JavaTM 2 Platform
Std. Ed. v1.4.0

javax.net.ssl
Class SSLServerSocket

java.lang.Object
  |
  +--java.net.ServerSocket
        |
        +--javax.net.ssl.SSLServerSocket

public abstract class SSLServerSocket
extends ServerSocket

This class extends ServerSockets and provides secure server sockets using protocols such as the Secure Sockets Layer (SSL) or Transport Layer Security (TLS) protocols.

Instances of this class are generally created using a SSLServerSocketFactory. The primary function of SSLServerSockets is to create SSLSockets by accepting connections.

SSLServerSockets contain several pieces of state data which are inherited by the SSLSocket at socket creation. These include the enabled cipher suites and protocols, whether client authentication is necessary, and whether created sockets should begin handshaking in client or server mode. The state inherited by the created SSLSocket can be overriden by calling the appropriate methods.

Since:
1.4
See Also:
ServerSocket, SSLSocket

Constructor Summary
protected SSLServerSocket()
          Used only by subclasses.
protected SSLServerSocket(int port)
          Used only by subclasses.
protected SSLServerSocket(int port, int backlog)
          Used only by subclasses.
protected SSLServerSocket(int port, int backlog, InetAddress address)
          Used only by subclasses.
 
Method Summary
abstract  String[] getEnabledCipherSuites()
          Returns the list of cipher suites which are currently enabled for use by newly accepted connections.
abstract  String[] getEnabledProtocols()
          Returns the names of the protocols which are currently enabled for use by the newly accepted connections.
abstract  boolean getEnableSessionCreation()
          Returns true if new SSL sessions may be established by the sockets which are created from this server socket.
abstract  boolean getNeedClientAuth()
          Returns true if client authentication is required on newly accepted connections.
abstract  String[] getSupportedCipherSuites()
          Returns the names of the cipher suites which could be enabled for use on an SSL connection.
abstract  String[] getSupportedProtocols()
          Returns the names of the protocols which could be enabled for use.
abstract  boolean getUseClientMode()
          Returns true if accepted connections will be in SSL client mode.
abstract  boolean getWantClientAuth()
          Returns true if client authentication is requested on newly accepted connections.
abstract  void setEnabledCipherSuites(String[] suites)
          Controls which particular SSL cipher suites are enabled for use by accepted connections.
abstract  void setEnabledProtocols(String[] protocols)
          Controls which particular protocols are enabled for use by accepted connections.
abstract  void setEnableSessionCreation(boolean flag)
          Controls whether new SSL sessions may be established by the sockets which are created from this server socket.
abstract  void setNeedClientAuth(boolean flag)
          Controls whether the connections which are accepted must include successful client authentication.
abstract  void setUseClientMode(boolean flag)
          Controls whether accepted connections are in the (default) SSL server mode, or the SSL client mode.
abstract  void setWantClientAuth(boolean flag)
          Controls whether the connections which are accepted should request client authentication as part of the SSL negotiations.
 
Methods inherited from class java.net.ServerSocket
accept, bind, bind, close, getChannel, getInetAddress, getLocalPort, getLocalSocketAddress, getReceiveBufferSize, getReuseAddress, getSoTimeout, implAccept, isBound, isClosed, setReceiveBufferSize, setReuseAddress, setSocketFactory, setSoTimeout, toString
 
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, wait, wait, wait
 

Constructor Detail

SSLServerSocket

protected SSLServerSocket()
                   throws IOException
Used only by subclasses. Create an unbound TCP server socket using the default authentication context.

Throws:
IOException - if an I/O error occurs when creating the socket

SSLServerSocket

protected SSLServerSocket(int port)
                   throws IOException
Used only by subclasses. Create a TCP server socket on a port, using the default authentication context. The connection backlog defaults to fifty connections queued up before the system starts to reject new connection requests.

