Module tech.kwik.agent15
Package net.luminis.tls.engine

Interface TlsClientEngine

    • Method Detail

      • setServerName

        void setServerName​(java.lang.String serverName)
        Set the name of the server that is connected; will be used in the SNI extension.
        Parameters:
        serverName -

      • addSupportedCiphers

        void addSupportedCiphers​(java.util.List<TlsConstants.CipherSuite> supportedCiphers)
        Adds ciphers to the list of the symmetric cipher options supported by the client (specifically the record protection algorithm (including secret key length) and a hash to be used with HKDF), in descending order of client preference.
        Parameters:
        supportedCiphers -

      • add

        void add​(Extension extension)
        Adds an extension to the list of extensions to be included in the ClientHello message.
        Parameters:
        extension -

      • addExtensions

        void addExtensions​(java.util.List<Extension> extensions)
        Adds extensions to the list of extensions to be included in the ClientHello message.
        Parameters:
        extensions -

      • setTrustManager

        void setTrustManager​(javax.net.ssl.X509TrustManager customTrustManager)
        Sets the trust manager to use for verifying the server certificate. If not set, the default Java trust manager is used.
        Parameters:
        customTrustManager -

      • setHostnameVerifier

        void setHostnameVerifier​(HostnameVerifier hostnameVerifier)
        Sets the hostname verifier to use for verifying the server name against the server certificate. If not set, the DefaultHostnameVerifier is used, which checks that - the server name equals the CN part of the certificate's subject DN, or - the server name matches one of the dnsName-type "Subject Alternative Name" entries of the certificate.
        Parameters:
        hostnameVerifier -

      • setNewSessionTicket

        void setNewSessionTicket​(NewSessionTicket newSessionTicket)
        Add ticket to use for a new session. Obviously, this should be done before the handshake is started.
        Parameters:
        newSessionTicket -

      • setClientCertificateCallback

        void setClientCertificateCallback​(java.util.function.Function<java.util.List<javax.security.auth.x500.X500Principal>,​CertificateWithPrivateKey> callback)
        Set the callback to be used for selecting the client certificate (for client authentication).
        Parameters:
        callback -

      • startHandshake

        void startHandshake()
             throws java.io.IOException
        Start TLS handshake with default parameters
        Throws:
        java.io.IOException

      • startHandshake

        void startHandshake​(TlsConstants.NamedGroup ecCurve)
             throws java.io.IOException
        Start TLS handshake with given parameters
        Parameters:
        ecCurve - the EC named group to use both for the DHE key generation (and thus for the key share extension) and (as the only supported group) in the supported group extension.
        Throws:
        java.io.IOException

      • startHandshake

        void startHandshake​(TlsConstants.NamedGroup ecCurve,
                    java.util.List<TlsConstants.SignatureScheme> signatureSchemes)
             throws java.io.IOException
        Start TLS handshake with given parameters
        Parameters:
        ecCurve - the EC named group to use both for the DHE key generation (and thus for the key share extension) and (as the only supported group) in the supported group extension.
        signatureSchemes - the signature algorithms this peer (the client) is willing to accept
        Throws:
        java.io.IOException

      • handshakeFinished

        boolean handshakeFinished()
        Returns whether the handshake has (successfully) finished.
        Returns:

      • getSelectedCipher

        TlsConstants.CipherSuite getSelectedCipher()
        Returns the selected (negotiated) cipher suite.
        Returns:

      • getNewSessionTickets

        java.util.List<NewSessionTicket> getNewSessionTickets()
        Returns tickets provided by the current connection.
        Returns:

      • getServerCertificateChain

        java.util.List<java.security.cert.X509Certificate> getServerCertificateChain()
        Returns the server certificate chain.
        Returns:

      • setCompatibilityMode

        void setCompatibilityMode​(boolean compatibilityMode)
        Sets the compatibility mode, see https://davidwong.fr/tls13/#appendix-D.4 Only for use in a TLS 1.3 context. Must _not_ be set for QUIC usage, see https://www.rfc-editor.org/rfc/rfc9001.html#name-prohibit-tls-middlebox-com: "A client MUST NOT request the use of the TLS 1.3 compatibility mode."
        Parameters:
        compatibilityMode -