Package io.netty.handler.ssl
package io.netty.handler.ssl
-
ClassDescriptionEnables SNI (Server Name Indication) extension for server side SSL.Provides a way to get the application-level protocol name from ALPN or NPN.Provides an
SSLEngine
agnostic way to configure aApplicationProtocolNegotiator
.Defines which application level protocol negotiation to use.Defines the most common behaviors for the peer which is notified of the selected protocol.Defines the most common behaviors for the peer that selects the application protocol.Provides a set of protocol names used in ALPN and NPN.Configures aChannelPipeline
depending on the application-level protocol negotiation result ofSslHandler
.Deprecated.Utility class for application protocol common operations.Contains methods that can be used to detect if BouncyCastle is usable.Cipher suitesConverts a Java cipher suite string to an OpenSSL cipher suite string and vice versa.Used to store nullable values in a CHMProvides a means to filter the supplied cipher suite based upon the supported and default cipher suites.Indicates the state of theSSLEngine
with respect to client authentication.Adapter class which allows to wrap anotherSslContext
and initSSLEngine
instances.Wraps an existingX509ExtendedTrustManager
and enhances theCertificateException
that is thrown because of hostname validation.Delegates all operations to a wrappedOpenSslInternalSession
except the methods defined byExtendedSSLSession
itself.Convert java naming to OpenSSL naming if possible and if not return the original name.This class will not do any filtering of ciphers suites.Deprecated.Deprecated.A listener to be notified by which protocol was select by its peer.Factory interface forJdkApplicationProtocolNegotiator.ProtocolSelectionListener
objects.Interface to define the role of an application protocol selector in the SSL handshake process.Factory interface forJdkApplicationProtocolNegotiator.ProtocolSelector
objects.Abstract factory pattern for wrapping anSSLEngine
object.Common base class forJdkApplicationProtocolNegotiator
classes to inherit from.TheJdkApplicationProtocolNegotiator
to use if you do not care about NPN or ALPN and are usingSslProvider.JDK
.Deprecated.Deprecated.AnSslContext
which uses JDK's SSL/TLS implementation.Deprecated.SpecialSSLException
which will get thrown if a packet is received that not looks like a TLS/SSL record.Tells ifnetty-tcnative
and its OpenSSL support are available.Deprecated.OpenSslKeyMaterialProvider
that will cache theOpenSslKeyMaterial
to reduce the overhead of parsing the chain and the key for generation of the material.Wraps anotherKeyManagerFactory
and caches its chains / certs for an alias for better performance when usingSslProvider.OPENSSL
orSslProvider.OPENSSL_REFCNT
.Provides compression and decompression implementations for TLS Certificate Compression (RFC 8879).Configuration for TLS1.3 certificate compression extension.The configuration for algorithm.The usage mode of theOpenSslCertificateCompressionAlgorithm
.Builder for anOpenSslCertificateCompressionAlgorithm
.A specialCertificateException
which allows to specify which error code is included in the SSL Record.A client-sideSslContext
which uses OpenSSL's SSL/TLS implementation.OpenSslSessionCache
that is used by the client-side.Host / Port tuple used to find aOpenSslInternalSession
in the cache.This class will use a finalizer to ensure native resources are automatically cleaned up.Deprecated.Implements aSSLEngine
using OpenSSL BIO abstractions.SSLSession
that is specific to our native implementation.Holds references to the native key-material that is used by OpenSSL.ProvidesOpenSslKeyMaterial
for a given alias.Deprecated.Allow to customize private key signing / decrypting (when using RSA).A server-sideSslContext
which uses OpenSSL's SSL/TLS implementation.OpenSslSessionContext
implementation which offers extra methods which are only useful for the server-side.SSLSession
sub-type that is used by our native implementation.SSLSessionCache
implementation for our native SSL implementation.OpenSslInternalSession
implementation which wraps the native SSL_SESSION* while in cache.OpenSSL specificSSLSessionContext
implementation.Represent the session ID used by anOpenSslInternalSession
.Stats exposed by an OpenSSL session context.Session Ticket KeySpecialKeyManagerFactory
that pre-compute the keymaterial used whenSslProvider.OPENSSL
orSslProvider.OPENSSL_REFCNT
is used and so will improve handshake times and its performance.OpenSslKeyMaterialProvider
implementation that pre-compute theOpenSslKeyMaterial
for all aliases.Utility which allows to wrapX509TrustManager
implementations with the internal implementation used bySSLContextImpl
that provides extended verification.OptionalSslHandler
is a utility decoder to support both SSL and non-SSL handlers based on the first message received.A marker interface for PEM encoded values.This is a special purpose implementation of aPrivateKey
which allows the user to pass PEM/PKCS#8 encoded key material straight intoOpenSslContext
without having to parse and re-encode bytes in Java land.Reads a PEM file and converts it into a list of DERs so that they are imported into aKeyStore
easily.A PEM encoded value.This is a special purpose implementation of aX509Certificate
which allows the user to pass PEM/PKCS#8 encoded data straight intoOpenSslContext
without having to parse and re-encode bytes in Java land.This pseudorandom function (PRF) takes as input a secret, a seed, and an identifying label and produces an output of arbitrary length.A client-sideSslContext
which uses OpenSSL's SSL/TLS implementation.An implementation ofSslContext
which works with libraries that support the OpenSsl C library API.Implements aSSLEngine
using OpenSSL BIO abstractions.A server-sideSslContext
which uses OpenSSL's SSL/TLS implementation.An interface thatTrustManager
instances can implement, to be notified of resumed SSL sessions.Converts OpenSSL signature Algorithm names to Java signature Algorithm names.Event that is fired once we did a selection of aSslContext
based on theSNI hostname
, which may be because it was successful or there was an error.Enables SNI (Server Name Indication) extension for server side SSL.ByteToMessageDecoder
which allows to be notified once a fullClientHello
was received.Event that is fired once the close_notify was received or if an failure happens before it was received.SSLException
which signals that the exception was caused by anSSLEngine
which was closed already.A secure socket protocol implementation which acts as a factory forSSLEngine
andSslHandler
.Builder for configuring a new SslContext for creation.ASslContextOption
allows to configure aSslContext
in a type-safe way.Each call to SSL_write will introduce about ~100 bytes of overhead.Event that is fired once the SSL handshake is complete, which may be because it was successful or there was an error.SSLHandshakeException
that is used when a handshake failed due a configured timeout.TheSslMasterKeyHandler
is a channel-handler you can include in your pipeline to consume the master key invalid input: '&' session identifier for a TLS session.Record the session identifier and master key to theInternalLogger
namedio.netty.wireshark
.SSL/TLS protocolsAn enumeration of SSL/TLS protocol providers.Constants for SSL packets.ASSLHandshakeException
that does not fill in the stack trace.This class will filter all requested ciphers out that are not supported by the currentSSLEngine
.
ApplicationProtocolConfig