View Javadoc
1   /*
2    * Copyright 2021 The Netty Project
3    *
4    * The Netty Project licenses this file to you under the Apache License,
5    * version 2.0 (the "License"); you may not use this file except in compliance
6    * with the License. You may obtain a copy of the License at:
7    *
8    *   https://www.apache.org/licenses/LICENSE-2.0
9    *
10   * Unless required by applicable law or agreed to in writing, software
11   * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
12   * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
13   * License for the specific language governing permissions and limitations
14   * under the License.
15   */
16  package io.netty.handler.ssl;
17  
18  /**
19   * {@link SslContextOption}s that are specific to the {@link SslProvider#OPENSSL} / {@link SslProvider#OPENSSL_REFCNT}.
20   *
21   * @param <T>   the type of the value.
22   */
23  public final class OpenSslContextOption<T> extends SslContextOption<T> {
24  
25      private OpenSslContextOption(String name) {
26          super(name);
27      }
28  
29      /**
30       * If enabled heavy-operations may be offloaded from the {@link io.netty.channel.EventLoop} if possible.
31       */
32      public static final OpenSslContextOption<Boolean> USE_TASKS =
33              new OpenSslContextOption<Boolean>("USE_TASKS");
34      /**
35       * If enabled <a href="https://tools.ietf.org/html/rfc7918">TLS false start</a> will be enabled if supported.
36       * When TLS false start is enabled the flow of {@link SslHandshakeCompletionEvent}s may be different compared when,
37       * not enabled.
38       *
39       * This is currently only supported when {@code BoringSSL} and ALPN is used.
40       */
41      public static final OpenSslContextOption<Boolean> TLS_FALSE_START =
42              new OpenSslContextOption<Boolean>("TLS_FALSE_START");
43  
44      /**
45       * Set the {@link OpenSslPrivateKeyMethod} to use. This allows to offload private-key operations
46       * if needed.
47       *
48       * This is currently only supported when {@code BoringSSL} is used.
49       */
50      public static final OpenSslContextOption<OpenSslPrivateKeyMethod> PRIVATE_KEY_METHOD =
51              new OpenSslContextOption<OpenSslPrivateKeyMethod>("PRIVATE_KEY_METHOD");
52  
53      /**
54       * Set the {@link OpenSslAsyncPrivateKeyMethod} to use. This allows to offload private-key operations
55       * if needed.
56       *
57       * This is currently only supported when {@code BoringSSL} is used.
58       */
59      public static final OpenSslContextOption<OpenSslAsyncPrivateKeyMethod> ASYNC_PRIVATE_KEY_METHOD =
60              new OpenSslContextOption<OpenSslAsyncPrivateKeyMethod>("ASYNC_PRIVATE_KEY_METHOD");
61  
62      /**
63       * Set the {@link OpenSslCertificateCompressionConfig} to use. This allows for the configuration of certificate
64       * compression algorithms which should be used, the priority of those algorithms and the directions in which
65       * they should be used.
66       *
67       * This is currently only supported when {@code BoringSSL} is used.
68       */
69      public static final OpenSslContextOption<OpenSslCertificateCompressionConfig> CERTIFICATE_COMPRESSION_ALGORITHMS =
70              new OpenSslContextOption<OpenSslCertificateCompressionConfig>("CERTIFICATE_COMPRESSION_ALGORITHMS");
71  
72      /**
73       * Set the maximum number of bytes that is allowed during the handshake for certificate chain.
74       */
75      public static final OpenSslContextOption<Integer> MAX_CERTIFICATE_LIST_BYTES =
76              new OpenSslContextOption<Integer>("MAX_CERTIFICATE_LIST_BYTES");
77  
78      /**
79       * Set the groups that should be used. This will override curves set with {@code -Djdk.tls.namedGroups}.
80       * <p>
81       * See <a href="https://docs.openssl.org/master/man3/SSL_CTX_set1_groups_list/#description">
82       *     SSL_CTX_set1_groups_list</a>.
83       */
84      public static final OpenSslContextOption<String[]> GROUPS = new OpenSslContextOption<String[]>("GROUPS");
85  
86      /**
87       * Set the desired length of the Diffie-Hellman ephemeral session keys.
88       * This will override the key length set with {@code -Djdk.tls.ephemeralDHKeySize}.
89       * <p>
90       * The only supported values are {@code 512}, {@code 1024}, {@code 2048}, and {@code 4096}.
91       * <p>
92       * See <a href="https://docs.openssl.org/1.0.2/man3/SSL_CTX_set_tmp_dh_callback/">SSL_CTX_set_tmp_dh_callback</a>.
93       */
94      public static final OpenSslContextOption<Integer> TMP_DH_KEYLENGTH =
95              new OpenSslContextOption<Integer>("TMP_DH_KEYLENGTH");
96  }