1 /* 2 * Copyright 2021 The Netty Project 3 * 4 * The Netty Project licenses this file to you under the Apache License, 5 * version 2.0 (the "License"); you may not use this file except in compliance 6 * with the License. You may obtain a copy of the License at: 7 * 8 * https://www.apache.org/licenses/LICENSE-2.0 9 * 10 * Unless required by applicable law or agreed to in writing, software 11 * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT 12 * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the 13 * License for the specific language governing permissions and limitations 14 * under the License. 15 */ 16 package io.netty.handler.ssl; 17 18 /** 19 * {@link SslContextOption}s that are specific to the {@link SslProvider#OPENSSL} / {@link SslProvider#OPENSSL_REFCNT}. 20 * 21 * @param <T> the type of the value. 22 */ 23 public final class OpenSslContextOption<T> extends SslContextOption<T> { 24 25 private OpenSslContextOption(String name) { 26 super(name); 27 } 28 29 /** 30 * If enabled heavy-operations may be offloaded from the {@link io.netty.channel.EventLoop} if possible. 31 */ 32 public static final OpenSslContextOption<Boolean> USE_TASKS = 33 new OpenSslContextOption<Boolean>("USE_TASKS"); 34 /** 35 * If enabled <a href="https://tools.ietf.org/html/rfc7918">TLS false start</a> will be enabled if supported. 36 * When TLS false start is enabled the flow of {@link SslHandshakeCompletionEvent}s may be different compared when, 37 * not enabled. 38 * 39 * This is currently only supported when {@code BoringSSL} and ALPN is used. 40 */ 41 public static final OpenSslContextOption<Boolean> TLS_FALSE_START = 42 new OpenSslContextOption<Boolean>("TLS_FALSE_START"); 43 44 /** 45 * Set the {@link OpenSslPrivateKeyMethod} to use. This allows to offload private-key operations 46 * if needed. 47 * 48 * This is currently only supported when {@code BoringSSL} is used. 49 */ 50 public static final OpenSslContextOption<OpenSslPrivateKeyMethod> PRIVATE_KEY_METHOD = 51 new OpenSslContextOption<OpenSslPrivateKeyMethod>("PRIVATE_KEY_METHOD"); 52 53 /** 54 * Set the {@link OpenSslAsyncPrivateKeyMethod} to use. This allows to offload private-key operations 55 * if needed. 56 * 57 * This is currently only supported when {@code BoringSSL} is used. 58 */ 59 public static final OpenSslContextOption<OpenSslAsyncPrivateKeyMethod> ASYNC_PRIVATE_KEY_METHOD = 60 new OpenSslContextOption<OpenSslAsyncPrivateKeyMethod>("ASYNC_PRIVATE_KEY_METHOD"); 61 62 /** 63 * Set the {@link OpenSslCertificateCompressionConfig} to use. This allows for the configuration of certificate 64 * compression algorithms which should be used, the priority of those algorithms and the directions in which 65 * they should be used. 66 * 67 * This is currently only supported when {@code BoringSSL} is used. 68 */ 69 public static final OpenSslContextOption<OpenSslCertificateCompressionConfig> CERTIFICATE_COMPRESSION_ALGORITHMS = 70 new OpenSslContextOption<OpenSslCertificateCompressionConfig>("CERTIFICATE_COMPRESSION_ALGORITHMS"); 71 72 /** 73 * Set the maximum number of bytes that is allowed during the handshake for certificate chain. 74 */ 75 public static final OpenSslContextOption<Integer> MAX_CERTIFICATE_LIST_BYTES = 76 new OpenSslContextOption<Integer>("MAX_CERTIFICATE_LIST_BYTES"); 77 78 /** 79 * Set the groups that should be used. This will override curves set with {@code -Djdk.tls.namedGroups}. 80 * <p> 81 * See <a href="https://docs.openssl.org/master/man3/SSL_CTX_set1_groups_list/#description"> 82 * SSL_CTX_set1_groups_list</a>. 83 */ 84 public static final OpenSslContextOption<String[]> GROUPS = new OpenSslContextOption<String[]>("GROUPS"); 85 }