Parameters:
port - the port on which to listen
Throws:
IOException - if an I/O error occurs when creating the socket

SSLServerSocket

protected SSLServerSocket(int port,
                          int backlog)
                   throws IOException
Used only by subclasses. Create a TCP server socket on a port, using the default authentication context and a specified backlog of connections.

Parameters:
port - the port on which to listen
backlog - how many connections may be pending before the system should start rejecting new requests
Throws:
IOException - if an I/O error occurs when creating the socket

SSLServerSocket

protected SSLServerSocket(int port,
                          int backlog,
                          InetAddress address)
                   throws IOException
Used only by subclasses. Create a TCP server socket on a port, using the default authentication context and a specified backlog of connections as well as a particular specified network interface. This constructor is used on multihomed hosts, such as those used for firewalls or as routers, to control through which interface a network service is provided.

Parameters:
port - the port on which to listen
backlog - how many connections may be pending before the system should start rejecting new requests
address - the address of the network interface through which connections will be accepted
Throws:
IOException - if an I/O error occurs when creating the socket
Method Detail

getEnabledCipherSuites

public abstract String[] getEnabledCipherSuites()
Returns the list of cipher suites which are currently enabled for use by newly accepted connections. If this has not been explicitly modified, a system-provided default guarantees a minimum quality of service in all enabled cipher suites.

There are several reasons why an enabled cipher suite might not actually be used. For example: the server socket might not have appropriate private keys available to it or the cipher suite might be anonymous, precluding the use of client authentication, while the server socket has been told to require that sort of authentication.

Returns:
an array of cipher suites enabled
See Also:
getSupportedCipherSuites(), setEnabledCipherSuites(String [])

setEnabledCipherSuites

public abstract void setEnabledCipherSuites(String[] suites)
Controls which particular SSL cipher suites are enabled for use by accepted connections. The cipher suites must have been listed by getSupportedCipherSuites() as being supported. Suites which require authentication information which is not available in this ServerSocket's authentication context will not be used in any case, even if they are enabled.

SSLSockets returned from accept() inherit this setting.

Parameters:
suites - Names of all the cipher suites to enable
Throws:
IllegalArgumentException - when one or more of ciphers named by the parameter is not supported, or when the parameter is null.
See Also:
getSupportedCipherSuites(), getEnabledCipherSuites()

getSupportedCipherSuites

public abstract String[] getSupportedCipherSuites()
Returns the names of the cipher suites which could be enabled for use on an SSL connection. Normally, only a subset of these will actually be enabled by default, since this list may include cipher suites which do not meet quality of service requirements for those defaults. Such cipher suites are useful in specialized applications.

Returns:
an array of cipher suite names
See Also:
getEnabledCipherSuites(), setEnabledCipherSuites(String [])

getSupportedProtocols

public abstract String[] getSupportedProtocols()
Returns the names of the protocols which could be enabled for use.

Returns:
an array of protocol names supported
See Also:
getEnabledProtocols(), setEnabledProtocols(String [])

getEnabledProtocols

public abstract String[] getEnabledProtocols()
Returns the names of the protocols which are currently enabled for use by the newly accepted connections.

Returns:
an array of protocol names
See Also:
getSupportedProtocols(), setEnabledProtocols(String [])

setEnabledProtocols

public abstract void setEnabledProtocols(String[] protocols)
Controls which particular protocols are enabled for use by accepted connections. The protocols must have been listed by getSupportedProtocols() as being supported.

SSLSockets returned from accept() inherit this setting.

Parameters:
protocols - Names of all the protocols to enable.
Throws:
IllegalArgumentException - when one or more of the protocols named by the parameter is not supported or when the protocols parameter is null.
See Also:
getEnabledProtocols(), getSupportedProtocols()

setNeedClientAuth

public abstract void setNeedClientAuth(boolean flag)
Controls whether the connections which are accepted must include successful client authentication. This option is only useful for sockets in the server mode.

Unlike setWantClientAuth(boolean), if the client chooses not to provide authentication information about itself, the negotiations will stop and the connection will be dropped.

