functionality.

  • Field Details

    • UNSET

      public static final int UNSET
      Unset value.
      See Also:

    • SSL_ALGO_UNKNOWN

      public static final int SSL_ALGO_UNKNOWN
      Unknown algorithm type.
      See Also:

    • SSL_ALGO_RSA

      public static final int SSL_ALGO_RSA
      RSA algorithm type.
      See Also:

    • SSL_ALGO_DSA

      public static final int SSL_ALGO_DSA
      DSA algorithm type.
      See Also:

    • SSL_ALGO_ALL

      public static final int SSL_ALGO_ALL
      All algorithm types.
      See Also:

    • SSL_AIDX_RSA

      public static final int SSL_AIDX_RSA
      RSA algorithm index.
      See Also:

    • SSL_AIDX_DSA

      public static final int SSL_AIDX_DSA
      DSA algorithm index.
      See Also:

    • SSL_AIDX_ECC

      public static final int SSL_AIDX_ECC
      ECC algorithm index.
      See Also:

    • SSL_AIDX_MAX

      public static final int SSL_AIDX_MAX
      Maximum algorithm index.
      See Also:

    • SSL_TMP_KEY_RSA_512

      public static final int SSL_TMP_KEY_RSA_512
      512-bit temporary RSA key.
      See Also:

    • SSL_TMP_KEY_RSA_1024

      public static final int SSL_TMP_KEY_RSA_1024
      1024-bit temporary RSA key.
      See Also:

    • SSL_TMP_KEY_RSA_2048

      public static final int SSL_TMP_KEY_RSA_2048
      2048-bit temporary RSA key.
      See Also:

    • SSL_TMP_KEY_RSA_4096

      public static final int SSL_TMP_KEY_RSA_4096
      4096-bit temporary RSA key.
      See Also:

    • SSL_TMP_KEY_DH_512

      public static final int SSL_TMP_KEY_DH_512
      512-bit temporary DH key.
      See Also:

    • SSL_TMP_KEY_DH_1024

      public static final int SSL_TMP_KEY_DH_1024
      1024-bit temporary DH key.
      See Also:

    • SSL_TMP_KEY_DH_2048

      public static final int SSL_TMP_KEY_DH_2048
      2048-bit temporary DH key.
      See Also:

    • SSL_TMP_KEY_DH_4096

      public static final int SSL_TMP_KEY_DH_4096
      4096-bit temporary DH key.
      See Also:

    • SSL_TMP_KEY_MAX

      public static final int SSL_TMP_KEY_MAX
      Maximum temporary key ID.
      See Also:

    • SSL_OPT_NONE

      public static final int SSL_OPT_NONE
      No SSL options.
      See Also:

    • SSL_OPT_RELSET

      public static final int SSL_OPT_RELSET
      SSL option for relative settings.
      See Also:

    • SSL_OPT_STDENVVARS

      public static final int SSL_OPT_STDENVVARS
      SSL option for standard environment variables.
      See Also:

    • SSL_OPT_EXPORTCERTDATA

      public static final int SSL_OPT_EXPORTCERTDATA
      SSL option for exporting certificate data.
      See Also:

    • SSL_OPT_FAKEBASICAUTH

      public static final int SSL_OPT_FAKEBASICAUTH
      SSL option for fake basic authentication.
      See Also:

    • SSL_OPT_STRICTREQUIRE

      public static final int SSL_OPT_STRICTREQUIRE
      SSL option for strict require.
      See Also:

    • SSL_OPT_OPTRENEGOTIATE

      public static final int SSL_OPT_OPTRENEGOTIATE
      SSL option for optional renegotiation.
      See Also:

    • SSL_OPT_ALL

      public static final int SSL_OPT_ALL
      All SSL options combined.
      See Also:

    • SSL_PROTOCOL_NONE

      public static final int SSL_PROTOCOL_NONE
      No protocol options.
      See Also:

    • SSL_PROTOCOL_SSLV2

      public static final int SSL_PROTOCOL_SSLV2
      SSLv2 protocol.
      See Also:

    • SSL_PROTOCOL_SSLV3

      public static final int SSL_PROTOCOL_SSLV3
      SSLv3 protocol.
      See Also:

    • SSL_PROTOCOL_TLSV1

      public static final int SSL_PROTOCOL_TLSV1
      TLSv1.0 protocol.
      See Also:

    • SSL_PROTOCOL_TLSV1_1

      public static final int SSL_PROTOCOL_TLSV1_1
      TLSv1.1 protocol.
      See Also:

    • SSL_PROTOCOL_TLSV1_2

      public static final int SSL_PROTOCOL_TLSV1_2
      TLSv1.2 protocol.
      See Also:

    • SSL_PROTOCOL_TLSV1_3

      public static final int SSL_PROTOCOL_TLSV1_3
      TLSv1.3 protocol.
      See Also:

    • SSL_PROTOCOL_ALL

      public static final int SSL_PROTOCOL_ALL
      All TLS protocol versions combined.
      See Also:

    • SSL_CVERIFY_UNSET

      public static final int SSL_CVERIFY_UNSET
      Client verification unset.
      See Also:

    • SSL_CVERIFY_NONE

      public static final int SSL_CVERIFY_NONE
      No client certificate verification.
      See Also:

    • SSL_CVERIFY_OPTIONAL

      public static final int SSL_CVERIFY_OPTIONAL
      Optional client certificate verification.
      See Also:

    • SSL_CVERIFY_REQUIRE

      public static final int SSL_CVERIFY_REQUIRE
      Required client certificate verification.
      See Also:

    • SSL_CVERIFY_OPTIONAL_NO_CA

      public static final int SSL_CVERIFY_OPTIONAL_NO_CA
      Optional client certificate verification without CA requirement.
      See Also:

    • SSL_VERIFY_NONE

      public static final int SSL_VERIFY_NONE
      No peer verification.
      See Also:

    • SSL_VERIFY_PEER

      public static final int SSL_VERIFY_PEER
      Verify peer certificate.
      See Also:

    • SSL_VERIFY_FAIL_IF_NO_PEER_CERT

      public static final int SSL_VERIFY_FAIL_IF_NO_PEER_CERT
      Fail if no peer certificate is presented.
      See Also:

    • SSL_VERIFY_CLIENT_ONCE

      public static final int SSL_VERIFY_CLIENT_ONCE
      Only verify client certificate once per session.
      See Also:

    • SSL_VERIFY_PEER_STRICT

      public static final int SSL_VERIFY_PEER_STRICT
      Strict peer verification including certificate requirement.
      See Also:

    • SSL_OP_MICROSOFT_SESS_ID_BUG

      public static final int SSL_OP_MICROSOFT_SESS_ID_BUG
      Workaround for Microsoft session ID bug.
      See Also:

    • SSL_OP_NETSCAPE_CHALLENGE_BUG

      public static final int SSL_OP_NETSCAPE_CHALLENGE_BUG
      Workaround for Netscape challenge bug.
      See Also:

    • SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG

      public static final int SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG
      Workaround for Netscape cipher change bug.
      See Also:

    • SSL_OP_SSLREF2_REUSE_CERT_TYPE_BUG

      public static final int SSL_OP_SSLREF2_REUSE_CERT_TYPE_BUG
      Workaround for SSLREF2 certificate type reuse bug.
      See Also:

    • SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER

      public static final int SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER
      Workaround for Microsoft SSLv3 buffer bug.
      See Also:

    • SSL_OP_MSIE_SSLV2_RSA_PADDING

      public static final int SSL_OP_MSIE_SSLV2_RSA_PADDING
      Workaround for MSIE SSLv2 RSA padding bug.
      See Also:

    • SSL_OP_SSLEAY_080_CLIENT_DH_BUG

      public static final int SSL_OP_SSLEAY_080_CLIENT_DH_BUG
      Workaround for SSLeay 0.8.0 client DH bug.
      See Also:

    • SSL_OP_TLS_D5_BUG

      public static final int SSL_OP_TLS_D5_BUG
      Workaround for TLS D5 bug.
      See Also:

    • SSL_OP_TLS_BLOCK_PADDING_BUG

      public static final int SSL_OP_TLS_BLOCK_PADDING_BUG
      Workaround for TLS block padding bug.
      See Also:

    • SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS

      public static final int SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS
      Disable empty fragment insertion for CBC vulnerability workaround.
      See Also:

    • SSL_OP_ALL

      public static final int SSL_OP_ALL
      All bug workaround options combined.
      See Also:

    • SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION

      public static final int SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION
      Disallow session resumption on renegotiation.
      See Also:

    • SSL_OP_NO_COMPRESSION

      public static final int SSL_OP_NO_COMPRESSION
      Disable compression.
      See Also:

    • SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION

      public static final int SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION
      Allow unsafe legacy renegotiation.
      See Also:

    • SSL_OP_SINGLE_ECDH_USE

      public static final int SSL_OP_SINGLE_ECDH_USE
      Always create a new key when using ECDH parameters.
      See Also:

    • SSL_OP_SINGLE_DH_USE

      public static final int SSL_OP_SINGLE_DH_USE
      Always create a new key when using DH parameters.
      See Also:

    • SSL_OP_EPHEMERAL_RSA

      public static final int SSL_OP_EPHEMERAL_RSA
      Always use ephemeral RSA key for RSA operations.
      See Also:

    • SSL_OP_CIPHER_SERVER_PREFERENCE

      public static final int SSL_OP_CIPHER_SERVER_PREFERENCE
      Server prefers its own cipher order.
      See Also:

    • SSL_OP_TLS_ROLLBACK_BUG

      public static final int SSL_OP_TLS_ROLLBACK_BUG
      Allow TLS rollback bug workaround.
      See Also:

    • SSL_OP_NO_SSLv2

      public static final int SSL_OP_NO_SSLv2
      Disable SSLv2 protocol.
      See Also:

    • SSL_OP_NO_SSLv3

      public static final int SSL_OP_NO_SSLv3
      Disable SSLv3 protocol.
      See Also:

    • SSL_OP_NO_TLSv1

      public static final int SSL_OP_NO_TLSv1
      Disable TLSv1.0 protocol.
      See Also:

    • SSL_OP_NO_TLSv1_2

      public static final int SSL_OP_NO_TLSv1_2
      Disable TLSv1.2 protocol.
      See Also:

    • SSL_OP_NO_TLSv1_1

      public static final int SSL_OP_NO_TLSv1_1
      Disable TLSv1.1 protocol.
      See Also:

    • SSL_OP_NO_TICKET

      public static final int SSL_OP_NO_TICKET
      Disable TLS session tickets.
      See Also:

    • SSL_OP_NETSCAPE_CA_DN_BUG

      public static final int SSL_OP_NETSCAPE_CA_DN_BUG
      Workaround for Netscape CA DN bug.
      See Also:

    • SSL_OP_NETSCAPE_DEMO_CIPHER_CHANGE_BUG

      public static final int SSL_OP_NETSCAPE_DEMO_CIPHER_CHANGE_BUG
      Workaround for Netscape demo cipher change bug.
      See Also:

    • SSL_CRT_FORMAT_UNDEF

      public static final int SSL_CRT_FORMAT_UNDEF
      Undefined certificate format.
      See Also:

    • SSL_CRT_FORMAT_ASN1

      public static final int SSL_CRT_FORMAT_ASN1
      ASN.1 certificate format.
      See Also:

    • SSL_CRT_FORMAT_TEXT

      public static final int SSL_CRT_FORMAT_TEXT
      Text certificate format.
      See Also:

    • SSL_CRT_FORMAT_PEM

      public static final int SSL_CRT_FORMAT_PEM
      PEM certificate format.
      See Also:

    • SSL_CRT_FORMAT_NETSCAPE

      public static final int SSL_CRT_FORMAT_NETSCAPE
      Netscape certificate format.
      See Also:

    • SSL_CRT_FORMAT_PKCS12

      public static final int SSL_CRT_FORMAT_PKCS12
      PKCS12 certificate format.
      See Also:

    • SSL_CRT_FORMAT_SMIME

      public static final int SSL_CRT_FORMAT_SMIME
      S/MIME certificate format.
      See Also:

    • SSL_CRT_FORMAT_ENGINE

      public static final int SSL_CRT_FORMAT_ENGINE
      Engine certificate format.
      See Also:

    • SSL_MODE_CLIENT

      public static final int SSL_MODE_CLIENT
      Client SSL mode.
      See Also:

    • SSL_MODE_SERVER

      public static final int SSL_MODE_SERVER
      Server SSL mode.
      See Also:

    • SSL_MODE_COMBINED

      public static final int SSL_MODE_COMBINED
      Combined client and server SSL mode.
      See Also:

    • SSL_CONF_FLAG_CMDLINE

      public static final int SSL_CONF_FLAG_CMDLINE
      Configuration flag for command line.
      See Also:

    • SSL_CONF_FLAG_FILE

      public static final int SSL_CONF_FLAG_FILE
      Configuration flag for file.
      See Also:

    • SSL_CONF_FLAG_CLIENT

      public static final int SSL_CONF_FLAG_CLIENT
      Configuration flag for client.
      See Also:

    • SSL_CONF_FLAG_SERVER

      public static final int SSL_CONF_FLAG_SERVER
      Configuration flag for server.
      See Also:

    • SSL_CONF_FLAG_SHOW_ERRORS

      public static final int SSL_CONF_FLAG_SHOW_ERRORS
      Configuration flag to show errors.
      See Also:

    • SSL_CONF_FLAG_CERTIFICATE

      public static final int SSL_CONF_FLAG_CERTIFICATE
      Configuration flag for certificate context.
      See Also:

    • SSL_CONF_TYPE_UNKNOWN

      public static final int SSL_CONF_TYPE_UNKNOWN
      Unknown configuration type.
      See Also:

    • SSL_CONF_TYPE_STRING

      public static final int SSL_CONF_TYPE_STRING
      String configuration type.
      See Also:

    • SSL_CONF_TYPE_FILE

      public static final int SSL_CONF_TYPE_FILE
      File configuration type.
      See Also:

    • SSL_CONF_TYPE_DIR

      public static final int SSL_CONF_TYPE_DIR
      Directory configuration type.
      See Also:

    • SSL_SHUTDOWN_TYPE_UNSET

      public static final int SSL_SHUTDOWN_TYPE_UNSET
      Shutdown type unset.
      See Also:

    • SSL_SHUTDOWN_TYPE_STANDARD

      public static final int SSL_SHUTDOWN_TYPE_STANDARD
      Standard shutdown type.
      See Also:

    • SSL_SHUTDOWN_TYPE_UNCLEAN

      public static final int SSL_SHUTDOWN_TYPE_UNCLEAN
      Unclean shutdown type.
      See Also:

    • SSL_SHUTDOWN_TYPE_ACCURATE

      public static final int SSL_SHUTDOWN_TYPE_ACCURATE
      Accurate shutdown type.
      See Also:

    • SSL_INFO_SESSION_ID

      public static final int SSL_INFO_SESSION_ID
      Info flag for session ID.
      See Also:

    • SSL_INFO_CIPHER

      public static final int SSL_INFO_CIPHER
      Info flag for cipher name.
      See Also:

    • SSL_INFO_CIPHER_USEKEYSIZE

      public static final int SSL_INFO_CIPHER_USEKEYSIZE
      Info flag for cipher effective key size.
      See Also:

    • SSL_INFO_CIPHER_ALGKEYSIZE

      public static final int SSL_INFO_CIPHER_ALGKEYSIZE
      Info flag for cipher algorithm key size.
      See Also:

    • SSL_INFO_CIPHER_VERSION

      public static final int SSL_INFO_CIPHER_VERSION
      Info flag for cipher version.
      See Also:

    • SSL_INFO_CIPHER_DESCRIPTION

      public static final int SSL_INFO_CIPHER_DESCRIPTION
      Info flag for cipher description.
      See Also:

    • SSL_INFO_PROTOCOL

      public static final int SSL_INFO_PROTOCOL
      Info flag for protocol version.
      See Also:

    • SSL_INFO_CLIENT_S_DN

      public static final int SSL_INFO_CLIENT_S_DN
      Info flag for client subject distinguished name.
      See Also:

    • SSL_INFO_CLIENT_I_DN

      public static final int SSL_INFO_CLIENT_I_DN
      Info flag for client issuer distinguished name.
      See Also:

    • SSL_INFO_SERVER_S_DN

      public static final int SSL_INFO_SERVER_S_DN
      Info flag for server subject distinguished name.
      See Also:

    • SSL_INFO_SERVER_I_DN

      public static final int SSL_INFO_SERVER_I_DN
      Info flag for server issuer distinguished name.
      See Also:

    • SSL_INFO_DN_COUNTRYNAME

      public static final int SSL_INFO_DN_COUNTRYNAME
      DN field for country name.
      See Also:

    • SSL_INFO_DN_STATEORPROVINCENAME

      public static final int SSL_INFO_DN_STATEORPROVINCENAME
      DN field for state or province name.
      See Also:

    • SSL_INFO_DN_LOCALITYNAME

      public static final int SSL_INFO_DN_LOCALITYNAME
      DN field for locality name.
      See Also:

    • SSL_INFO_DN_ORGANIZATIONNAME

      public static final int SSL_INFO_DN_ORGANIZATIONNAME
      DN field for organization name.
      See Also:

    • SSL_INFO_DN_ORGANIZATIONALUNITNAME

      public static final int SSL_INFO_DN_ORGANIZATIONALUNITNAME
      DN field for organizational unit name.
      See Also:

    • SSL_INFO_DN_COMMONNAME

      public static final int SSL_INFO_DN_COMMONNAME
      DN field for common name.
      See Also:

    • SSL_INFO_DN_TITLE

      public static final int SSL_INFO_DN_TITLE
      DN field for title.
      See Also:

    • SSL_INFO_DN_INITIALS

      public static final int SSL_INFO_DN_INITIALS
      DN field for initials.
      See Also:

    • SSL_INFO_DN_GIVENNAME

      public static final int SSL_INFO_DN_GIVENNAME
      DN field for given name.
      See Also:

    • SSL_INFO_DN_SURNAME

      public static final int SSL_INFO_DN_SURNAME
      DN field for surname.
      See Also:

    • SSL_INFO_DN_DESCRIPTION

      public static final int SSL_INFO_DN_DESCRIPTION
      DN field for description.
      See Also:

    • SSL_INFO_DN_UNIQUEIDENTIFIER

      public static final int SSL_INFO_DN_UNIQUEIDENTIFIER
      DN field for unique identifier.
      See Also:

    • SSL_INFO_DN_EMAILADDRESS

      public static final int SSL_INFO_DN_EMAILADDRESS
      DN field for email address.
      See Also:

    • SSL_INFO_CLIENT_M_VERSION

      public static final int SSL_INFO_CLIENT_M_VERSION
      Info flag for client certificate version.
      See Also:

    • SSL_INFO_CLIENT_M_SERIAL

      public static final int SSL_INFO_CLIENT_M_SERIAL
      Info flag for client certificate serial number.
      See Also:

    • SSL_INFO_CLIENT_V_START

      public static final int SSL_INFO_CLIENT_V_START
      Info flag for client certificate validity start.
      See Also:

    • SSL_INFO_CLIENT_V_END

      public static final int SSL_INFO_CLIENT_V_END
      Info flag for client certificate validity end.
      See Also:

    • SSL_INFO_CLIENT_A_SIG

      public static final int SSL_INFO_CLIENT_A_SIG
      Info flag for client certificate signature algorithm.
      See Also:

    • SSL_INFO_CLIENT_A_KEY

      public static final int SSL_INFO_CLIENT_A_KEY
      Info flag for client certificate public key algorithm.
      See Also:

    • SSL_INFO_CLIENT_CERT

      public static final int SSL_INFO_CLIENT_CERT
      Info flag for client certificate data.
      See Also:

    • SSL_INFO_CLIENT_V_REMAIN

      public static final int SSL_INFO_CLIENT_V_REMAIN
      Info flag for client certificate validity remaining.
      See Also:

    • SSL_INFO_SERVER_M_VERSION

      public static final int SSL_INFO_SERVER_M_VERSION
      Info flag for server certificate version.
      See Also:

    • SSL_INFO_SERVER_M_SERIAL

      public static final int SSL_INFO_SERVER_M_SERIAL
      Info flag for server certificate serial number.
      See Also:

    • SSL_INFO_SERVER_V_START

      public static final int SSL_INFO_SERVER_V_START
      Info flag for server certificate validity start.
      See Also:

    • SSL_INFO_SERVER_V_END

      public static final int SSL_INFO_SERVER_V_END
      Info flag for server certificate validity end.
      See Also:

    • SSL_INFO_SERVER_A_SIG

      public static final int SSL_INFO_SERVER_A_SIG
      Info flag for server certificate signature algorithm.
      See Also:

    • SSL_INFO_SERVER_A_KEY

      public static final int SSL_INFO_SERVER_A_KEY
      Info flag for server certificate public key algorithm.
      See Also:

    • SSL_INFO_SERVER_CERT

      public static final int SSL_INFO_SERVER_CERT
      Info flag for server certificate data.
      See Also:

    • SSL_INFO_CLIENT_CERT_CHAIN

      public static final int SSL_INFO_CLIENT_CERT_CHAIN
      Info flag for client certificate chain.
      See Also:

    • SSL_SESS_CACHE_OFF

      public static final long SSL_SESS_CACHE_OFF
      Session cache disabled.
      See Also:

    • SSL_SESS_CACHE_SERVER

      public static final long SSL_SESS_CACHE_SERVER
      Session cache enabled for server.
      See Also:

    • SSL_SELECTOR_FAILURE_NO_ADVERTISE

      public static final int SSL_SELECTOR_FAILURE_NO_ADVERTISE
      Do not advertise protocol on selector failure.
      See Also:

    • SSL_SELECTOR_FAILURE_CHOOSE_MY_LAST_PROTOCOL

      public static final int SSL_SELECTOR_FAILURE_CHOOSE_MY_LAST_PROTOCOL
      Choose last protocol on selector failure.
      See Also:

    • SSL_SENT_SHUTDOWN

      public static final int SSL_SENT_SHUTDOWN
      Shutdown has been sent.
      See Also:

    • SSL_RECEIVED_SHUTDOWN

      public static final int SSL_RECEIVED_SHUTDOWN
      Shutdown has been received.
      See Also:

    • SSL_ERROR_NONE

      public static final int SSL_ERROR_NONE
      No SSL error.
      See Also:

    • SSL_ERROR_SSL

      public static final int SSL_ERROR_SSL
      SSL library error.
      See Also:

    • SSL_ERROR_WANT_READ

      public static final int SSL_ERROR_WANT_READ
      SSL operation would block reading.
      See Also:

    • SSL_ERROR_WANT_WRITE

      public static final int SSL_ERROR_WANT_WRITE
      SSL operation would block writing.
      See Also:

    • SSL_ERROR_WANT_X509_LOOKUP

      public static final int SSL_ERROR_WANT_X509_LOOKUP
      SSL operation wants X.509 lookup.
      See Also:

    • SSL_ERROR_SYSCALL

      public static final int SSL_ERROR_SYSCALL
      SSL syscall error.
      See Also:

    • SSL_ERROR_ZERO_RETURN

      public static final int SSL_ERROR_ZERO_RETURN
      SSL connection closed cleanly (zero return).
      See Also:

    • SSL_ERROR_WANT_CONNECT

      public static final int SSL_ERROR_WANT_CONNECT
      SSL operation wants connect.
      See Also:

    • SSL_ERROR_WANT_ACCEPT

      public static final int SSL_ERROR_WANT_ACCEPT
      SSL operation wants accept.
      See Also:

  • Method Details

    • version

      public static int version()
      Return OpenSSL version number (run time version).
      Returns:
      OpenSSL version number

    • versionString

      public static String versionString()
      Return OpenSSL version string (run time version).
      Returns:
      OpenSSL version string

    • initialize

      public static int initialize(String engine)
      Initialize OpenSSL support. This function needs to be called once for the lifetime of JVM. Library.init() has to be called before.
      Parameters:
      engine - Support for external a Crypto Device ("engine"), usually a hardware accelerator card for crypto operations.
      Returns:
      APR status code

    • fipsModeGet

      public static int fipsModeGet() throws Exception
      Get the status of FIPS Mode.
      Returns:
      FIPS_mode return code. It is 0 if OpenSSL is not in FIPS mode, 1 if OpenSSL is in FIPS Mode.
      Throws:
      Exception - If tcnative was not compiled with FIPS Mode available.
      See Also:

    • fipsModeSet

      public static int fipsModeSet(int mode) throws Exception
      Enable/Disable FIPS Mode.
      Parameters:
      mode - 1 - enable, 0 - disable
      Returns:
      FIPS_mode_set return code
      Throws:
      Exception - If tcnative was not compiled with FIPS Mode available, or if FIPS_mode_set() call returned an error value.
      See Also:

    • randSet

      public static void randSet(String filename)
      Sets global random filename.
      Parameters:
      filename - Filename to use. If set it will be used for SSL initialization and all contexts where explicitly not set.

    • getHandshakeCount

      public static int getHandshakeCount(long ssl)
      Return the handshake completed count.
      Parameters:
      ssl - SSL pointer
      Returns:
      the count

    • newSSL

      public static long newSSL(long ctx, boolean server)
      SSL_new
      Parameters:
      ctx - Server or Client context to use.
      server - if true configure SSL instance to use accept handshake routines if false configure SSL instance to use connect handshake routines
      Returns:
      pointer to SSL instance (SSL *)

    • pendingWrittenBytesInBIO

      public static int pendingWrittenBytesInBIO(long bio)
      BIO_ctrl_pending.
      Parameters:
      bio - BIO pointer (BIO *)
      Returns:
      the pending bytes count

    • pendingReadableBytesInSSL

      public static int pendingReadableBytesInSSL(long ssl)
      SSL_pending.
      Parameters:
      ssl - SSL pointer (SSL *)
      Returns:
      the pending bytes count

    • writeToBIO

      public static int writeToBIO(long bio, long wbuf, int wlen)
      BIO_write.
      Parameters:
      bio - BIO pointer
      wbuf - Buffer pointer
      wlen - Write length
      Returns:
      the bytes count written

    • readFromBIO

      public static int readFromBIO(long bio, long rbuf, int rlen)
      BIO_read.
      Parameters:
      bio - BIO pointer
      rbuf - Buffer pointer
      rlen - Read length
      Returns:
      the bytes count read

    • writeToSSL

      public static int writeToSSL(long ssl, long wbuf, int wlen)
      SSL_write.
      Parameters:
      ssl - the SSL instance (SSL *)
      wbuf - Buffer pointer
      wlen - Write length
      Returns:
      the bytes count written

    • readFromSSL

      public static int readFromSSL(long ssl, long rbuf, int rlen)
      SSL_read
      Parameters:
      ssl - the SSL instance (SSL *)
      rbuf - Buffer pointer
      rlen - Read length
      Returns:
      the bytes count read

    • getShutdown

      public static int getShutdown(long ssl)
      SSL_get_shutdown
      Parameters:
      ssl - the SSL instance (SSL *)
      Returns:
      the operation status

    • freeSSL

      public static void freeSSL(long ssl)
      SSL_free
      Parameters:
      ssl - the SSL instance (SSL *)

    • makeNetworkBIO

      public static long makeNetworkBIO(long ssl)
      Wire up internal and network BIOs for the given SSL instance.

      Warning: you must explicitly free this resource by calling freeBIO

      While the SSL's internal/application data BIO will be freed when freeSSL is called on the provided SSL instance, you must call freeBIO on the returned network BIO.

      Parameters:
      ssl - the SSL instance (SSL *)
      Returns:
      pointer to the Network BIO (BIO *)

    • freeBIO

      public static void freeBIO(long bio)
      BIO_free
      Parameters:
      bio - BIO pointer

    • shutdownSSL

      public static int shutdownSSL(long ssl)
      SSL_shutdown
      Parameters:
      ssl - the SSL instance (SSL *)
      Returns:
      the operation status

    • getLastErrorNumber

      public static int getLastErrorNumber()
      Get the error number representing the last error OpenSSL encountered on this thread.
      Returns:
      the last error number

    • getCipherForSSL

      public static String getCipherForSSL(long ssl)
      SSL_get_cipher.
      Parameters:
      ssl - the SSL instance (SSL *)
      Returns:
      the cipher name

    • getVersion

      public static String getVersion(long ssl)
      SSL_get_version
      Parameters:
      ssl - the SSL instance (SSL *)
      Returns:
      the SSL version in use

    • doHandshake

      public static int doHandshake(long ssl)
      SSL_do_handshake
      Parameters:
      ssl - the SSL instance (SSL *)
      Returns:
      the handshake status

    • renegotiate

      public static int renegotiate(long ssl)
      SSL_renegotiate
      Parameters:
      ssl - the SSL instance (SSL *)
      Returns:
      the operation status

    • renegotiatePending

      public static int renegotiatePending(long ssl)
      SSL_renegotiate_pending
      Parameters:
      ssl - the SSL instance (SSL *)
      Returns:
      the operation status

    • verifyClientPostHandshake

      public static int verifyClientPostHandshake(long ssl)
      SSL_verify_client_post_handshake
      Parameters:
      ssl - the SSL instance (SSL *)
      Returns:
      the operation status

    • getPostHandshakeAuthInProgress

      public static int getPostHandshakeAuthInProgress(long ssl)
      Is post handshake authentication in progress on this connection?
      Parameters:
      ssl - the SSL instance (SSL *)
      Returns:
      the operation status

    • markPostHandshakeAuthComplete

      public static void markPostHandshakeAuthComplete(long ssl)
      Marks post handshake authentication complete for the connection. Used when JSSE is performing certificate verification for OpenSSL.
      Parameters:
      ssl - the SSL instance (SSL *)

    • isInInit

      public static int isInInit(long ssl)
      SSL_in_init.
      Parameters:
      ssl - the SSL instance (SSL *)
      Returns:
      the status

