org.eclipse.jetty.io.nio
Class SslConnection

java.lang.Object
  org.eclipse.jetty.io.AbstractConnection
      org.eclipse.jetty.io.nio.SslConnection

All Implemented Interfaces:

Connection, AsyncConnection

public class SslConnection
extends AbstractConnection
implements AsyncConnection

SSL Connection. An AysyncConnection that acts as an interceptor between and EndPoint and another Connection, that implements TLS encryption using an SSLEngine.

The connector uses an AsyncEndPoint (like SelectChannelEndPoint) as it's source/sink of encrypted data. It then provides getSslEndPoint() to expose a source/sink of unencrypted data to another connection (eg HttpConnection).

Nested Class Summary

class

SslConnection.SslEndPoint

Field Summary

Fields inherited from class org.eclipse.jetty.io.AbstractConnection

_endp

Constructor Summary

SslConnection(SSLEngine engine, EndPoint endp)

SslConnection(SSLEngine engine, EndPoint endp, long timeStamp)

Method Summary

AsyncEndPoint	getSslEndPoint()
Connection	handle() Handle the connection.
boolean	isAllowRenegotiate()
boolean	isIdle()
boolean	isSuspended()
protected SslConnection.SslEndPoint	newSslEndPoint()
void	onClose() Called when the connection is closed
void	onIdleExpired(long idleForMs) Called when the connection idle timeout expires
void	onInputShutdown()
void	setAllowRenegotiate(boolean allowRenegotiate) Set if SSL re-negotiation is allowed.
String	toString()

Methods inherited from class org.eclipse.jetty.io.AbstractConnection

getEndPoint, getTimeStamp

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, wait, wait, wait

Methods inherited from interface org.eclipse.jetty.io.Connection

getTimeStamp

Constructor Detail

SslConnection

public SslConnection(SSLEngine engine,
                     EndPoint endp)

SslConnection

public SslConnection(SSLEngine engine,
                     EndPoint endp,
                     long timeStamp)

Method Detail

newSslEndPoint

protected SslConnection.SslEndPoint newSslEndPoint()

isAllowRenegotiate

public boolean isAllowRenegotiate()

Returns:

True if SSL re-negotiation is allowed (default false)

setAllowRenegotiate

public void setAllowRenegotiate(boolean allowRenegotiate)

Set if SSL re-negotiation is allowed. CVE-2009-3555 discovered a vulnerability in SSL/TLS with re-negotiation. If your JVM does not have CVE-2009-3555 fixed, then re-negotiation should not be allowed. CVE-2009-3555 was fixed in Sun java 1.6 with a ban of renegotiates in u19 and with RFC5746 in u22.

Parameters:

allowRenegotiate - true if re-negotiation is allowed (default false)

handle

public Connection handle()
                  throws IOException

Description copied from interface: Connection

Handle the connection.

Specified by:

handle in interface Connection

Returns:

The Connection to use for the next handling of the connection. This allows protocol upgrades and support for CONNECT.

Throws:

IOException

isIdle

public boolean isIdle()

Specified by:

isIdle in interface Connection

isSuspended

public boolean isSuspended()

Specified by:

isSuspended in interface Connection

onClose

public void onClose()

Description copied from interface: Connection

Called when the connection is closed

Specified by:

onClose in interface Connection

onIdleExpired

public void onIdleExpired(long idleForMs)

Description copied from interface: Connection

Called when the connection idle timeout expires

Specified by:

onIdleExpired in interface Connection

Overrides:

onIdleExpired in class AbstractConnection

Parameters:

idleForMs - TODO

onInputShutdown

public void onInputShutdown()
                     throws IOException

Specified by:

onInputShutdown in interface AsyncConnection

Throws:

IOException

getSslEndPoint

public AsyncEndPoint getSslEndPoint()

toString

public String toString()

Overrides:

toString in class AbstractConnection