Interface TlsConfig

All Superinterfaces:
Prototype.Api, Prototype.Factory<Tls>
All Known Implementing Classes:

public interface TlsConfig extends Prototype.Api
Interface generated from definition. Please add javadoc to the definition interface.
See Also:
  • Field Details

  • Method Details

    • builder

      static TlsConfig.Builder builder()
      Create a new fluent API builder to customize configuration.
      a new builder
    • builder

      static TlsConfig.Builder builder(TlsConfig instance)
      Create a new fluent API builder from an existing instance.
      instance - an existing instance used as a base for the builder
      a builder based on an instance
    • create

      static TlsConfig create(Config config)
      Create a new instance from configuration.
      config - used to configure the new instance
      a new instance configured from configuration
    • create

      static TlsConfig create()
      Create a new instance with default values.
      a new instance
    • sslContext

      Optional<SSLContext> sslContext()
      Provide a fully configured SSLContext. If defined, context related configuration is ignored.
      SSL context to use
    • privateKey

      Optional<PrivateKey> privateKey()
      Private key to use. For server side TLS, this is required. For client side TLS, this is optional (used when mutual TLS is enabled).
      private key to use
    • privateKeyCertChain

      List<X509Certificate> privateKeyCertChain()
      Certificate chain of the private key.
      private key certificate chain, only used when private key is configured
    • trust

      List of certificates that form the trust manager.
      certificates to be trusted
    • manager

      TlsManager manager()
      The Tls manager. If one is not explicitly defined in the config then a default manager will be created.
      the tls manager of the tls instance
      See Also:
    • secureRandom

      Optional<SecureRandom> secureRandom()
      Explicit secure random to use.
      secure random to use
    • sslParameters

      Optional<SSLParameters> sslParameters()
      Configure SSL parameters. This will always have a value, as we compute ssl parameters in a builder interceptor from configured options.
      SSL parameters to use
    • secureRandomProvider

      Optional<String> secureRandomProvider()
      Provider to use when creating a new secure random. When defined, secureRandomAlgorithm() must be defined as well.
      provider to use, by default no provider is specified
    • secureRandomAlgorithm

      Optional<String> secureRandomAlgorithm()
      Algorithm to use when creating a new secure random.
      algorithm to use, by default uses SecureRandom constructor
    • keyManagerFactoryAlgorithm

      Optional<String> keyManagerFactoryAlgorithm()
      Algorithm of the key manager factory used when private key is defined. Defaults to KeyManagerFactory.getDefaultAlgorithm().
      algorithm to use
    • keyManagerFactoryProvider

      Optional<String> keyManagerFactoryProvider()
      Key manager factory provider.
      provider to use
    • trustManagerFactoryAlgorithm

      Optional<String> trustManagerFactoryAlgorithm()
      Trust manager factory algorithm.
      algorithm to use
    • trustManagerFactoryProvider

      Optional<String> trustManagerFactoryProvider()
      Trust manager factory provider to use.
      provider to use
    • applicationProtocols

      List<String> applicationProtocols()
      Configure list of supported application protocols (such as h2) for application layer protocol negotiation (ALPN).
      application protocols
    • endpointIdentificationAlgorithm

      String endpointIdentificationAlgorithm()
      Identification algorithm for SSL endpoints.
      configure endpoint identification algorithm, or set to NONE to disable endpoint identification (equivalent to hostname verification). Defaults to "HTTPS"
    • enabled

      boolean enabled()
      Flag indicating whether Tls is enabled.
      enabled flag
    • trustAll

      boolean trustAll()
      Trust any certificate provided by the other side of communication.

      This is a dangerous setting: if set to true, any certificate will be accepted, throwing away most of the security advantages of TLS. NEVER do this in production.

      whether to trust all certificates, do not use in production
    • clientAuth

      TlsClientAuth clientAuth()
      Configure requirement for mutual TLS.
      what type of mutual TLS to use, defaults to TlsClientAuth.NONE
    • protocol

      String protocol()
      Configure the protocol used to obtain an instance of SSLContext.
      protocol to use, defaults to "TLS"
    • provider

      Optional<String> provider()
      Use explicit provider to obtain an instance of SSLContext.
      provider to use, defaults to none (only protocol() is used by default)
    • enabledCipherSuites

      List<String> enabledCipherSuites()
      Enabled cipher suites for TLS communication.
      cipher suits to enable, by default (or if list is empty), all available cipher suites are enabled
    • enabledProtocols

      List<String> enabledProtocols()
      Enabled protocols for TLS communication. Example of valid values for TLS protocol: TLSv1.3, TLSv1.2
      protocols to enable, by default (or if list is empty), all available protocols are enabled
    • sessionCacheSize

      int sessionCacheSize()
      SSL session cache size.
      session cache size, defaults to 20480.
    • sessionTimeout

      Duration sessionTimeout()
      SSL session timeout.
      session timeout, defaults to "PT24H".
    • internalKeystoreType

      Optional<String> internalKeystoreType()
      Type of the key stores used internally to create a key and trust manager factories.
      keystore type, defaults to KeyStore.getDefaultType()
    • internalKeystoreProvider

      Optional<String> internalKeystoreProvider()
      Provider of the key stores used internally to create a key and trust manager factories.
      keystore provider, if not defined, provider is not specified