Class SSL


  • public final class SSL
    extends java.lang.Object
    JNI bindings for OpenSSL SSL functionality.
    • Field Detail

      • SSL_ALGO_UNKNOWN

        public static final int SSL_ALGO_UNKNOWN
        Unknown algorithm type.
        See Also:
        Constant Field Values
      • SSL_ALGO_ALL

        public static final int SSL_ALGO_ALL
        All algorithm types.
        See Also:
        Constant Field Values
      • SSL_AIDX_RSA

        public static final int SSL_AIDX_RSA
        RSA algorithm index.
        See Also:
        Constant Field Values
      • SSL_AIDX_DSA

        public static final int SSL_AIDX_DSA
        DSA algorithm index.
        See Also:
        Constant Field Values
      • SSL_AIDX_ECC

        public static final int SSL_AIDX_ECC
        ECC algorithm index.
        See Also:
        Constant Field Values
      • SSL_AIDX_MAX

        public static final int SSL_AIDX_MAX
        Maximum algorithm index.
        See Also:
        Constant Field Values
      • SSL_TMP_KEY_RSA_512

        public static final int SSL_TMP_KEY_RSA_512
        512-bit temporary RSA key.
        See Also:
        Constant Field Values
      • SSL_TMP_KEY_RSA_1024

        public static final int SSL_TMP_KEY_RSA_1024
        1024-bit temporary RSA key.
        See Also:
        Constant Field Values
      • SSL_TMP_KEY_RSA_2048

        public static final int SSL_TMP_KEY_RSA_2048
        2048-bit temporary RSA key.
        See Also:
        Constant Field Values
      • SSL_TMP_KEY_RSA_4096

        public static final int SSL_TMP_KEY_RSA_4096
        4096-bit temporary RSA key.
        See Also:
        Constant Field Values
      • SSL_TMP_KEY_DH_512

        public static final int SSL_TMP_KEY_DH_512
        512-bit temporary DH key.
        See Also:
        Constant Field Values
      • SSL_TMP_KEY_DH_1024

        public static final int SSL_TMP_KEY_DH_1024
        1024-bit temporary DH key.
        See Also:
        Constant Field Values
      • SSL_TMP_KEY_DH_2048

        public static final int SSL_TMP_KEY_DH_2048
        2048-bit temporary DH key.
        See Also:
        Constant Field Values
      • SSL_TMP_KEY_DH_4096

        public static final int SSL_TMP_KEY_DH_4096
        4096-bit temporary DH key.
        See Also:
        Constant Field Values
      • SSL_TMP_KEY_MAX

        public static final int SSL_TMP_KEY_MAX
        Maximum temporary key ID.
        See Also:
        Constant Field Values
      • SSL_OPT_RELSET

        public static final int SSL_OPT_RELSET
        SSL option for relative settings.
        See Also:
        Constant Field Values
      • SSL_OPT_STDENVVARS

        public static final int SSL_OPT_STDENVVARS
        SSL option for standard environment variables.
        See Also:
        Constant Field Values
      • SSL_OPT_EXPORTCERTDATA

        public static final int SSL_OPT_EXPORTCERTDATA
        SSL option for exporting certificate data.
        See Also:
        Constant Field Values
      • SSL_OPT_FAKEBASICAUTH

        public static final int SSL_OPT_FAKEBASICAUTH
        SSL option for fake basic authentication.
        See Also:
        Constant Field Values
      • SSL_OPT_STRICTREQUIRE

        public static final int SSL_OPT_STRICTREQUIRE
        SSL option for strict require.
        See Also:
        Constant Field Values
      • SSL_OPT_OPTRENEGOTIATE

        public static final int SSL_OPT_OPTRENEGOTIATE
        SSL option for optional renegotiation.
        See Also:
        Constant Field Values
      • SSL_OPT_ALL

        public static final int SSL_OPT_ALL
        All SSL options combined.
        See Also:
        Constant Field Values
      • SSL_PROTOCOL_NONE

        public static final int SSL_PROTOCOL_NONE
        No protocol options.
        See Also:
        Constant Field Values
      • SSL_PROTOCOL_SSLV2

        public static final int SSL_PROTOCOL_SSLV2
        SSLv2 protocol.
        See Also:
        Constant Field Values
      • SSL_PROTOCOL_SSLV3

        public static final int SSL_PROTOCOL_SSLV3
        SSLv3 protocol.
        See Also:
        Constant Field Values
      • SSL_PROTOCOL_TLSV1

        public static final int SSL_PROTOCOL_TLSV1
        TLSv1.0 protocol.
        See Also:
        Constant Field Values
      • SSL_PROTOCOL_TLSV1_1

        public static final int SSL_PROTOCOL_TLSV1_1
        TLSv1.1 protocol.
        See Also:
        Constant Field Values
      • SSL_PROTOCOL_TLSV1_2