SSLSockets returned from accept() inherit this setting.

Parameters:
flag - true if the clients must authenticate themselves. Setting this parameter to true overrides the current setting of setWantClientAuth(boolean).
See Also:
getNeedClientAuth(), setWantClientAuth(boolean), getWantClientAuth(), setUseClientMode(boolean)

getNeedClientAuth

public abstract boolean getNeedClientAuth()
Returns true if client authentication is required on newly accepted connections. This option is only useful for sockets in the server mode.

Returns:
true if the clients must authenticate themselves.
See Also:
setNeedClientAuth(boolean), setWantClientAuth(boolean), getWantClientAuth(), setUseClientMode(boolean)

setWantClientAuth

public abstract void setWantClientAuth(boolean flag)
Controls whether the connections which are accepted should request client authentication as part of the SSL negotiations. This option is only useful for sockets in the server mode.

Unlike setNeedClientAuth(boolean), if the client chooses not to provide authentication information about itself, the negotiations will continue.

SSLSockets returned from accept() inherit this setting.

Parameters:
flag - true if the clients should try to authenticate themselves. Setting this parameter to true overrides the current setting of setNeedClientAuth(boolean).
See Also:
getWantClientAuth(), setNeedClientAuth(boolean), getNeedClientAuth(), setUseClientMode(boolean)

getWantClientAuth

public abstract boolean getWantClientAuth()
Returns true if client authentication is requested on newly accepted connections. This option is only useful for sockets in the server mode.

Returns:
true if the clients must authenticate themselves.
See Also:
setWantClientAuth(boolean), setNeedClientAuth(boolean), getNeedClientAuth(), setUseClientMode(boolean)

setUseClientMode

public abstract void setUseClientMode(boolean flag)
Controls whether accepted connections are in the (default) SSL server mode, or the SSL client mode. Servers normally authenticate themselves, and clients are not required to do so.

In rare cases, TCP servers need to act in the SSL client mode on newly accepted connections. For example, FTP clients acquire server sockets and listen there for reverse connections from the server. An FTP client would use an SSLServerSocket in "client" mode to accept the reverse connection while the FTP server uses an SSLSocket with "client" mode disabled to initiate the connection. During the resulting handshake, existing SSL sessions may be reused.

SSLSockets returned from accept() inherit this setting.

Parameters:
flag - true if newly accepted connections should use SSL client mode.
See Also:
getUseClientMode()

getUseClientMode

public abstract boolean getUseClientMode()
Returns true if accepted connections will be in SSL client mode.

Returns:
true if the connection should use SSL client mode.
See Also:
setUseClientMode(boolean)

setEnableSessionCreation

public abstract void setEnableSessionCreation(boolean flag)
Controls whether new SSL sessions may be established by the sockets which are created from this server socket.

SSLSockets returned from accept() inherit this setting.

Parameters:
flag - true indicates that sessions may be created; this is the default. false indicates that an existing session must be resumed.
See Also:
getEnableSessionCreation()

getEnableSessionCreation

public abstract boolean getEnableSessionCreation()
Returns true if new SSL sessions may be established by the sockets which are created from this server socket.

Returns:
true indicates that sessions may be created; this is the default. false indicates that an existing session must be resumed.
See Also:
setEnableSessionCreation(boolean)

JavaTM 2 Platform
Std. Ed. v1.4.0

Submit a bug or feature
For further API reference and developer documentation, see Java 2 SDK SE Developer Documentation. That documentation contains more detailed, developer-targeted descriptions, with conceptual overviews, definitions of terms, workarounds, and working code examples.

Java, Java 2D, and JDBC are trademarks or registered trademarks of Sun Microsystems, Inc. in the US and other countries.
Copyright 1993-2002 Sun Microsystems, Inc. 901 San Antonio Road
Palo Alto, California, 94303, U.S.A. All Rights Reserved.