Added in API level 9

SSLParameters

open class SSLParameters
kotlin.Any
   ↳ javax.net.ssl.SSLParameters

Encapsulates parameters for an SSL/TLS connection. The parameters are the list of ciphersuites to be accepted in an SSL/TLS handshake, the list of protocols to be allowed, the endpoint identification algorithm during SSL/TLS handshaking, the Server Name Indication (SNI), the algorithm constraints and whether SSL/TLS servers should request or require client authentication, etc.

SSLParameters can be created via the constructors in this class. Objects can also be obtained using the getSSLParameters() methods in SSLSocket and SSLServerSocket and SSLEngine or the getDefaultSSLParameters() and getSupportedSSLParameters() methods in SSLContext.

SSLParameters can be applied to a connection via the methods SSLSocket.setSSLParameters() and SSLServerSocket.setSSLParameters() and SSLEngine.setSSLParameters().

Summary

Public constructors

Constructs SSLParameters.

SSLParameters(cipherSuites: Array<String!>!)

Constructs SSLParameters from the specified array of ciphersuites.

SSLParameters(cipherSuites: Array<String!>!, protocols: Array<String!>!)

Constructs SSLParameters from the specified array of ciphersuites and protocols.

Public methods
open AlgorithmConstraints!

Returns the cryptographic algorithm constraints.

open Array<String!>!

Returns a prioritized array of application-layer protocol names that can be negotiated over the SSL/TLS protocols.

open Array<String!>!

Returns a copy of the array of ciphersuites or null if none have been set.

open String!

Gets the endpoint identification algorithm.

open Boolean

Returns whether client authentication should be required.

open Array<String!>!

Returns a copy of the array of protocols or null if none have been set.

MutableCollection<SNIMatcher!>!

Returns a Collection containing all SNIMatchers of the Server Name Indication (SNI) parameter, or null if none has been set.

MutableList<SNIServerName!>!

Returns a List containing all SNIServerNames of the Server Name Indication (SNI) parameter, or null if none has been set.

Boolean

Returns whether the local cipher suites preference should be honored.

open Boolean

Returns whether client authentication should be requested.

open Unit

Sets the cryptographic algorithm constraints, which will be used in addition to any configured by the runtime environment.

open Unit

Sets the prioritized array of application-layer protocol names that can be negotiated over the SSL/TLS protocols.

open Unit
setCipherSuites(cipherSuites: Array<String!>!)

Sets the array of ciphersuites.

open Unit

Sets the endpoint identification algorithm.

open Unit
setNeedClientAuth(needClientAuth: Boolean)

Sets whether client authentication should be required.

open Unit
setProtocols(protocols: Array<String!>!)

Sets the array of protocols.

Unit

Sets the SNIMatchers of the Server Name Indication (SNI) parameter.

Unit

Sets the desired SNIServerNames of the Server Name Indication (SNI) parameter.

Unit

Sets whether the local cipher suites preference should be honored.

open Unit
setWantClientAuth(wantClientAuth: Boolean)

Sets whether client authentication should be requested.

Public constructors

SSLParameters

Added in API level 9
SSLParameters()

Constructs SSLParameters.

The values of cipherSuites, protocols, cryptographic algorithm constraints, endpoint identification algorithm, server names and server name matchers are set to null, useCipherSuitesOrder, wantClientAuth and needClientAuth are set to false.

SSLParameters

Added in API level 9
SSLParameters(cipherSuites: Array<String!>!)

Constructs SSLParameters from the specified array of ciphersuites.

Calling this constructor is equivalent to calling the no-args constructor followed by setCipherSuites(cipherSuites);.

Parameters
cipherSuites Array<String!>!: the array of ciphersuites (or null)

SSLParameters

Added in API level 9
SSLParameters(
    cipherSuites: Array<String!>!,
    protocols: Array<String!>!)

Constructs SSLParameters from the specified array of ciphersuites and protocols.

Calling this constructor is equivalent to calling the no-args constructor followed by setCipherSuites(cipherSuites); setProtocols(protocols);.

