Class OpenSsl

java.lang.Object
io.netty.handler.ssl.OpenSsl
public final class OpenSsl extends Object
Tells if netty-tcnative and its OpenSSL support are available.

  • Field Details

    • logger

      private static final InternalLogger logger

    • UNAVAILABILITY_CAUSE

      private static final Throwable UNAVAILABILITY_CAUSE

    • DEFAULT_CIPHERS

      static final List<String> DEFAULT_CIPHERS

    • AVAILABLE_CIPHER_SUITES

      static final Set<String> AVAILABLE_CIPHER_SUITES

    • AVAILABLE_OPENSSL_CIPHER_SUITES

      private static final Set<String> AVAILABLE_OPENSSL_CIPHER_SUITES

    • AVAILABLE_JAVA_CIPHER_SUITES

      private static final Set<String> AVAILABLE_JAVA_CIPHER_SUITES

    • SUPPORTS_KEYMANAGER_FACTORY

      private static final boolean SUPPORTS_KEYMANAGER_FACTORY

    • USE_KEYMANAGER_FACTORY

      private static final boolean USE_KEYMANAGER_FACTORY

    • SUPPORTS_OCSP

      private static final boolean SUPPORTS_OCSP

    • TLSV13_SUPPORTED

      private static final boolean TLSV13_SUPPORTED

    • IS_BORINGSSL

      private static final boolean IS_BORINGSSL

    • IS_AWSLC

      private static final boolean IS_AWSLC

    • CLIENT_DEFAULT_PROTOCOLS

      private static final Set<String> CLIENT_DEFAULT_PROTOCOLS

    • SERVER_DEFAULT_PROTOCOLS

      private static final Set<String> SERVER_DEFAULT_PROTOCOLS

    • SUPPORTED_PROTOCOLS_SET

      static final Set<String> SUPPORTED_PROTOCOLS_SET

    • EXTRA_SUPPORTED_TLS_1_3_CIPHERS

      static final String[] EXTRA_SUPPORTED_TLS_1_3_CIPHERS

    • EXTRA_SUPPORTED_TLS_1_3_CIPHERS_STRING

      static final String EXTRA_SUPPORTED_TLS_1_3_CIPHERS_STRING

    • NAMED_GROUPS

      static final String[] NAMED_GROUPS

    • JAVAX_CERTIFICATE_CREATION_SUPPORTED

      static final boolean JAVAX_CERTIFICATE_CREATION_SUPPORTED

    • DEFAULT_NAMED_GROUPS

      private static final String[] DEFAULT_NAMED_GROUPS

  • Constructor Details

    • OpenSsl

      private OpenSsl()

  • Method Details

    • checkTls13Ciphers

      static String checkTls13Ciphers(InternalLogger logger, String ciphers)

    • isSessionCacheSupported

      static boolean isSessionCacheSupported()

    • selfSignedCertificate

      static X509Certificate selfSignedCertificate() throws CertificateException
      Returns a self-signed X509Certificate for netty.io.
      Throws:
      CertificateException

    • doesSupportOcsp

      private static boolean doesSupportOcsp()

    • doesSupportProtocol

      private static boolean doesSupportProtocol(int protocol, int opt)

    • isAvailable

      public static boolean isAvailable()
      Returns true if and only if netty-tcnative and its OpenSSL support are available.

    • isAlpnSupported

      @Deprecated public static boolean isAlpnSupported()
      Deprecated.
      use SslProvider.isAlpnSupported(SslProvider) with SslProvider.OPENSSL.
      Returns true if the used version of openssl supports ALPN.

    • isOcspSupported

      public static boolean isOcspSupported()
      Returns true if the used version of OpenSSL supports OCSP stapling.

    • version

      public static int version()
      Returns the version of the used available OpenSSL library or -1 if isAvailable() returns false.

    • versionString

      public static String versionString()
      Returns the version string of the used available OpenSSL library or null if isAvailable() returns false.

    • ensureAvailability

      public static void ensureAvailability()
      Ensure that netty-tcnative and its OpenSSL support are available.
      Throws:
      UnsatisfiedLinkError - if unavailable

    • unavailabilityCause

      public static Throwable unavailabilityCause()
      Returns the cause of unavailability of netty-tcnative and its OpenSSL support.
      Returns:
      the cause if unavailable. null if available.

    • availableCipherSuites

      @Deprecated public static Set<String> availableCipherSuites()
      Deprecated.
      use availableOpenSslCipherSuites()

    • availableOpenSslCipherSuites

      public static Set<String> availableOpenSslCipherSuites()
      Returns all the available OpenSSL cipher suites. Please note that the returned array may include the cipher suites that are insecure or non-functional.

    • availableJavaCipherSuites

      public static Set<String> availableJavaCipherSuites()
      Returns all the available cipher suites (Java-style). Please note that the returned array may include the cipher suites that are insecure or non-functional.

    • isCipherSuiteAvailable

      public static boolean isCipherSuiteAvailable(String cipherSuite)
      Returns true if and only if the specified cipher suite is available in OpenSSL. Both Java-style cipher suite and OpenSSL-style cipher suite are accepted.

    • supportsKeyManagerFactory

      public static boolean supportsKeyManagerFactory()
      Returns true if KeyManagerFactory is supported when using OpenSSL.

    • supportsHostnameValidation

      @Deprecated public static boolean supportsHostnameValidation()
      Deprecated.
      Will be removed because hostname validation is always done by a TrustManager implementation.
      Always returns true if isAvailable() returns true.

    • useKeyManagerFactory

      static boolean useKeyManagerFactory()

    • memoryAddress

      static long memoryAddress(ByteBuf buf)

    • loadTcNative

      private static void loadTcNative() throws Exception
      Throws:
      Exception

    • initializeTcNative

      private static boolean initializeTcNative(String engine) throws Exception
      Throws:
      Exception

    • releaseIfNeeded

      static void releaseIfNeeded(ReferenceCounted counted)

    • isTlsv13Supported

      static boolean isTlsv13Supported()

    • isOptionSupported

      static boolean isOptionSupported(SslContextOption<?> option)

    • defaultProtocols

      private static Set<String> defaultProtocols(String property)

    • defaultProtocols

      static String[] defaultProtocols(boolean isClient)

    • isBoringSSL

      static boolean isBoringSSL()

    • isAWSLC

      static boolean isAWSLC()