SSL Contexts and Key Managers
The generic
SSL sockets utilize several default
options, including the protocol version used (TLS 1.0, which also
supports SSL 3.0) and the default key and trust managers. If you want
to change any of these options, you must use an instance of the
SSLContext
class
(com.sun.net.ssl.SSLContext
). This is often
necessary, although it moves us away from a strictly
protocol-independent socket factory paradigm.
The SSLContext
class is an
engine class; it provides the following
methods:
- public static SSLContext getInstance(String protocol)public static SSLContext getInstance(String protocol, Provider provider)public static SSLContext getInstance(String protocol, String provider)
Obtain an SSL context that implements the given protocol, optionally by consulting only the given provider. In Sun’s implementation of JSSE, the protocol must be TLS, TLSv1, SSL, or SSLv3. Since later versions of the protocol can support earlier versions, the string TLS provides the most generic instance of an SSL context.
If the given algorithm cannot be found, a
NoSuchAlgorithmException
is thrown. If the given provider cannot be found, aNoSuchProviderException
is thrown.
- public final String getProtocol( )
Return the protocol supported by this context.
- public final Provider getProvider( )
Return the provider that supplied the implementation of this context.
- public final void init(KeyManager[] km, TrustManager[] tm, SecureRandom random)
Initialize this context with the given key managers, ...
Get Java Security, 2nd Edition now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.