This implementation uses the {@link ServerConnectionManager} class to manageconnections.
This implementation uses the following {@link Logger} instances in thenet.jini.jeri.ssl
namespace:
Level | Description |
---|---|
{@link Level#WARNING WARNING} | problems with initializing JSSE |
Level | Description |
---|---|
{@link Level#INFO INFO} | problems with accepting or handlingserver connections, or with handling inbound requests |
{@link Levels#FAILED FAILED} | problems with checkingconstraints or permissions, with enumerating listen endpoints, or with security issues for inbound requests |
{@link Levels#HANDLED HANDLED} | exceptions caught involvingauthentication |
{@link Level#FINE FINE} | creating server endpoints,enumerating listen endpoints, creating or closing connections or listen handles, or checking constraints for endpoints or inbound requests |
{@link Level#FINEST FINEST} | low level operation tracing |
This implementation uses the following security providers:
com.sun.jini.jeri.ssl.sslProtocol
system property, or "TLS"
if that property is not defined, to provide the TLS/SSL implementation. The {@link SSLContext#init SSLContext.init}method is called with null
for the random
parameter to use the default {@link SecureRandom} implementation."X.509"
, to generate CertPath
instances from X.509 certificate chains com.sun.jini.jeri.ssl.trustManagerFactoryAlgorithm
system property, or the default algorithm if that property is not defined, to implement trust management for the TLS/SSL implementation. The factory must return trust managers that implement {@link X509TrustManager}. See the documentation on installing security providers and configuring JSSE for information on configuring these providers.
The JSSE documentation also describes the system properties for configuring the location, type, and password of the truststore that this implementation uses, through JSSE, to make decisions about what certificate chains should be trusted.
This implementation recognizes the following system properties:
com.sun.jini.jeri.ssl.maxServerSessionDuration
- The maximum number of milliseconds a server-side TLS/SSL session should be used before expiring. The default is 24 hours. The value used should be larger than the maximum client session duration to allow the client to negotiate a new session before the server timeout occurs. com.sun.jini.jeri.ssl.sslProtocol
- The secure socket protocol used when obtaining {@link SSLContext} instances. The defaultis "TLS"
. com.sun.jini.jeri.ssl.trustManagerFactoryAlgorithm
- The algorithm used when obtaining {@link TrustManagerFactory}instances. The default is the value returned by {@link TrustManagerFactory#getDefaultAlgorithm TrustManagerFactory.getDefaultAlgorithm}. com.sun.jini.jeri.ssl.cipherSuites
- The TLS/SSL cipher suites that should be used for communication. The default is the list of suites supported by the JSSE implementation. The value should specify the suite names, separated by commas. The value will be ignored if it contains no suites or specifies suites that are not supported by the JSSE implementation. Suites appearing earlier in the list will be preferred to ones appearing later for suites that support the same requirements and preferences.
|
|