This implementation uses the {@link ConnectionManager} class to manageconnections.
This implementation uses the following {@link Logger} instances in thenet.jini.jeri.ssl
namespace:
Level | Description |
---|---|
{@link Level#WARNING WARNING} | problems with initializing JSSE |
Level | Description |
---|---|
{@link Levels#FAILED FAILED} | problems with outbound requests |
{@link Levels#HANDLED HANDLED} | exceptions caught involvingauthentication |
{@link Level#FINE FINE} | authentication decisions; creating,choosing, expiring, or closing connections; or handling outbound requests |
{@link Level#FINEST FINEST} | low level operation tracing |
This implementation uses the following security providers:
com.sun.jini.jeri.ssl.sslProtocol
system property, or "TLS"
if that property is not defined, to provide the TLS/SSL implementation. The {@link SSLContext#init SSLContext.init}method is called with null
for the random
parameter to use the default {@link SecureRandom} implementation."X.509"
, to generate CertPath
instances from X.509 certificate chains com.sun.jini.jeri.ssl.trustManagerFactoryAlgorithm
system property, or the default algorithm if that property is not defined, to implement trust management for the TLS/SSL implementation. The factory must return trust managers that implement {@link X509TrustManager}. See the documentation on installing security providers and configuring JSSE for information on configuring these providers.
The JSSE documentation also describes the system properties for configuring the location, type, and password of the truststore that this implementation uses, through JSSE, to make decisions about what certificate chains should be trusted.
This implementation recognizes the following system properties:
com.sun.jini.jeri.ssl.maxClientSessionDuration
- The maximum number of milliseconds a client-side TLS/SSL session should be used. The default is 23.5 hours. The value should be smaller than the maximum server session duration to allow the client to negotiate a new session before the server timeout occurs. com.sun.jini.jeri.ssl.sslProtocol
- The secure socket protocol used when obtaining {@link SSLContext} instances. The defaultis "TLS"
. com.sun.jini.jeri.ssl.trustManagerFactoryAlgorithm
- The algorithm used when obtaining {@link TrustManagerFactory}instances. The default is the value returned by {@link TrustManagerFactory#getDefaultAlgorithm TrustManagerFactory.getDefaultAlgorithm}. com.sun.jini.jeri.ssl.cipherSuites
- The TLS/SSL cipher suites that should be used for communication. The default is the list of suites supported by the JSSE implementation. The value should specify the suite names, separated by commas. The value will be ignored if it contains no suites or specifies suites that are not supported by the JSSE implementation. Suites appearing earlier in the list will be preferred to ones appearing later for suites that support the same requirements and preferences. com.sun.jini.jeri.https.idleConnectionTimeout
- The number of milliseconds to retain idle client-side HTTPS connections before closing them. The default is 15000
. com.sun.jini.jeri.https.responseAckTimeout
- The number of milliseconds to keep track of acknowledgments that have not yet been sent for {@link AcknowledgmentSource} instances. The default is15000
. com.sun.jini.jeri.https.pingProxyConnections
- If the value is case-insensitive equal to true
, then if an HTTP proxy is being used, ping the server endpoint to verify whether it is alive and reachable. The ping occurs before the first request and before each subsequent request which follows the expiration of the ping proxy timeout period (below) following the previous ping. When using an HTTP proxy it is often impossible to distinguish between inability to reach the server endpoint (such as because the server process refused a connection by the HTTP proxy) and the lack of response from a delivered request (which might result in an UnmarshalException). The ping increases the likelihood that the inability to reach the server endpoint can be explicitly identified. The default value is false
, and no pings are done. com.sun.jini.jeri.https.pingProxyConnectionTimeout
- The number of milliseconds from the time a server endpoint was last pinged before a ping will precede the next request. The default is Long.MAX_VALUE
(essentially meaning, ping only before the first request).
|
|