        public static final int SSL_PROTOCOL_TLSV1_2
        TLSv1.2 protocol.
        See Also:
        Constant Field Values
      • SSL_PROTOCOL_TLSV1_3

        public static final int SSL_PROTOCOL_TLSV1_3
        TLSv1.3 protocol.
        See Also:
        Constant Field Values
      • SSL_PROTOCOL_ALL

        public static final int SSL_PROTOCOL_ALL
      • SSL_CVERIFY_UNSET

        public static final int SSL_CVERIFY_UNSET
        Client verification unset.
        See Also:
        Constant Field Values
      • SSL_CVERIFY_NONE

        public static final int SSL_CVERIFY_NONE
        No client certificate verification.
        See Also:
        Constant Field Values
      • SSL_CVERIFY_OPTIONAL

        public static final int SSL_CVERIFY_OPTIONAL
        Optional client certificate verification.
        See Also:
        Constant Field Values
      • SSL_CVERIFY_REQUIRE

        public static final int SSL_CVERIFY_REQUIRE
        Required client certificate verification.
        See Also:
        Constant Field Values
      • SSL_CVERIFY_OPTIONAL_NO_CA

        public static final int SSL_CVERIFY_OPTIONAL_NO_CA
        Optional client certificate verification without CA requirement.
        See Also:
        Constant Field Values
      • SSL_VERIFY_NONE

        public static final int SSL_VERIFY_NONE
        No peer verification.
        See Also:
        Constant Field Values
      • SSL_VERIFY_PEER

        public static final int SSL_VERIFY_PEER
        Verify peer certificate.
        See Also:
        Constant Field Values
      • SSL_VERIFY_FAIL_IF_NO_PEER_CERT

        public static final int SSL_VERIFY_FAIL_IF_NO_PEER_CERT
        Fail if no peer certificate is presented.
        See Also:
        Constant Field Values
      • SSL_VERIFY_CLIENT_ONCE

        public static final int SSL_VERIFY_CLIENT_ONCE
        Only verify client certificate once per session.
        See Also:
        Constant Field Values
      • SSL_VERIFY_PEER_STRICT

        public static final int SSL_VERIFY_PEER_STRICT
        Strict peer verification including certificate requirement.
        See Also:
        Constant Field Values
      • SSL_OP_MICROSOFT_SESS_ID_BUG

        public static final int SSL_OP_MICROSOFT_SESS_ID_BUG
        Workaround for Microsoft session ID bug.
        See Also:
        Constant Field Values
      • SSL_OP_NETSCAPE_CHALLENGE_BUG

        public static final int SSL_OP_NETSCAPE_CHALLENGE_BUG
        Workaround for Netscape challenge bug.
        See Also:
        Constant Field Values
      • SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG

        public static final int SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG
        Workaround for Netscape cipher change bug.
        See Also:
        Constant Field Values
      • SSL_OP_SSLREF2_REUSE_CERT_TYPE_BUG

        public static final int SSL_OP_SSLREF2_REUSE_CERT_TYPE_BUG
        Workaround for SSLREF2 certificate type reuse bug.
        See Also:
        Constant Field Values
      • SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER

        public static final int SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER
        Workaround for Microsoft SSLv3 buffer bug.
        See Also:
        Constant Field Values
      • SSL_OP_MSIE_SSLV2_RSA_PADDING

        public static final int SSL_OP_MSIE_SSLV2_RSA_PADDING
        Workaround for MSIE SSLv2 RSA padding bug.
        See Also:
        Constant Field Values
      • SSL_OP_SSLEAY_080_CLIENT_DH_BUG

        public static final int SSL_OP_SSLEAY_080_CLIENT_DH_BUG
        Workaround for SSLeay 0.8.0 client DH bug.
        See Also:
        Constant Field Values
      • SSL_OP_TLS_D5_BUG

        public static final int SSL_OP_TLS_D5_BUG
        Workaround for TLS D5 bug.
        See Also:
        Constant Field Values
      • SSL_OP_TLS_BLOCK_PADDING_BUG

        public static final int SSL_OP_TLS_BLOCK_PADDING_BUG
        Workaround for TLS block padding bug.
        See Also:
        Constant Field Values
      • SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS

        public static final int SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS
        Disable empty fragment insertion for CBC vulnerability workaround.
        See Also:
        Constant Field Values
      • SSL_OP_ALL

        public static final int SSL_OP_ALL
        All bug workaround options combined.
        See Also:
        Constant Field Values
      • SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION

        public static final int SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION
        Disallow session resumption on renegotiation.
        See Also:
        Constant Field Values
      • SSL_OP_NO_COMPRESSION

        public static final int SSL_OP_NO_COMPRESSION
        Disable compression.
        See Also:
        Constant Field Values
      • SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION

