|
|||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | ||||||||
SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |
java.lang.Object iaik.security.ssl.TLS13PostHandshakeConfig iaik.security.ssl.TLS13PostHandshakeConfig.TLS13PostHandshakeAuthConfig
public static final class TLS13PostHandshakeConfig.TLS13PostHandshakeAuthConfig
Configuration for post handshake type POST_HANDSHAKE_AUTH
.
At at time after the regular handshake has been finished a server
may request post client authentication by sending a certificate_request
message to the client (provided the client has sent a PostHandshakeAuth
extension in its ClientHello message to indicate that
it is willing to fulfill a post handshake authentication request.
The client then has to respond with the required authentication
messages (certificate, certificate_verify, finished). However, the client is
not requested to immediately respond to a post authentication request. The client
may send an arbitrary amount of data before responding to the authentication request.
To trigger a post client authentication request a server may specify
a TLS13PostHandshakeAuthConfig object when calling method
postHandshake
on the SSLSocket communicating with the client:
SSLSocket sslSocket = ...; ... TLS13PostHandshakeAuthConfig postHandshakeConfig = new TLS13PostHandshakeAuthConfig(); sslSocket.postHandshake(postHandshakeConfig); ...It may be of advantage to trigger the post authentication client request during writing data to the client and do some read() call immediately after having submitted the request. However, since the client is not requested to immediately respond to a post authentication request (see above) a certain data limit may be provided when creating the post handshake auth configuration:
SSLSocket sslSocket = ...; long dataLimit = ...; ... TLS13PostHandshakeAuthConfig postHandshakeConfig = new TLS13PostHandshakeAuthConfig(dataLimit); sslSocket.postHandshake(postHandshakeConfig); ...The iSaSiLk server then will check the data processed after an client authentication request has been send and shut down the connection when too much data has been processed but the client has not sent the requested authentication messages.
In any case when having received the client post authentication messages an
iSaSiLk server will send a NewSessionTicket
message to accommodate
the new client certificate, except for the iSaSiLk server is configured
to not send a NewSessionTicketMessage after having received the
client authentication messages.
Nested Class Summary |
---|
Nested classes/interfaces inherited from class iaik.security.ssl.TLS13PostHandshakeConfig |
---|
TLS13PostHandshakeConfig.TLS13KeyUpdateConfig, TLS13PostHandshakeConfig.TLS13NewSessionTicketConfig, TLS13PostHandshakeConfig.TLS13PostHandshakeAuthConfig |
Field Summary |
---|
Fields inherited from class iaik.security.ssl.TLS13PostHandshakeConfig |
---|
KEY_UPDATE, NEW_SESSION_TICKET, POST_HANDSHAKE_AUTH |
Constructor Summary | |
---|---|
TLS13PostHandshakeConfig.TLS13PostHandshakeAuthConfig()
Default constructor. |
|
TLS13PostHandshakeConfig.TLS13PostHandshakeAuthConfig(long dataLimit)
Creates a TLS13PostHandshakeAuthConfig with the given data limit. |
Method Summary | |
---|---|
java.lang.Object |
clone()
Returns a clone of this TLS13PostHandshakeAuthConfig. |
void |
setReadClientResponse(boolean read)
Sets whether to try to read the client authentication messages immediately after having sent the post handshake certificate_request message. |
static void |
setSendNewSessionTicket(boolean sendNewSessionTicket)
Sets whether the server shall send a NewSessionTicket message immediately after having received the client authentication messages. |
Methods inherited from class iaik.security.ssl.TLS13PostHandshakeConfig |
---|
setMaxNumberOfPostHandshakeMessages, setMaxNumberOfSubsequentPostHandshakeMessages |
Methods inherited from class java.lang.Object |
---|
equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait |
Constructor Detail |
---|
public TLS13PostHandshakeConfig.TLS13PostHandshakeAuthConfig()
public TLS13PostHandshakeConfig.TLS13PostHandshakeAuthConfig(long dataLimit)
dataLimit
- specifies how much data maybe processed until the
client has to send the requested authentication messages after
having received a post authentication request.Method Detail |
---|
public static void setSendNewSessionTicket(boolean sendNewSessionTicket)
sendNewSessionTicket
- whether to send a NewSessionTicket message immediately
after having received the client authentication messages
(default: true
; a NewSessionTicket message
is sent if session caching is enabled)public void setReadClientResponse(boolean read)
When set to true
the iSaSiLk server tries to read
the client authentication messages immediately after having sent
the post handshake certificate_request message. Any application
data that the client sends in front of the the client authentication messages
is internally buffered to be pushed back after the client authentication messages
have arrived. However, this may cause an exception if too much application
data is sent to can be internally buffered. For that reason you may call
setReadClientResponse(true);
only if you are sure that the client
will send the authentication messages immediately (or at least reasonable)
soon after having received the post handshake authentication request.
Alternatively you may make some explicitly read() call after having triggered
the post handshake authentication request to explicitly handle any blocking
condition or receiving of application data before receiving the authentication
messages.
read
- true
if trying to read the client authentication response
immediately after having sent the authentication request,
false
if not trying to read the response (default)public java.lang.Object clone()
clone
in class TLS13PostHandshakeConfig
|
This Javadoc may contain text parts from text parts from IETF Internet Standard specifications (see copyright note). | ||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | ||||||||
SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |