@ProviderType public static final class TransportSecurityStrategy.TLS extends Object implements TransportSecurityStrategy
| Modifier and Type | Class and Description |
|---|---|
static class |
TransportSecurityStrategy.TLS.SecureProtocols |
TransportSecurityStrategy.TLS| Modifier and Type | Method and Description |
|---|---|
static TransportSecurityStrategy.TLS |
create()
Creates a new transport layer security instance.
|
TransportSecurityStrategy.TLS |
downgradable()
Configures Secure Socket Layer (SSL) so that session connections are downgraded to a
plain-text after client authentication completes.
|
TypedProperties |
getSecurityConfiguration() |
TransportSecurityStrategy.TLS |
withCertificateHostValidation()
Configures transport layer security (TLS) to validate host against one from a server
certificate.
|
TransportSecurityStrategy.TLS |
withCertificateValidation(String trustStorePassword,
boolean ignoreExpiration)
Configures transport-layer security (TLS) to use default JDK/JRE truststore 'jssecacerts' or
'cacerts' and to reject or not to reject expired certificates.
|
TransportSecurityStrategy.TLS |
withCertificateValidation(String trustStorePassword,
boolean ignoreExpiration,
SecureStoreFormat format,
String trustStoreFilePath)
Configures transport-layer security (TLS) validation on certificates.
|
TransportSecurityStrategy.TLS |
withCertificateValidation(String trustStorePassword,
boolean ignoreExpiration,
SecureStoreFormat format,
String trustStoreFilePath,
String trustedCommonNameList)
Configures TLS validation on certificates.
|
TransportSecurityStrategy.TLS |
withCipherSuites(String cipherSuitesList)
Specifies a comma separated list of cipher suites in order of preference used for Secure
Socket Layer (SSL) connections.
|
TransportSecurityStrategy.TLS |
withExcludedProtocols(TransportSecurityStrategy.TLS.SecureProtocols... excludedProtocols)
Specifies the list of Secure Socket Layer (SSL) protocols to not use.
|
TransportSecurityStrategy.TLS |
withoutCertificateHostValidation()
Configures transport layer security (TLS) to not validate host against one from a server
certificate.
|
TransportSecurityStrategy.TLS |
withoutCertificateValidation()
Configures transport layer security (TLS) to not validate server certificates.
|
equals, getClass, hashCode, notify, notifyAll, toString, wait, wait, waitgetConfigurationpublic static TransportSecurityStrategy.TLS create()
TLS instancepublic TransportSecurityStrategy.TLS downgradable()
Warning: Downgrading of SSL to plain-text after client authentication occurs exposes a client and the data being sent to high-security risks.
public TypedProperties getSecurityConfiguration()
public TransportSecurityStrategy.TLS withCertificateHostValidation()
This Method can be used to re-enable host verification when it was disabled using properties.
Host verification is enabled by default when client certificate validation is enabled
public TransportSecurityStrategy.TLS withCertificateValidation(String trustStorePassword, boolean ignoreExpiration)
trustStorePassword - the truststore passwordignoreExpiration - indicate whether to ignore expired certificates; if set to true, expired certificates are accepted
Warning: Ignoring expired certificates exposes a client and data being sent to a high security risks.
public TransportSecurityStrategy.TLS withCertificateValidation(String trustStorePassword, boolean ignoreExpiration, SecureStoreFormat format, String trustStoreFilePath)
Warning: Disabling certificate expiration validation exposes a client and the data being sent to high-security risks.
trustStorePassword - the truststore passwordignoreExpiration - indicate whether to ignore expired certificates; if set to true, expired certificates are accepted
Warning: Ignoring expired certificates exposes a client and data being sent to a high security risks.
format - the format of the truststore file; usually JKS is specifiedtrustStoreFilePath - the location of the truststore filepublic TransportSecurityStrategy.TLS withCertificateValidation(String trustStorePassword, boolean ignoreExpiration, SecureStoreFormat format, String trustStoreFilePath, String trustedCommonNameList)
Warning: Disabling of certificate expiration validation exposes a client and the data being sent to high-security risks.
trustStorePassword - the trust store passwordignoreExpiration - indicate whether to ignore expired certificates; if set to
true, expired certificates are accepted
Warning: Ignoring expired certificates exposes a client and data being sent to a high security risks.
format - the format of the truststore file; usually JKS is specifiedtrustStoreFilePath - the location of the truststore filetrustedCommonNameList - a comma separated list of acceptable common names for matching
with server certificates; the API performs a case in-sensitive
comparison of the common names provided in this property with
the common name in the server certificate.
Note: Leading and trailing whitespaces are considered to be part of the common names and are not ignored.
public TransportSecurityStrategy.TLS withCipherSuites(String cipherSuitesList)
cipherSuitesList - the list of chipper suitespublic TransportSecurityStrategy.TLS withExcludedProtocols(TransportSecurityStrategy.TLS.SecureProtocols... excludedProtocols)
excludedProtocols - the list of SSL protocols to not usepublic TransportSecurityStrategy.TLS withoutCertificateHostValidation()
Usage of this method IS NOT RECOMMENDED
public TransportSecurityStrategy.TLS withoutCertificateValidation()
Warning: Disabling certificate validation exposes a client and the data being sent to high-security risks.
Copyright 2019-2024 Solace Corporation. All rights reserved.