        public static final int SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION
        Allow unsafe legacy renegotiation.
        See Also:
        Constant Field Values
      • SSL_OP_SINGLE_ECDH_USE

        public static final int SSL_OP_SINGLE_ECDH_USE
        Always create a new key when using ECDH parameters.
        See Also:
        Constant Field Values
      • SSL_OP_SINGLE_DH_USE

        public static final int SSL_OP_SINGLE_DH_USE
        Always create a new key when using DH parameters.
        See Also:
        Constant Field Values
      • SSL_OP_EPHEMERAL_RSA

        public static final int SSL_OP_EPHEMERAL_RSA
        Always use ephemeral RSA key for RSA operations.
        See Also:
        Constant Field Values
      • SSL_OP_CIPHER_SERVER_PREFERENCE

        public static final int SSL_OP_CIPHER_SERVER_PREFERENCE
        Server prefers its own cipher order.
        See Also:
        Constant Field Values
      • SSL_OP_TLS_ROLLBACK_BUG

        public static final int SSL_OP_TLS_ROLLBACK_BUG
        Allow TLS rollback bug workaround.
        See Also:
        Constant Field Values
      • SSL_OP_NO_SSLv2

        public static final int SSL_OP_NO_SSLv2
        Disable SSLv2 protocol.
        See Also:
        Constant Field Values
      • SSL_OP_NO_SSLv3

        public static final int SSL_OP_NO_SSLv3
        Disable SSLv3 protocol.
        See Also:
        Constant Field Values
      • SSL_OP_NO_TLSv1

        public static final int SSL_OP_NO_TLSv1
        Disable TLSv1.0 protocol.
        See Also:
        Constant Field Values
      • SSL_OP_NO_TLSv1_2

        public static final int SSL_OP_NO_TLSv1_2
        Disable TLSv1.2 protocol.
        See Also:
        Constant Field Values
      • SSL_OP_NO_TLSv1_1

        public static final int SSL_OP_NO_TLSv1_1
        Disable TLSv1.1 protocol.
        See Also:
        Constant Field Values
      • SSL_OP_NO_TICKET

        public static final int SSL_OP_NO_TICKET
        Disable TLS session tickets.
        See Also:
        Constant Field Values
      • SSL_OP_NETSCAPE_CA_DN_BUG

        public static final int SSL_OP_NETSCAPE_CA_DN_BUG
        Workaround for Netscape CA DN bug.
        See Also:
        Constant Field Values
      • SSL_OP_NETSCAPE_DEMO_CIPHER_CHANGE_BUG

        public static final int SSL_OP_NETSCAPE_DEMO_CIPHER_CHANGE_BUG
        Workaround for Netscape demo cipher change bug.
        See Also:
        Constant Field Values
      • SSL_CRT_FORMAT_UNDEF

        public static final int SSL_CRT_FORMAT_UNDEF
        Undefined certificate format.
        See Also:
        Constant Field Values
      • SSL_CRT_FORMAT_ASN1

        public static final int SSL_CRT_FORMAT_ASN1
        ASN.1 certificate format.
        See Also:
        Constant Field Values
      • SSL_CRT_FORMAT_TEXT

        public static final int SSL_CRT_FORMAT_TEXT
        Text certificate format.
        See Also:
        Constant Field Values
      • SSL_CRT_FORMAT_PEM

        public static final int SSL_CRT_FORMAT_PEM
        PEM certificate format.
        See Also:
        Constant Field Values
      • SSL_CRT_FORMAT_NETSCAPE

        public static final int SSL_CRT_FORMAT_NETSCAPE
        Netscape certificate format.
        See Also:
        Constant Field Values
      • SSL_CRT_FORMAT_PKCS12

        public static final int SSL_CRT_FORMAT_PKCS12
        PKCS12 certificate format.
        See Also:
        Constant Field Values
      • SSL_CRT_FORMAT_SMIME

        public static final int SSL_CRT_FORMAT_SMIME
        S/MIME certificate format.
        See Also:
        Constant Field Values
      • SSL_CRT_FORMAT_ENGINE

        public static final int SSL_CRT_FORMAT_ENGINE
        Engine certificate format.
        See Also:
        Constant Field Values
      • SSL_MODE_CLIENT

        public static final int SSL_MODE_CLIENT
        Client SSL mode.
        See Also:
        Constant Field Values
      • SSL_MODE_SERVER

        public static final int SSL_MODE_SERVER
        Server SSL mode.
        See Also:
        Constant Field Values
      • SSL_MODE_COMBINED

        public static final int SSL_MODE_COMBINED
        Combined client and server SSL mode.
        See Also:
        Constant Field Values
      • SSL_CONF_FLAG_CMDLINE

        public static final int SSL_CONF_FLAG_CMDLINE
        Configuration flag for command line.
        See Also:
        Constant Field Values
      • SSL_CONF_FLAG_FILE

