This implementation uses the {@link ConnectionManager} class to manageconnections.
This implementation uses the following {@link Logger} instances in thenet.jini.jeri.ssl
namespace:
Level | Description |
---|---|
{@link Level#WARNING WARNING} | problems with initializing JSSEor with registering internal entry points with discovery providers |
Level | Description |
---|---|
{@link Levels#FAILED FAILED} | problems with outbound requests |
{@link Levels#HANDLED HANDLED} | exceptions caught involvingauthentication |
{@link Level#FINE FINE} | authentication decisions; creating,choosing, expiring, or closing connections; or handling outbound requests |
{@link Level#FINEST FINEST} | low level operation tracing |
This implementation uses the following security providers:
com.sun.jini.jeri.ssl.sslProtocol
system property, or "TLS"
if that property is not defined, to provide the TLS/SSL implementation. The {@link SSLContext#init SSLContext.init}method is called with null
for the random
parameter to use the default {@link SecureRandom} implementation."X.509"
, to generate CertPath
instances from X.509 certificate chains com.sun.jini.jeri.ssl.trustManagerFactoryAlgorithm
system property, or the default algorithm if that property is not defined, to implement trust management for the TLS/SSL implementation. The factory must return trust managers that implement {@link X509TrustManager}. See the documentation on installing security providers and configuring JSSE for information on configuring these providers.
The JSSE documentation also describes the system properties for configuring the location, type, and password of the truststore that this implementation uses, through JSSE, to make decisions about what certificate chains should be trusted.
This implementation recognizes the following system properties:
com.sun.jini.jeri.ssl.maxClientSessionDuration
- The maximum number of milliseconds a client-side TLS/SSL session should be used. The default is 23.5 hours. The value should be smaller than the maximum server session duration to allow the client to negotiate a new session before the server timeout occurs. com.sun.jini.jeri.ssl.sslProtocol
- The secure socket protocol used when obtaining {@link SSLContext} instances. The defaultis "TLS"
. com.sun.jini.jeri.ssl.trustManagerFactoryAlgorithm
- The algorithm used when obtaining {@link TrustManagerFactory}instances. The default is the value returned by {@link TrustManagerFactory#getDefaultAlgorithm TrustManagerFactory.getDefaultAlgorithm}. com.sun.jini.jeri.ssl.cipherSuites
- The TLS/SSL cipher suites that should be used for communication. The default is the list of suites supported by the JSSE implementation. The value should specify the suite names, separated by commas. The value will be ignored if it contains no suites or specifies suites that are not supported by the JSSE implementation. Suites appearing earlier in the list will be preferred to ones appearing later for suites that support the same requirements and preferences.
|
|