@ProviderType public static final class TransportSecurityStrategy.TLS extends Object implements TransportSecurityStrategy
| Modifier and Type | Class and Description |
|---|---|
static class |
TransportSecurityStrategy.TLS.SecureProtocols |
TransportSecurityStrategy.TLS| Modifier and Type | Method and Description |
|---|---|
static TransportSecurityStrategy.TLS |
create()
Creates a new transport layer security instance.
|
TransportSecurityStrategy.TLS |
downgradable()
Configures Secure Socket Layer (SSL) so that session connections are downgraded to a
plain-text after client authentication completes.
|
TypedProperties |
getSecurityConfiguration() |
TransportSecurityStrategy.TLS |
withCertificateHostValidation()
Configures transport layer security (TLS) to validate host against one from a server
certificate.
|
TransportSecurityStrategy.TLS |
withCertificateValidation(String trustStorePassword,
boolean ignoreExpiration)
Configures transport-layer security (TLS) to use default JDK/JRE truststore 'jssecacerts' or
'cacerts' and to reject or not to reject expired certificates.
|
TransportSecurityStrategy.TLS |
withCertificateValidation(String trustStorePassword,
boolean ignoreExpiration,
SecureStoreFormat format,
String trustStoreFilePath)
Configures transport-layer security (TLS) validation on certificates.
|
TransportSecurityStrategy.TLS |
withCertificateValidation(String trustStorePassword,
boolean ignoreExpiration,
SecureStoreFormat format,
String trustStoreFilePath,
String trustedCommonNameList)
Configures TLS validation on certificates.
|
TransportSecurityStrategy.TLS |
withCipherSuites(String cipherSuitesList)
Deprecated.
Best left unset.
Effectively disables TLSv1.3.
Use JDK facilities, e.g. the jdk.tls.client.cipherSuites system property instead if necessary.
|
TransportSecurityStrategy.TLS |
withExcludedProtocols(TransportSecurityStrategy.TLS.SecureProtocols... excludedProtocols)
Specifies the list of Secure Socket Layer (SSL) protocols to not use.
|
TransportSecurityStrategy.TLS |
withoutCertificateHostValidation()
Configures transport layer security (TLS) to not validate host against one from a server
certificate.
|
TransportSecurityStrategy.TLS |
withoutCertificateValidation()
Configures transport layer security (TLS) to not validate server certificates.
|
equals, getClass, hashCode, notify, notifyAll, toString, wait, wait, waitgetConfigurationpublic static TransportSecurityStrategy.TLS create()
TLS instancepublic TypedProperties getSecurityConfiguration()
public TransportSecurityStrategy.TLS withExcludedProtocols(TransportSecurityStrategy.TLS.SecureProtocols... excludedProtocols)
excludedProtocols - the list of SSL protocols to not usepublic TransportSecurityStrategy.TLS downgradable()
Warning: Downgrading of SSL to plain-text after client authentication occurs exposes a client and the data being sent to high-security risks.
public TransportSecurityStrategy.TLS withoutCertificateValidation()
Warning: Disabling certificate validation exposes a client and the data being sent to high-security risks.
public TransportSecurityStrategy.TLS withCertificateValidation(String trustStorePassword, boolean ignoreExpiration, SecureStoreFormat format, String trustStoreFilePath, String trustedCommonNameList)
Warning: Disabling of certificate expiration validation exposes a client and the data being sent to high-security risks.
trustStorePassword - the trust store passwordignoreExpiration - indicate whether to ignore expired certificates; if set to
true, expired certificates are accepted
Warning: Ignoring expired certificates exposes a client and data being sent to a high security risks.
format - the format of the truststore file; usually JKS is specifiedtrustStoreFilePath - the location of the truststore filetrustedCommonNameList - a comma separated list of acceptable common names for matching
with server certificates; the API performs a case in-sensitive
comparison of the common names provided in this property with
the common name in the server certificate.
Note: Leading and trailing whitespaces are considered to be part of the common names and are not ignored.
public TransportSecurityStrategy.TLS withCertificateValidation(String trustStorePassword, boolean ignoreExpiration, SecureStoreFormat format, String trustStoreFilePath)
Warning: Disabling certificate expiration validation exposes a client and the data being sent to high-security risks.
trustStorePassword - the truststore passwordignoreExpiration - indicate whether to ignore expired certificates; if set to true, expired certificates are accepted
Warning: Ignoring expired certificates exposes a client and data being sent to a high security risks.
format - the format of the truststore file; usually JKS is specifiedtrustStoreFilePath - the location of the truststore filepublic TransportSecurityStrategy.TLS withCertificateValidation(String trustStorePassword, boolean ignoreExpiration)
trustStorePassword - the truststore passwordignoreExpiration - indicate whether to ignore expired certificates; if set to true, expired certificates are accepted
Warning: Ignoring expired certificates exposes a client and data being sent to a high security risks.
@Deprecated public TransportSecurityStrategy.TLS withCipherSuites(String cipherSuitesList)
cipherSuitesList - the list of ciphers that may be used in the secure connection.public TransportSecurityStrategy.TLS withoutCertificateHostValidation()
Usage of this method IS NOT RECOMMENDED
public TransportSecurityStrategy.TLS withCertificateHostValidation()
This Method can be used to re-enable host verification when it was disabled using properties.
Host verification is enabled by default when client certificate validation is enabled
Copyright 2019-2025 Solace Corporation. All rights reserved.