        public static final int SSL_CONF_FLAG_FILE
        Configuration flag for file.
        See Also:
        Constant Field Values
      • SSL_CONF_FLAG_CLIENT

        public static final int SSL_CONF_FLAG_CLIENT
        Configuration flag for client.
        See Also:
        Constant Field Values
      • SSL_CONF_FLAG_SERVER

        public static final int SSL_CONF_FLAG_SERVER
        Configuration flag for server.
        See Also:
        Constant Field Values
      • SSL_CONF_FLAG_SHOW_ERRORS

        public static final int SSL_CONF_FLAG_SHOW_ERRORS
        Configuration flag to show errors.
        See Also:
        Constant Field Values
      • SSL_CONF_FLAG_CERTIFICATE

        public static final int SSL_CONF_FLAG_CERTIFICATE
        Configuration flag for certificate context.
        See Also:
        Constant Field Values
      • SSL_CONF_TYPE_UNKNOWN

        public static final int SSL_CONF_TYPE_UNKNOWN
        Unknown configuration type.
        See Also:
        Constant Field Values
      • SSL_CONF_TYPE_STRING

        public static final int SSL_CONF_TYPE_STRING
        String configuration type.
        See Also:
        Constant Field Values
      • SSL_CONF_TYPE_FILE

        public static final int SSL_CONF_TYPE_FILE
        File configuration type.
        See Also:
        Constant Field Values
      • SSL_CONF_TYPE_DIR

        public static final int SSL_CONF_TYPE_DIR
        Directory configuration type.
        See Also:
        Constant Field Values
      • SSL_SHUTDOWN_TYPE_UNSET

        public static final int SSL_SHUTDOWN_TYPE_UNSET
        Shutdown type unset.
        See Also:
        Constant Field Values
      • SSL_SHUTDOWN_TYPE_STANDARD

        public static final int SSL_SHUTDOWN_TYPE_STANDARD
        Standard shutdown type.
        See Also:
        Constant Field Values
      • SSL_SHUTDOWN_TYPE_UNCLEAN

        public static final int SSL_SHUTDOWN_TYPE_UNCLEAN
        Unclean shutdown type.
        See Also:
        Constant Field Values
      • SSL_SHUTDOWN_TYPE_ACCURATE

        public static final int SSL_SHUTDOWN_TYPE_ACCURATE
        Accurate shutdown type.
        See Also:
        Constant Field Values
      • SSL_INFO_SESSION_ID

        public static final int SSL_INFO_SESSION_ID
        Info flag for session ID.
        See Also:
        Constant Field Values
      • SSL_INFO_CIPHER

        public static final int SSL_INFO_CIPHER
        Info flag for cipher name.
        See Also:
        Constant Field Values
      • SSL_INFO_CIPHER_USEKEYSIZE

        public static final int SSL_INFO_CIPHER_USEKEYSIZE
        Info flag for cipher effective key size.
        See Also:
        Constant Field Values
      • SSL_INFO_CIPHER_ALGKEYSIZE

        public static final int SSL_INFO_CIPHER_ALGKEYSIZE
        Info flag for cipher algorithm key size.
        See Also:
        Constant Field Values
      • SSL_INFO_CIPHER_VERSION

        public static final int SSL_INFO_CIPHER_VERSION
        Info flag for cipher version.
        See Also:
        Constant Field Values
      • SSL_INFO_CIPHER_DESCRIPTION

        public static final int SSL_INFO_CIPHER_DESCRIPTION
        Info flag for cipher description.
        See Also:
        Constant Field Values
      • SSL_INFO_PROTOCOL

        public static final int SSL_INFO_PROTOCOL
        Info flag for protocol version.
        See Also:
        Constant Field Values
      • SSL_INFO_CLIENT_S_DN

        public static final int SSL_INFO_CLIENT_S_DN
        Info flag for client subject distinguished name.
        See Also:
        Constant Field Values
      • SSL_INFO_CLIENT_I_DN

        public static final int SSL_INFO_CLIENT_I_DN
        Info flag for client issuer distinguished name.
        See Also:
        Constant Field Values
      • SSL_INFO_SERVER_S_DN

        public static final int SSL_INFO_SERVER_S_DN
        Info flag for server subject distinguished name.
        See Also:
        Constant Field Values
      • SSL_INFO_SERVER_I_DN

        public static final int SSL_INFO_SERVER_I_DN
        Info flag for server issuer distinguished name.
        See Also:
        Constant Field Values
      • SSL_INFO_DN_COUNTRYNAME

        public static final int SSL_INFO_DN_COUNTRYNAME
        DN field for country name.
        See Also:
        Constant Field Values
      • SSL_INFO_DN_STATEORPROVINCENAME

        public static final int SSL_INFO_DN_STATEORPROVINCENAME
        DN field for state or province name.
        See Also:
        Constant Field Values
      • SSL_INFO_DN_LOCALITYNAME

