Class OpenSslContextOption<T>

java.lang.Object
io.netty.util.AbstractConstant<SslContextOption<T>>
io.netty.handler.ssl.SslContextOption<T>
io.netty.handler.ssl.OpenSslContextOption<T>
Type Parameters:
T - the type of the value.
All Implemented Interfaces:
Constant<SslContextOption<T>>, Comparable<SslContextOption<T>>
public final class OpenSslContextOption<T> extends SslContextOption<T>
SslContextOptions that are specific to the SslProvider.OPENSSL / SslProvider.OPENSSL_REFCNT.

  • Field Details

    • USE_TASKS

      public static final OpenSslContextOption<Boolean> USE_TASKS
      If enabled heavy-operations may be offloaded from the EventLoop if possible.

    • TLS_FALSE_START

      public static final OpenSslContextOption<Boolean> TLS_FALSE_START
      If enabled TLS false start will be enabled if supported. When TLS false start is enabled the flow of SslHandshakeCompletionEvents may be different compared when, not enabled. This is currently only supported when BoringSSL and ALPN is used.

    • PRIVATE_KEY_METHOD

      public static final OpenSslContextOption<OpenSslPrivateKeyMethod> PRIVATE_KEY_METHOD
      Set the OpenSslPrivateKeyMethod to use. This allows to offload private-key operations if needed. This is currently only supported when BoringSSL is used.

    • ASYNC_PRIVATE_KEY_METHOD

      public static final OpenSslContextOption<OpenSslAsyncPrivateKeyMethod> ASYNC_PRIVATE_KEY_METHOD
      Set the OpenSslAsyncPrivateKeyMethod to use. This allows to offload private-key operations if needed. This is currently only supported when BoringSSL is used.

    • CERTIFICATE_COMPRESSION_ALGORITHMS

      public static final OpenSslContextOption<OpenSslCertificateCompressionConfig> CERTIFICATE_COMPRESSION_ALGORITHMS
      Set the OpenSslCertificateCompressionConfig to use. This allows for the configuration of certificate compression algorithms which should be used, the priority of those algorithms and the directions in which they should be used. This is currently only supported when BoringSSL is used.

    • MAX_CERTIFICATE_LIST_BYTES

      public static final OpenSslContextOption<Integer> MAX_CERTIFICATE_LIST_BYTES
      Set the maximum number of bytes that is allowed during the handshake for certificate chain.

    • GROUPS

      public static final OpenSslContextOption<String[]> GROUPS
      Set the groups that should be used. This will override curves set with -Djdk.tls.namedGroups.

      See SSL_CTX_set1_groups_list.

    • TMP_DH_KEYLENGTH

      public static final OpenSslContextOption<Integer> TMP_DH_KEYLENGTH
      Set the desired length of the Diffie-Hellman ephemeral session keys. This will override the key length set with -Djdk.tls.ephemeralDHKeySize.

      The only supported values are 512, 1024, 2048, and 4096.

      See SSL_CTX_set_tmp_dh_callback.

    • USE_JDK_PROVIDER_SIGNATURES

      public static final OpenSslContextOption<Boolean> USE_JDK_PROVIDER_SIGNATURES
      Set the policy for handling alternative key providers (such as hardware security keys, smart cards, remote signing services, etc.) when using BoringSSL.

      Note: this feature only works when BoringSSL or AWS-LC is used.