SSL - dogtagpki/jss GitHub Wiki

Ciphers

To specify the SSL version range:

int min = ...;
int max = ...;
SSLProtocolVariant protoVariant = ...;

SSLVersionRange range = new SSLVersionRange(min, max);
SSLSocket.setSSLVersionRangeDefault(protoVariant, range);

To enable/disable a cipher:

int cipherID = ...;
boolean state = ...;

SSLSocket.setCipherPreferenceDefault(cipherID, state);

Deprecated API

To enable/disable SSL 2 for all subsequently opened sockets:

boolean enable = ...;

SSLSocket.enableSSL2Default(enable);

To enable/disable SSL 3 for all subsequently opened sockets:

boolean enable = ...;

SSLSocket.enableSSL3Default(true);

To enable/disable TLS for all subsequently opened sockets:

boolean enable = ...;

SSLSocket.enableTLSDefault(true);

SSL Certificate Callbacks

public interface SSLCertificateApprovalCallback {
    public boolean approve(X509Certificate cert, ValidityStatus status);
}

public interface SSLClientCertificateSelectionCallback {
    public String select(Vector nicknames);
}
SSLCertificateApprovalCallback certApprovalCallback = ...;
SSLClientCertificateSelectionCallback clientCertSelectionCallback = ...;

Socket socket = new SSLSocket(
    remoteAddr,
    remotePort,
    localAddr,
    localPort,
    certApprovalCallback,
    clientCertSelectionCallback
);

See Also

⚠️ **GitHub.com Fallback** ⚠️