        public static final int SSL_INFO_DN_LOCALITYNAME
        DN field for locality name.
        See Also:
        Constant Field Values
      • SSL_INFO_DN_ORGANIZATIONNAME

        public static final int SSL_INFO_DN_ORGANIZATIONNAME
        DN field for organization name.
        See Also:
        Constant Field Values
      • SSL_INFO_DN_ORGANIZATIONALUNITNAME

        public static final int SSL_INFO_DN_ORGANIZATIONALUNITNAME
        DN field for organizational unit name.
        See Also:
        Constant Field Values
      • SSL_INFO_DN_COMMONNAME

        public static final int SSL_INFO_DN_COMMONNAME
        DN field for common name.
        See Also:
        Constant Field Values
      • SSL_INFO_DN_TITLE

        public static final int SSL_INFO_DN_TITLE
        DN field for title.
        See Also:
        Constant Field Values
      • SSL_INFO_DN_INITIALS

        public static final int SSL_INFO_DN_INITIALS
        DN field for initials.
        See Also:
        Constant Field Values
      • SSL_INFO_DN_GIVENNAME

        public static final int SSL_INFO_DN_GIVENNAME
        DN field for given name.
        See Also:
        Constant Field Values
      • SSL_INFO_DN_SURNAME

        public static final int SSL_INFO_DN_SURNAME
        DN field for surname.
        See Also:
        Constant Field Values
      • SSL_INFO_DN_DESCRIPTION

        public static final int SSL_INFO_DN_DESCRIPTION
        DN field for description.
        See Also:
        Constant Field Values
      • SSL_INFO_DN_UNIQUEIDENTIFIER

        public static final int SSL_INFO_DN_UNIQUEIDENTIFIER
        DN field for unique identifier.
        See Also:
        Constant Field Values
      • SSL_INFO_DN_EMAILADDRESS

        public static final int SSL_INFO_DN_EMAILADDRESS
        DN field for email address.
        See Also:
        Constant Field Values
      • SSL_INFO_CLIENT_M_VERSION

        public static final int SSL_INFO_CLIENT_M_VERSION
        Info flag for client certificate version.
        See Also:
        Constant Field Values
      • SSL_INFO_CLIENT_M_SERIAL

        public static final int SSL_INFO_CLIENT_M_SERIAL
        Info flag for client certificate serial number.
        See Also:
        Constant Field Values
      • SSL_INFO_CLIENT_V_START

        public static final int SSL_INFO_CLIENT_V_START
        Info flag for client certificate validity start.
        See Also:
        Constant Field Values
      • SSL_INFO_CLIENT_V_END

        public static final int SSL_INFO_CLIENT_V_END
        Info flag for client certificate validity end.
        See Also:
        Constant Field Values
      • SSL_INFO_CLIENT_A_SIG

        public static final int SSL_INFO_CLIENT_A_SIG
        Info flag for client certificate signature algorithm.
        See Also:
        Constant Field Values
      • SSL_INFO_CLIENT_A_KEY

        public static final int SSL_INFO_CLIENT_A_KEY
        Info flag for client certificate public key algorithm.
        See Also:
        Constant Field Values
      • SSL_INFO_CLIENT_CERT

        public static final int SSL_INFO_CLIENT_CERT
        Info flag for client certificate data.
        See Also:
        Constant Field Values
      • SSL_INFO_CLIENT_V_REMAIN

        public static final int SSL_INFO_CLIENT_V_REMAIN
        Info flag for client certificate validity remaining.
        See Also:
        Constant Field Values
      • SSL_INFO_SERVER_M_VERSION

        public static final int SSL_INFO_SERVER_M_VERSION
        Info flag for server certificate version.
        See Also:
        Constant Field Values
      • SSL_INFO_SERVER_M_SERIAL

        public static final int SSL_INFO_SERVER_M_SERIAL
        Info flag for server certificate serial number.
        See Also:
        Constant Field Values
      • SSL_INFO_SERVER_V_START

        public static final int SSL_INFO_SERVER_V_START
        Info flag for server certificate validity start.
        See Also:
        Constant Field Values
      • SSL_INFO_SERVER_V_END

        public static final int SSL_INFO_SERVER_V_END
        Info flag for server certificate validity end.
        See Also:
        Constant Field Values
      • SSL_INFO_SERVER_A_SIG

        public static final int SSL_INFO_SERVER_A_SIG
        Info flag for server certificate signature algorithm.
        See Also:
        Constant Field Values
      • SSL_INFO_SERVER_A_KEY

        public static final int SSL_INFO_SERVER_A_KEY
        Info flag for server certificate public key algorithm.
        See Also:
        Constant Field Values
      • SSL_INFO_SERVER_CERT

        public static final int SSL_INFO_SERVER_CERT
        Info flag for server certificate data.
        See Also:
        Constant Field Values
      • SSL_INFO_CLIENT_CERT_CHAIN