Parameters
cipherSuites Array<String!>!: the array of ciphersuites (or null)
protocols Array<String!>!: the array of protocols (or null)

Public methods

getAlgorithmConstraints

Added in API level 24
open fun getAlgorithmConstraints(): AlgorithmConstraints!

Returns the cryptographic algorithm constraints.

Return
AlgorithmConstraints! the cryptographic algorithm constraints, or null if the constraints have not been set

getApplicationProtocols

Added in API level 29
open fun getApplicationProtocols(): Array<String!>!

Returns a prioritized array of application-layer protocol names that can be negotiated over the SSL/TLS protocols.

The array could be empty (zero-length), in which case protocol indications will not be used.

This method will return a new array each time it is invoked.

Return
Array<String!>! a non-null, possibly zero-length array of application protocol Strings. The array is ordered based on protocol preference, with protocols[0] being the most preferred.

getCipherSuites

Added in API level 9
open fun getCipherSuites(): Array<String!>!

Returns a copy of the array of ciphersuites or null if none have been set.

Return
Array<String!>! a copy of the array of ciphersuites or null if none have been set.

getEndpointIdentificationAlgorithm

Added in API level 24
open fun getEndpointIdentificationAlgorithm(): String!

Gets the endpoint identification algorithm.

Return
String! the endpoint identification algorithm, or null if none has been set.

getNeedClientAuth

Added in API level 9
open fun getNeedClientAuth(): Boolean

Returns whether client authentication should be required.

Return
Boolean whether client authentication should be required.

getProtocols

Added in API level 9
open fun getProtocols(): Array<String!>!

Returns a copy of the array of protocols or null if none have been set.

Return
Array<String!>! a copy of the array of protocols or null if none have been set.

getSNIMatchers

Added in API level 24
fun getSNIMatchers(): MutableCollection<SNIMatcher!>!

Returns a Collection containing all SNIMatchers of the Server Name Indication (SNI) parameter, or null if none has been set.

This method is only useful to SSLSockets or SSLEngines operating in server mode.

For better interoperability, providers generally will not define default matchers so that by default servers will ignore the SNI extension and continue the handshake.

Return
MutableCollection<SNIMatcher!>! null or an immutable collection of non-null SNIMatchers

getServerNames

Added in API level 24
fun getServerNames(): MutableList<SNIServerName!>!

Returns a List containing all SNIServerNames of the Server Name Indication (SNI) parameter, or null if none has been set.

This method is only useful to SSLSockets or SSLEngines operating in client mode.

For SSL/TLS connections, the underlying SSL/TLS provider may specify a default value for a certain server name type. In client mode, it is recommended that, by default, providers should include the server name indication whenever the server can be located by a supported server name type.

It is recommended that providers initialize default Server Name Indications when creating SSLSocket/SSLEngines. In the following examples, the server name could be represented by an instance of SNIHostName which has been initialized with the hostname "www.example.com" and type StandardConstants.SNI_HOST_NAME.

Socket socket =
          sslSocketFactory.createSocket("www.example.com", 443);
  
or
SSLEngine engine =
          sslContext.createSSLEngine("www.example.com", 443);
  

Return
MutableList<SNIServerName!>! null or an immutable list of non-null SNIServerNames

getUseCipherSuitesOrder

Added in API level 24
fun getUseCipherSuitesOrder(): Boolean

Returns whether the local cipher suites preference should be honored.

Return
Boolean whether local cipher suites order in getCipherSuites should be honored during SSL/TLS handshaking.

getWantClientAuth

Added in API level 9
open fun getWantClientAuth(): Boolean

Returns whether client authentication should be requested.

Return
Boolean whether client authentication should be requested.

setAlgorithmConstraints

Added in API level 24
open fun setAlgorithmConstraints(constraints: AlgorithmConstraints!): Unit

Sets the cryptographic algorithm constraints, which will be used in addition to any configured by the runtime environment.

If the constraints parameter is non-null, every cryptographic algorithm, key and algorithm parameters used in the SSL/TLS handshake must be permitted by the constraints.

Parameters
constraints AlgorithmConstraints!: the algorithm constraints (or null)

setApplicationProtocols

Added in API level 29
open fun setApplicationProtocols(protocols: Array<String!>!): Unit

Sets the prioritized array of application-layer protocol names that can be negotiated over the SSL/TLS protocols.

If application-layer protocols are supported by the underlying SSL/TLS implementation, this method configures which values can be negotiated by protocols such as RFC 7301 , the Application Layer Protocol Negotiation (ALPN).

If this end of the connection is expected to offer application protocol values, all protocols configured by this method will be sent to the peer.

If this end of the connection is expected to select the application protocol value, the protocols configured by this method are compared with those sent by the peer. The first matched value becomes the negotiated value. If none of the protocols were actually requested by the peer, the underlying protocol will determine what action to take. (For example, ALPN will send a "no_application_protocol" alert and terminate the connection.)

Parameters
protocols Array<String!>!: an ordered array of application protocols, with protocols[0] being the most preferred. If the array is empty (zero-length), protocol indications will not be used.
Exceptions
java.lang.IllegalArgumentException if protocols is null, or if any element in a non-empty array is null or an empty (zero-length) string

setCipherSuites

Added in API level 9
open fun setCipherSuites(cipherSuites: Array<String!>!): Unit

Sets the array of ciphersuites.

Parameters
cipherSuites Array<String!>!: the array of ciphersuites (or null)

setEndpointIdentificationAlgorithm

Added in API level 24
open fun setEndpointIdentificationAlgorithm(algorithm: String!): Unit

Sets the endpoint identification algorithm.

If the algorithm parameter is non-null or non-empty, the endpoint identification/verification procedures must be handled during SSL/TLS handshaking. This is to prevent on-path attacks.

Parameters
algorithm String!: The standard string name of the endpoint identification algorithm (or null). See Appendix A in the Java Cryptography Architecture API Specification & Reference for information about standard algorithm names.

setNeedClientAuth

Added in API level 9
open fun setNeedClientAuth(needClientAuth: Boolean): Unit

Sets whether client authentication should be required. Calling this method clears the wantClientAuth flag.

Parameters
needClientAuth Boolean: whether client authentication should be required

setProtocols

Added in API level 9
open fun setProtocols(protocols: Array<String!>!): Unit

Sets the array of protocols.

Parameters
protocols Array<String!>!: the array of protocols (or null)

setSNIMatchers

Added in API level 24
fun setSNIMatchers(matchers: MutableCollection<SNIMatcher!>!): Unit

Sets the SNIMatchers of the Server Name Indication (SNI) parameter.

This method is only useful to SSLSockets or SSLEngines operating in server mode.

Note that the matchers collection is cloned to protect against subsequent modification.

Parameters
matchers MutableCollection<SNIMatcher!>!: the collection of SNIMatchers (or null)
Exceptions
java.lang.NullPointerException if the matchers contains null element
java.lang.IllegalArgumentException if the matchers contains more than one name of the same name type

setServerNames

Added in API level 24
fun setServerNames(serverNames: MutableList<SNIServerName!>!): Unit

Sets the desired SNIServerNames of the Server Name Indication (SNI) parameter.

This method is only useful to SSLSockets or SSLEngines operating in client mode.

Note that the serverNames list is cloned to protect against subsequent modification.

Parameters
serverNames MutableList<SNIServerName!>!: the list of desired SNIServerNames (or null)
Exceptions
java.lang.NullPointerException if the serverNames contains null element
java.lang.IllegalArgumentException if the serverNames contains more than one name of the same name type

setUseCipherSuitesOrder

Added in API level 24
fun setUseCipherSuitesOrder(honorOrder: Boolean): Unit

Sets whether the local cipher suites preference should be honored.

Parameters
honorOrder Boolean: whether local cipher suites order in getCipherSuites should be honored during SSL/TLS handshaking.

setWantClientAuth

Added in API level 9
open fun setWantClientAuth(wantClientAuth: Boolean): Unit

Sets whether client authentication should be requested. Calling this method clears the needClientAuth flag.

Parameters
wantClientAuth Boolean: whether client authentication should be requested