    • getAlpnSelected

      public static String getAlpnSelected(long ssl)
      SSL_get0_alpn_selected
      Parameters:
      ssl - the SSL instance (SSL *)
      Returns:
      the ALPN protocol negotiated

    • getPeerCertChain

      public static byte[][] getPeerCertChain(long ssl)
      Get the peer certificate chain or null if none was sent.
      Parameters:
      ssl - the SSL instance (SSL *)
      Returns:
      the certificate chain bytes

    • getPeerCertificate

      public static byte[] getPeerCertificate(long ssl)
      Get the peer certificate or null if none was sent.
      Parameters:
      ssl - the SSL instance (SSL *)
      Returns:
      the certificate bytes

    • getErrorString

      public static String getErrorString(long errorNumber)
      Get the error number representing for the given errorNumber.
      Parameters:
      errorNumber - The error code
      Returns:
      an error message

    • getTime

      public static long getTime(long ssl)
      SSL_get_time
      Parameters:
      ssl - the SSL instance (SSL *)
      Returns:
      returns the time at which the session ssl was established. The time is given in seconds since the Epoch

    • setVerify

      public static void setVerify(long ssl, int level, int depth)
      Set Type of Client Certificate verification and Maximum depth of CA Certificates in Client Certificate verification.
      This directive sets the Certificate verification level for the Client Authentication. Notice that this directive can be used both in per-server and per-directory context. In per-server context it applies to the client authentication process used in the standard SSL handshake when a connection is established. In per-directory context it forces an SSL renegotiation with the reconfigured client verification level after the HTTP request was read but before the HTTP response is sent.
      The following levels are available for level: 
      SSL_CVERIFY_NONE           - No client Certificate is required at all
SSL_CVERIFY_OPTIONAL       - The client may present a valid Certificate
SSL_CVERIFY_REQUIRE        - The client has to present a valid Certificate
SSL_CVERIFY_OPTIONAL_NO_CA - The client may present a valid Certificate
                             but it need not to be (successfully) verifiable

      The depth actually is the maximum number of intermediate certificate issuers, i.e. the number of CA certificates which are max allowed to be followed while verifying the client certificate. A depth of 0 means that self-signed client certificates are accepted only, the default depth of 1 means the client certificate can be self-signed or has to be signed by a CA which is directly known to the server (i.e. the CA's certificate is under setCACertificatePath, etc).
      Parameters:
      ssl - the SSL instance (SSL *)
      level - Type of Client Certificate verification.
      depth - Maximum depth of CA Certificates in Client Certificate verification.

    • setOptions

      public static void setOptions(long ssl, int options)
      Set OpenSSL Option.
      Parameters:
      ssl - the SSL instance (SSL *)
      options - See SSL.SSL_OP_* for option flags.

    • getOptions

      public static int getOptions(long ssl)
      Get OpenSSL Option.
      Parameters:
      ssl - the SSL instance (SSL *)
      Returns:
      options See SSL.SSL_OP_* for option flags.

    • getCiphers

      public static String[] getCiphers(long ssl)
      Returns all cipher suites that are enabled for negotiation in an SSL handshake.
      Parameters:
      ssl - the SSL instance (SSL *)
      Returns:
      ciphers

    • setCipherSuites

      public static boolean setCipherSuites(long ssl, String cipherList) throws Exception
      Set the TLSv1.2 and below ciphers available for negotiation the in TLS handshake.

      This complex directive uses a colon-separated cipher-spec string consisting of OpenSSL cipher specifications to configure the ciphers the client is permitted to negotiate in the TLS handshake phase.

      Parameters:
      ssl - The SSL instance (SSL *)
      cipherList - An OpenSSL cipher specification.
      Returns:
      true if the operation was successful
      Throws:
      Exception - An error occurred

    • setCipherSuitesEx

      public static boolean setCipherSuitesEx(long ssl, String cipherSuites) throws Exception
      Set the TLSv1.3 cipher suites available for negotiation the in TLS handshake.

      This uses a colon-separated list of TLSv1.3 cipher suite names in preference order.

      Parameters:
      ssl - The SSL instance (SSL *)
      cipherSuites - An OpenSSL cipher suite list.
      Returns:
      true if the operation was successful
      Throws:
      Exception - An error occurred

    • getSessionId

      public static byte[] getSessionId(long ssl)
      Returns the ID of the session as byte array representation.
      Parameters:
      ssl - the SSL instance (SSL *)
      Returns:
      the session as byte array representation obtained via SSL_SESSION_get_id.