        public static final int SSL_INFO_CLIENT_CERT_CHAIN
        Info flag for client certificate chain.
        See Also:
        Constant Field Values
      • SSL_SESS_CACHE_OFF

        public static final long SSL_SESS_CACHE_OFF
        Session cache disabled.
        See Also:
        Constant Field Values
      • SSL_SESS_CACHE_SERVER

        public static final long SSL_SESS_CACHE_SERVER
        Session cache enabled for server.
        See Also:
        Constant Field Values
      • SSL_SELECTOR_FAILURE_NO_ADVERTISE

        public static final int SSL_SELECTOR_FAILURE_NO_ADVERTISE
        Do not advertise protocol on selector failure.
        See Also:
        Constant Field Values
      • SSL_SELECTOR_FAILURE_CHOOSE_MY_LAST_PROTOCOL

        public static final int SSL_SELECTOR_FAILURE_CHOOSE_MY_LAST_PROTOCOL
        Choose last protocol on selector failure.
        See Also:
        Constant Field Values
      • SSL_SENT_SHUTDOWN

        public static final int SSL_SENT_SHUTDOWN
        Shutdown has been sent.
        See Also:
        Constant Field Values
      • SSL_RECEIVED_SHUTDOWN

        public static final int SSL_RECEIVED_SHUTDOWN
        Shutdown has been received.
        See Also:
        Constant Field Values
      • SSL_ERROR_SSL

        public static final int SSL_ERROR_SSL
        SSL library error.
        See Also:
        Constant Field Values
      • SSL_ERROR_WANT_READ

        public static final int SSL_ERROR_WANT_READ
        SSL operation would block reading.
        See Also:
        Constant Field Values
      • SSL_ERROR_WANT_WRITE

        public static final int SSL_ERROR_WANT_WRITE
        SSL operation would block writing.
        See Also:
        Constant Field Values
      • SSL_ERROR_WANT_X509_LOOKUP

        public static final int SSL_ERROR_WANT_X509_LOOKUP
        SSL operation wants X.509 lookup.
        See Also:
        Constant Field Values
      • SSL_ERROR_SYSCALL

        public static final int SSL_ERROR_SYSCALL
        SSL syscall error.
        See Also:
        Constant Field Values
      • SSL_ERROR_ZERO_RETURN

        public static final int SSL_ERROR_ZERO_RETURN
        SSL connection closed cleanly (zero return).
        See Also:
        Constant Field Values
      • SSL_ERROR_WANT_CONNECT

        public static final int SSL_ERROR_WANT_CONNECT
        SSL operation wants connect.
        See Also:
        Constant Field Values
      • SSL_ERROR_WANT_ACCEPT

        public static final int SSL_ERROR_WANT_ACCEPT
        SSL operation wants accept.
        See Also:
        Constant Field Values
    • Method Detail

      • version

        public static int version()
        Return OpenSSL version number (run time version).
        Returns:
        OpenSSL version number
      • versionString

        public static java.lang.String versionString()
        Return OpenSSL version string (run time version).
        Returns:
        OpenSSL version string
      • initialize

        public static int initialize​(java.lang.String engine)
        Initialize OpenSSL support. This function needs to be called once for the lifetime of JVM. Library.init() has to be called before.
        Parameters:
        engine - Support for external a Crypto Device ("engine"), usually a hardware accelerator card for crypto operations.
        Returns:
        APR status code
      • fipsModeGet

        public static int fipsModeGet()
                               throws java.lang.Exception
        Get the status of FIPS Mode.
        Returns:
        FIPS_mode return code. It is 0 if OpenSSL is not in FIPS mode, 1 if OpenSSL is in FIPS Mode.
        Throws:
        java.lang.Exception - If tcnative was not compiled with FIPS Mode available.
        See Also:
        OpenSSL method FIPS_mode()
      • fipsModeSet

        public static int fipsModeSet​(int mode)
                               throws java.lang.Exception
        Enable/Disable FIPS Mode.
        Parameters:
        mode - 1 - enable, 0 - disable
        Returns:
        FIPS_mode_set return code
        Throws:
        java.lang.Exception - If tcnative was not compiled with FIPS Mode available, or if FIPS_mode_set() call returned an error value.
        See Also:
        OpenSSL method FIPS_mode_set()
      • randSet

        public static void randSet​(java.lang.String filename)
        Sets global random filename.
        Parameters:
        filename - Filename to use. If set it will be used for SSL initialization and all contexts where explicitly not set.
      • getHandshakeCount

        public static int getHandshakeCount​(long ssl)
        Return the handshake completed count.
        Parameters:
        ssl - SSL pointer
        Returns:
        the count
      • newSSL

