package ssl
- Alphabetic
- Public
- Protected
Type Members
- sealed trait ApplicationProtocols extends AnyRef
ApplicationProtocols represent the prioritized list of Application-Layer Protocol Negotiation (ALPN) or Next Protocol Negotiation (NPN) values that a configured TLS Engine should support.
ApplicationProtocols represent the prioritized list of Application-Layer Protocol Negotiation (ALPN) or Next Protocol Negotiation (NPN) values that a configured TLS Engine should support.
- Note
Currently supported values include IANA Registered Application-Layer Protocol Negotiation (ALPN) IDs and "spdy/3.1" which is commonly used with Next Protocol Negotiation (NPN).
,Java users: See ApplicationProtocolsConfig.
- final class ApplicationProtocolsConfig extends AnyRef
Java APIs for
ApplicationProtocols
. - sealed trait CipherSuites extends AnyRef
CipherSuites represent the collection of prioritized cipher suites that should be enabled for a TLS Engine.
CipherSuites represent the collection of prioritized cipher suites that should be enabled for a TLS Engine. A cipher suite, for protocols prior to TLSv1.3, is a combination of various algorithms for items such as key exchange, authentication type, bulk encryption algorithm, and message authentication code.
- Note
Java users: See CipherSuitesConfig.
- final class CipherSuitesConfig extends AnyRef
Java APIs for
CipherSuites
. - sealed trait ClientAuth extends AnyRef
ClientAuth represents whether one-way or two-way TLS should be used with a TLS Engine.
ClientAuth represents whether one-way or two-way TLS should be used with a TLS Engine. One-way TLS authentication is where the server sends its certificate to the client for verification. Two-way or mutual TLS is where the server sends its certificate to the client and the client sends its certificate to the server for verification.
This parameter is only used by SslServerConfiguration.
- Note
Not all engine factories provide support for client authentication, especially with some underlying native engines.
,Java users: See ClientAuthConfig.
- final class ClientAuthConfig extends AnyRef
Java APIs for
ClientAuth
. - case class Engine(self: SSLEngine, handlesRenegotiation: Boolean = false, certId: String = "<unknown>") extends Product with Serializable
- sealed trait KeyCredentials extends AnyRef
KeyCredentials represent the items necessary for this configured TLS Engine to authenticate itself to a remote peer.
KeyCredentials represent the items necessary for this configured TLS Engine to authenticate itself to a remote peer. This generally includes an X.509 certificate and a private key.
- Note
Java users: See KeyCredentialsConfig.
- final class KeyCredentialsConfig extends AnyRef
Java APIs for
KeyCredentials
. - final class OpportunisticTlsConfig extends AnyRef
Java APIs for
OpportunisticTls
. - sealed trait Protocols extends AnyRef
Protocols represent the versions of the TLS protocol which should be enabled with a given TLS Engine.
Protocols represent the versions of the TLS protocol which should be enabled with a given TLS Engine.
- Note
Java users: See ProtocolsConfig.
- final class ProtocolsConfig extends AnyRef
Java APIs for
Protocols
. - case class SslConfigurationException(cause: Throwable) extends SslException with Product with Serializable
SslConfigurationException is an exception which is thrown by a particular engine factory when the engine factory does not support the collection of parameters specified by the SslClientConfiguration or the SslServerConfiguration.
- sealed trait TrustCredentials extends AnyRef
TrustCredentials represent the items necessary for this configured TLS Engine to verify a remote peer's credentials.
TrustCredentials represent the items necessary for this configured TLS Engine to verify a remote peer's credentials.
- Note
Java users: See TrustCredentialsConfig.
- final class TrustCredentialsConfig extends AnyRef
Java APIs for
TrustCredentials
.
Value Members
- object ApplicationProtocols
- object CipherSuites
- object ClientAuth
- object KeyCredentials
- object OpportunisticTls
- object Protocols
- object SnoopingLevelInterpreter
Stack params for configuring TLS snooping
Stack params for configuring TLS snooping
TLS snooping is a server side feature which allows servers to use both cleartext and TLS socket connections on the same port. This should only be used if it is desirable but not required that traffic be encrypted.
There are two classes of protocols considered: protocols that support TLS negotiation such as Mux and those that don't such as the framed thrift transport. The two classes of protocols have a different truth matrix for determining whether to enable TLS negotiation (see below). For example, a negotiating TLS connection that _requires_ TLS may enable snooping because if the connection starts cleartext the session itself may upgrade to a secure connection later. In contrast, a cleartext HTTP connection has no way to upgrade to a secure connection and thus if TLS is required snooping must be disabled.
- object TrustCredentials