public abstract class SSLServerSocket extends ServerSocket
ServerSockets and provides secure server sockets using protocols such as the Secure
Sockets Layer (SSL) or Transport Layer Security (TLS) protocols.
Instances of this class are generally created using a SSLServerSocketFactory. The primary function of
SSLServerSockets is to create SSLSockets by accepting connections.
SSLServerSockets contain several pieces of state data which are inherited by the SSLSocket
at socket creation. These include the enabled cipher suites and protocols, whether client authentication is
necessary, and whether created sockets should begin handshaking in client or server mode. The state inherited by the
created SSLSocket can be overriden by calling the appropriate methods.
ServerSocket,
SSLSocket| Modifier | Constructor and Description |
|---|---|
protected |
SSLServerSocket()
Used only by subclasses.
|
protected |
SSLServerSocket(int port)
Used only by subclasses.
|
protected |
SSLServerSocket(int port,
int backlog)
Used only by subclasses.
|
protected |
SSLServerSocket(int port,
int backlog,
InetAddress address)
Used only by subclasses.
|
| Modifier and Type | Method and Description |
|---|---|
abstract boolean |
getNeedClientAuth()
Returns true if client authentication will be required on newly
accepted server-mode
SSLSockets. |
abstract boolean |
getUseClientMode()
Returns true if accepted connections will be in SSL client mode.
|
abstract void |
setNeedClientAuth(boolean need)
Controls whether
accepted server-mode SSLSockets will be initially configured to
require client authentication. |
abstract void |
setUseClientMode(boolean mode)
Controls whether accepted connections are in the (default) SSL server mode, or the SSL client mode.
|
accept, bind, bind, close, getInetAddress, getLocalPort, getLocalSocketAddress, getReceiveBufferSize, getReuseAddress, getSoTimeout, isBound, isClosed, setReceiveBufferSize, setReuseAddress, setSoTimeout, toStringprotected SSLServerSocket()
throws IOException
Create an unbound TCP server socket using the default authentication context.
IOException - if an I/O error occurs when creating the socketprotected SSLServerSocket(int port)
throws IOException
Create a TCP server socket on a port, using the default authentication context. The connection backlog defaults to fifty connections queued up before the system starts to reject new connection requests.
A port number of 0 creates a socket on any free port.
If there is a security manager, its checkListen method is called with the port argument
as its argument to ensure the operation is allowed. This could result in a SecurityException.
port - the port on which to listenIOException - if an I/O error occurs when creating the socketSecurityException - if a security manager exists and its checkListen method doesn't allow the operation.IllegalArgumentException - if the port parameter is outside the specified range of valid port values, which is between 0 and
65535, inclusive.protected SSLServerSocket(int port,
int backlog)
throws IOException
Create a TCP server socket on a port, using the default authentication context and a specified backlog of connections.
A port number of 0 creates a socket on any free port.
The backlog argument is the requested maximum number of pending connections on the socket. Its exact
semantics are implementation specific. In particular, an implementation may impose a maximum length or may choose
to ignore the parameter altogther. The value provided should be greater than 0. If it is less than
or equal to 0, then an implementation specific default will be used.
If there is a security manager, its checkListen method is called with the port argument
as its argument to ensure the operation is allowed. This could result in a SecurityException.
port - the port on which to listenbacklog - requested maximum length of the queue of incoming connections.IOException - if an I/O error occurs when creating the socketSecurityException - if a security manager exists and its checkListen method doesn't allow the operation.IllegalArgumentException - if the port parameter is outside the specified range of valid port values, which is between 0 and
65535, inclusive.protected SSLServerSocket(int port,
int backlog,
@Nullable
InetAddress address)
throws IOException
Create a TCP server socket on a port, using the default authentication context and a specified backlog of connections as well as a particular specified network interface. This constructor is used on multihomed hosts, such as those used for firewalls or as routers, to control through which interface a network service is provided.
If there is a security manager, its checkListen method is called with the port argument
as its argument to ensure the operation is allowed. This could result in a SecurityException.
A port number of 0 creates a socket on any free port.
The backlog argument is the requested maximum number of pending connections on the socket. Its exact
semantics are implementation specific. In particular, an implementation may impose a maximum length or may choose
to ignore the parameter altogther. The value provided should be greater than 0. If it is less than
or equal to 0, then an implementation specific default will be used.
If address is null, it will default accepting connections on any/all local addresses.
port - the port on which to listenbacklog - requested maximum length of the queue of incoming connections.address - the address of the network interface through which connections will be acceptedIOException - if an I/O error occurs when creating the socketSecurityException - if a security manager exists and its checkListen method doesn't allow the operation.IllegalArgumentException - if the port parameter is outside the specified range of valid port values, which is between 0 and
65535, inclusive.public abstract boolean getNeedClientAuth()
accepted server-mode
SSLSockets.
The initial inherited setting may be overridden by calling SSLSocket.setNeedClientAuth(boolean)
setNeedClientAuth(boolean),
setUseClientMode(boolean)public abstract boolean getUseClientMode()
setUseClientMode(boolean)public abstract void setNeedClientAuth(boolean need)
accepted server-mode SSLSockets will be initially configured to
require client authentication.
A socket's client authentication setting is one of the following:
If the accepted socket's option is set and the client chooses not to provide authentication information about itself, the negotiations will stop and the connection will be dropped.
The initial inherited setting may be overridden by calling SSLSocket.setNeedClientAuth(boolean)
need - set to true if client authentication is required, or false if no client authentication is desired.getNeedClientAuth(),
setUseClientMode(boolean)public abstract void setUseClientMode(boolean mode)
Servers normally authenticate themselves, and clients are not required to do so.
In rare cases, TCP servers need to act in the SSL client mode on newly accepted connections. For example, FTP clients acquire server sockets and listen there for reverse connections from the server. An FTP client would use an SSLServerSocket in "client" mode to accept the reverse connection while the FTP server uses an SSLSocket with "client" mode disabled to initiate the connection. During the resulting handshake, existing SSL sessions may be reused.
SSLSockets returned from accept() inherit this setting.
mode - true if newly accepted connections should use SSL client mode.getUseClientMode()