        public static long newSSL​(long ctx,
                                  boolean server)
        SSL_new
        Parameters:
        ctx - Server or Client context to use.
        server - if true configure SSL instance to use accept handshake routines if false configure SSL instance to use connect handshake routines
        Returns:
        pointer to SSL instance (SSL *)
      • pendingWrittenBytesInBIO

        public static int pendingWrittenBytesInBIO​(long bio)
        BIO_ctrl_pending.
        Parameters:
        bio - BIO pointer (BIO *)
        Returns:
        the pending bytes count
      • pendingReadableBytesInSSL

        public static int pendingReadableBytesInSSL​(long ssl)
        SSL_pending.
        Parameters:
        ssl - SSL pointer (SSL *)
        Returns:
        the pending bytes count
      • writeToBIO

        public static int writeToBIO​(long bio,
                                     long wbuf,
                                     int wlen)
        BIO_write.
        Parameters:
        bio - BIO pointer
        wbuf - Buffer pointer
        wlen - Write length
        Returns:
        the bytes count written
      • readFromBIO

        public static int readFromBIO​(long bio,
                                      long rbuf,
                                      int rlen)
        BIO_read.
        Parameters:
        bio - BIO pointer
        rbuf - Buffer pointer
        rlen - Read length
        Returns:
        the bytes count read
      • writeToSSL

        public static int writeToSSL​(long ssl,
                                     long wbuf,
                                     int wlen)
        SSL_write.
        Parameters:
        ssl - the SSL instance (SSL *)
        wbuf - Buffer pointer
        wlen - Write length
        Returns:
        the bytes count written
      • readFromSSL

        public static int readFromSSL​(long ssl,
                                      long rbuf,
                                      int rlen)
        SSL_read
        Parameters:
        ssl - the SSL instance (SSL *)
        rbuf - Buffer pointer
        rlen - Read length
        Returns:
        the bytes count read
      • getShutdown

        public static int getShutdown​(long ssl)
        SSL_get_shutdown
        Parameters:
        ssl - the SSL instance (SSL *)
        Returns:
        the operation status
      • freeSSL

        public static void freeSSL​(long ssl)
        SSL_free
        Parameters:
        ssl - the SSL instance (SSL *)
      • makeNetworkBIO

        public static long makeNetworkBIO​(long ssl)
        Wire up internal and network BIOs for the given SSL instance.

        Warning: you must explicitly free this resource by calling freeBIO

        While the SSL's internal/application data BIO will be freed when freeSSL is called on the provided SSL instance, you must call freeBIO on the returned network BIO.

        Parameters:
        ssl - the SSL instance (SSL *)
        Returns:
        pointer to the Network BIO (BIO *)
      • freeBIO

        public static void freeBIO​(long bio)
        BIO_free
        Parameters:
        bio - BIO pointer
      • shutdownSSL

        public static int shutdownSSL​(long ssl)
        SSL_shutdown
        Parameters:
        ssl - the SSL instance (SSL *)
        Returns:
        the operation status
      • getLastErrorNumber

        public static int getLastErrorNumber()
        Get the error number representing the last error OpenSSL encountered on this thread.
        Returns:
        the last error number
      • getCipherForSSL

        public static java.lang.String getCipherForSSL​(long ssl)
        SSL_get_cipher.
        Parameters:
        ssl - the SSL instance (SSL *)
        Returns:
        the cipher name
      • getVersion

        public static java.lang.String getVersion​(long ssl)
        SSL_get_version
        Parameters:
        ssl - the SSL instance (SSL *)
        Returns:
        the SSL version in use
      • doHandshake

        public static int doHandshake​(long ssl)
        SSL_do_handshake
        Parameters:
        ssl - the SSL instance (SSL *)
        Returns:
        the handshake status
      • renegotiate

        public static int renegotiate​(long ssl)
        SSL_renegotiate
        Parameters:
        ssl - the SSL instance (SSL *)
        Returns:
        the operation status
      • renegotiatePending

        public static int renegotiatePending​(long ssl)
        SSL_renegotiate_pending
        Parameters:
        ssl - the SSL instance (SSL *)
        Returns:
        the operation status
      • verifyClientPostHandshake

        public static int verifyClientPostHandshake​(long ssl)
        SSL_verify_client_post_handshake
        Parameters:
        ssl - the SSL instance (SSL *)
        Returns:
        the operation status
      • getPostHandshakeAuthInProgress

        public static int getPostHandshakeAuthInProgress​(long ssl)
        Is post handshake authentication in progress on this connection?
        Parameters:
        ssl - the SSL instance (SSL *)
        Returns:
        the operation status
      • markPostHandshakeAuthComplete

        public static void markPostHandshakeAuthComplete​(long ssl)
        Marks post handshake authentication complete for the connection. Used when JSSE is performing certificate verification for OpenSSL.
        Parameters:
        ssl - the SSL instance (SSL *)
      • isInInit

