iSaSiLk 6.1, (c) 2002 IAIK, (c) 2003 - 2015 SICpublic abstract class TLS13PostHandshakeConfig
extends java.lang.Object
implements java.lang.Cloneable
This class may be used by an application to provide some configuration options when
triggering some
post handshake action. At minimum the TLS13PostHandshakeConfig specifies the type of post handshake
to be performed (either NEW_SESSION_TICKET
to send a new session ticket to the client, POST_HANDSHAKE_AUTH to
request post client authentication, or KEY_UPDATE to perform a key update).
Sending a new session ticket or requesting post client authentication may
be only triggered on the server side, a key update may be done on both, client
or server side.
For triggering some post handshake action method SSLSocket.postHandshake(TLS13PostHandshakeConfig)
has to be called on the SSLSocket/SSLTransport in use. When
calling sslSocket.postHandshake() to explicitly trigger a post handshake action care
has to be taken that the regular handshake has been already finished (and some data has
been exchanged) and a protocol version >=1.3 has been negotiated, e.g.:
SSLSocket sslSocket = ...; ... sslSocket.startHandshake(); ... // do some data reading/writing ... boolean triggerKeyUpdate = true; TLS13KeyUpdateConfig keyUpdateConfig = new TLS13KeyUpdateConfig(triggerKeyUpdate); sslSocket.postHandshake(keyUpdateConfig);In practice post handshaking may be used very carefully and may depend on the post handshake capabilities of the peer. For instance, it does not make sense to request post handshake authentication from a client that has not sent a PostHandshakeAuth extension indicating that it is able to do post handshake authentication. Furthermore successful post handshaking may depend on the way the peer does handle it. For instance, a client may send its post handshake authentication messages immediately after having received the post handshake authentication request from the server or may send some amount of application data before sending the post handshake authentication messages. iSaSiLk provides several configuration options that may be tried to handle post handshaking in a way most suitable for the intended peer.
| Modifier and Type | Class and Description |
|---|---|
static class |
TLS13PostHandshakeConfig.TLS13KeyUpdateConfig
Configuration for post handshake type
KEY_UPDATE. |
static class |
TLS13PostHandshakeConfig.TLS13NewSessionTicketConfig
Configuration for post handshake type
NEW_SESSION_TICKET. |
static class |
TLS13PostHandshakeConfig.TLS13PostHandshakeAuthConfig
Configuration for post handshake type
POST_HANDSHAKE_AUTH. |
| Modifier and Type | Field and Description |
|---|---|
static int |
KEY_UPDATE
Post handshake type
key_update. |
static int |
NEW_SESSION_TICKET
Post handshake type
new_session_ticket. |
static int |
POST_HANDSHAKE_AUTH
Post handshake type
post_handshake_auth. |
| Modifier and Type | Method and Description |
|---|---|
java.lang.Object |
clone()
Returns a clone of this TLS13PostHandshakeAuthConfig.
|
static void |
setMaxNumberOfPostHandshakeMessages(int maxNumber)
Sets the maximum allowed number of TLS 1.3 post handshake messages
that may arrive during a session.
|
static void |
setMaxNumberOfSubsequentPostHandshakeMessages(int maxNumber)
Sets the maximum number of subsequent TLS 1.3 post handshake messages
to be allowed.
|
public static final int NEW_SESSION_TICKET
new_session_ticket.
public static final int POST_HANDSHAKE_AUTH
post_handshake_auth.
PostHandshakeAuth in its ClientHello message.public static final int KEY_UPDATE
key_update.
public static void setMaxNumberOfSubsequentPostHandshakeMessages(int maxNumber)
This method may be used to configure the maximum number of TLS 1.3 post handshake messages that may arrive in subsequent order without any other kind of (application data) message in between. The default value is 30 meaning that up to 30 post handshake messages may arrive in subsequent order before the connection will be shutdown with an unexpected_message alert. This post handshake message boundary shall prevent from receiving too many post handshake messages without receiving any data in between so that a malicious peer cannot force the connection in an endless key update loop.
maxNumber - the maximum number of subsequent TLS 1.3 post handshake
messages to be allowed (default: 30)java.lang.IllegalArgumentException - if the specified maximum number is <1public static void setMaxNumberOfPostHandshakeMessages(int maxNumber)
This method may be used to configure the maximum allowed number of TLS 1.3 post handshake messages that may arrive during a session. By default there is no limit on the total number of post handshake messages that may arrive during a session. However, a limit may be set to prevent from receiving too many post handshakes during a session.
maxNumber - the maximum allowed number of TLS 1.3 post handshake
messages that may arrive during a session (default: -1; no limit)public java.lang.Object clone()
clone in class java.lang.Object