        public static int isInInit​(long ssl)
        SSL_in_init.
        Parameters:
        ssl - the SSL instance (SSL *)
        Returns:
        the status
      • getAlpnSelected

        public static java.lang.String getAlpnSelected​(long ssl)
        SSL_get0_alpn_selected
        Parameters:
        ssl - the SSL instance (SSL *)
        Returns:
        the ALPN protocol negotiated
      • getPeerCertChain

        public static byte[][] getPeerCertChain​(long ssl)
        Get the peer certificate chain or null if none was sent.
        Parameters:
        ssl - the SSL instance (SSL *)
        Returns:
        the certificate chain bytes
      • getPeerCertificate

        public static byte[] getPeerCertificate​(long ssl)
        Get the peer certificate or null if none was sent.
        Parameters:
        ssl - the SSL instance (SSL *)
        Returns:
        the certificate bytes
      • getErrorString

        public static java.lang.String getErrorString​(long errorNumber)
        Get the error number representing for the given errorNumber.
        Parameters:
        errorNumber - The error code
        Returns:
        an error message
      • getTime

        public static long getTime​(long ssl)
        SSL_get_time
        Parameters:
        ssl - the SSL instance (SSL *)
        Returns:
        returns the time at which the session ssl was established. The time is given in seconds since the Epoch
      • setVerify

        public static void setVerify​(long ssl,
                                     int level,
                                     int depth)
        Set Type of Client Certificate verification and Maximum depth of CA Certificates in Client Certificate verification.
        This directive sets the Certificate verification level for the Client Authentication. Notice that this directive can be used both in per-server and per-directory context. In per-server context it applies to the client authentication process used in the standard SSL handshake when a connection is established. In per-directory context it forces an SSL renegotiation with the reconfigured client verification level after the HTTP request was read but before the HTTP response is sent.
        The following levels are available for level:
         SSL_CVERIFY_NONE           - No client Certificate is required at all
         SSL_CVERIFY_OPTIONAL       - The client may present a valid Certificate
         SSL_CVERIFY_REQUIRE        - The client has to present a valid Certificate
         SSL_CVERIFY_OPTIONAL_NO_CA - The client may present a valid Certificate
                                      but it need not to be (successfully) verifiable
         

        The depth actually is the maximum number of intermediate certificate issuers, i.e. the number of CA certificates which are max allowed to be followed while verifying the client certificate. A depth of 0 means that self-signed client certificates are accepted only, the default depth of 1 means the client certificate can be self-signed or has to be signed by a CA which is directly known to the server (i.e. the CA's certificate is under setCACertificatePath, etc).
        Parameters:
        ssl - the SSL instance (SSL *)
        level - Type of Client Certificate verification.
        depth - Maximum depth of CA Certificates in Client Certificate verification.
      • setOptions

        public static void setOptions​(long ssl,
                                      int options)
        Set OpenSSL Option.
        Parameters:
        ssl - the SSL instance (SSL *)
        options - See SSL.SSL_OP_* for option flags.
      • getOptions

        public static int getOptions​(long ssl)
        Get OpenSSL Option.
        Parameters:
        ssl - the SSL instance (SSL *)
        Returns:
        options See SSL.SSL_OP_* for option flags.
      • getCiphers

        public static java.lang.String[] getCiphers​(long ssl)
        Returns all cipher suites that are enabled for negotiation in an SSL handshake.
        Parameters:
        ssl - the SSL instance (SSL *)
        Returns:
        ciphers
      • setCipherSuites

        public static boolean setCipherSuites​(long ssl,
                                              java.lang.String cipherList)
                                       throws java.lang.Exception
        Set the TLSv1.2 and below ciphers available for negotiation the in TLS handshake.

        This complex directive uses a colon-separated cipher-spec string consisting of OpenSSL cipher specifications to configure the ciphers the client is permitted to negotiate in the TLS handshake phase.

        Parameters:
        ssl - The SSL instance (SSL *)
        cipherList - An OpenSSL cipher specification.
        Returns:
        true if the operation was successful
        Throws:
        java.lang.Exception - An error occurred
      • setCipherSuitesEx

        public static boolean setCipherSuitesEx​(long ssl,
                                                java.lang.String cipherSuites)
                                         throws java.lang.Exception
        Set the TLSv1.3 cipher suites available for negotiation the in TLS handshake.

        This uses a colon-separated list of TLSv1.3 cipher suite names in preference order.

        Parameters:
        ssl - The SSL instance (SSL *)
        cipherSuites - An OpenSSL cipher suite list.
        Returns:
        true if the operation was successful
        Throws:
        java.lang.Exception - An error occurred
      • getSessionId

        public static byte[] getSessionId​(long ssl)
        Returns the ID of the session as byte array representation.
        Parameters:
        ssl - the SSL instance (SSL *)
        Returns:
        the session as byte array representation obtained via SSL_SESSION_get_id.