Blame - luni/src/main/java/javax/net/ssl/SSLSocket.java - platform/libcore

blob: 820b884cc462bfc861389cb66d86c7274e4fca3c [file] [log] [blame]

The Android Open Source Project	adc854b	2009-03-03 19:28:47 -0800	[diff] [blame]	1	/*
				2	* Licensed to the Apache Software Foundation (ASF) under one or more
				3	* contributor license agreements. See the NOTICE file distributed with
				4	* this work for additional information regarding copyright ownership.
				5	* The ASF licenses this file to You under the Apache License, Version 2.0
				6	* (the "License"); you may not use this file except in compliance with
				7	* the License. You may obtain a copy of the License at
				8	*
				9	* http://www.apache.org/licenses/LICENSE-2.0
				10	*
				11	* Unless required by applicable law or agreed to in writing, software
				12	* distributed under the License is distributed on an "AS IS" BASIS,
				13	* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
				14	* See the License for the specific language governing permissions and
				15	* limitations under the License.
				16	*/
				17
				18	package javax.net.ssl;
				19
				20	import java.io.IOException;
				21	import java.net.InetAddress;
				22	import java.net.Socket;
				23	import java.net.UnknownHostException;
				24
				25	/**
				26	* The extension of {@code Socket} providing secure protocols like SSL (Secure
Brian Carlstrom	0f38ecc	2012-05-09 14:10:02 -0700	[diff] [blame]	27	* Sockets Layer) or TLS (Transport Layer Security).
Alex Klyubin	50ef556	2013-12-10 14:56:33 -0800	[diff] [blame]	28	*
				29	* <h3>Default configuration</h3>
				30	* <p>{@code SSLSocket} instances obtained from default {@link SSLSocketFactory},
				31	* {@link SSLServerSocketFactory}, and {@link SSLContext} are configured as follows:
				32	*
				33	* <h4>Protocols</h4>
				34	*
				35	* <p>Client socket:
				36	* <table>
				37	* <thead>
				38	* <tr>
				39	* <th>Protocol</th>
				40	* <th>Supported (API Levels)</th>
				41	* <th>Enabled by default (API Levels)</th>
				42	* </tr>
				43	* </thead>
				44	* <tbody>
				45	* <tr>
				46	* <td>SSLv3</td>
				47	* <td>1+</td>
				48	* <td>1+</td>
				49	* </tr>
				50	* <tr>
				51	* <td>TLSv1</td>
				52	* <td>1+</td>
				53	* <td>1+</td>
				54	* </tr>
				55	* <tr>
				56	* <td>TLSv1.1</td>
				57	* <td>16+</td>
Alex Klyubin	5336055	2013-11-26 10:53:29 -0800	[diff] [blame]	58	* <td>20+</td>
Alex Klyubin	50ef556	2013-12-10 14:56:33 -0800	[diff] [blame]	59	* </tr>
				60	* <tr>
				61	* <td>TLSv1.2</td>
				62	* <td>16+</td>
Alex Klyubin	5336055	2013-11-26 10:53:29 -0800	[diff] [blame]	63	* <td>20+</td>
Alex Klyubin	50ef556	2013-12-10 14:56:33 -0800	[diff] [blame]	64	* </tr>
				65	* </tbody>
				66	* </table>
				67	*
				68	* <p>Server socket:
				69	* <table>
				70	* <thead>
				71	* <tr>
				72	* <th>Protocol</th>
				73	* <th>Supported (API Levels)</th>
				74	* <th>Enabled by default (API Levels)</th>
				75	* </tr>
				76	* </thead>
				77	* <tbody>
				78	* <tr>
				79	* <td>SSLv3</td>
				80	* <td>1+</td>
				81	* <td>1+</td>
				82	* </tr>
				83	* <tr>
				84	* <td>TLSv1</td>
				85	* <td>1+</td>
				86	* <td>1+</td>
				87	* </tr>
				88	* <tr>
				89	* <td>TLSv1.1</td>
				90	* <td>16+</td>
				91	* <td>16+</td>
				92	* </tr>
				93	* <tr>
				94	* <td>TLSv1.2</td>
				95	* <td>16+</td>
				96	* <td>16+</td>
				97	* </tr>
				98	* </tbody>
				99	* </table>
				100	*
				101	* <h4>Cipher suites</h4>
				102	*
				103	* <p>Methods that operate with cipher suite names (for example,
				104	* {@link #getSupportedCipherSuites() getSupportedCipherSuites},
				105	* {@link #setEnabledCipherSuites(String[]) setEnabledCipherSuites}) have used
				106	* standard names for cipher suites since API Level 9, as listed in the table
				107	* below. Prior to API Level 9, non-standard (OpenSSL) names had been used (see
				108	* the table following this table).
				109	* <table>
				110	* <thead>
				111	* <tr>
				112	* <th>Cipher suite</th>
				113	* <th>Supported (API Levels)</th>
				114	* <th>Enabled by default (API Levels)</th>
				115	* </tr>
				116	* </thead>
				117	* <tbody>
				118	* <tr>
				119	* <td>SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA</td>
				120	* <td>9+</td>
				121	* <td>9-19</td>
				122	* </tr>
				123	* <tr>
				124	* <td>SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA</td>
				125	* <td>9+</td>
				126	* <td>9-19</td>
				127	* </tr>
				128	* <tr>
				129	* <td>SSL_DHE_DSS_WITH_DES_CBC_SHA</td>
				130	* <td>9+</td>
				131	* <td>9-19</td>
				132	* </tr>
				133	* <tr>
				134	* <td>SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA</td>
				135	* <td>9+</td>
				136	* <td>9-19</td>
				137	* </tr>
				138	* <tr>
				139	* <td>SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA</td>
				140	* <td>9+</td>
Alex Klyubin	9a61ef3	2013-12-18 11:03:17 -0800	[diff] [blame]	141	* <td>9-19</td>
Alex Klyubin	50ef556	2013-12-10 14:56:33 -0800	[diff] [blame]	142	* </tr>
				143	* <tr>
				144	* <td>SSL_DHE_RSA_WITH_DES_CBC_SHA</td>
				145	* <td>9+</td>
				146	* <td>9-19</td>
				147	* </tr>
				148	* <tr>
				149	* <td>SSL_DH_anon_EXPORT_WITH_DES40_CBC_SHA</td>
				150	* <td>9+</td>
				151	* <td></td>
				152	* </tr>
				153	* <tr>
				154	* <td>SSL_DH_anon_EXPORT_WITH_RC4_40_MD5</td>
				155	* <td>9+</td>
				156	* <td></td>
				157	* </tr>
				158	* <tr>
				159	* <td>SSL_DH_anon_WITH_3DES_EDE_CBC_SHA</td>
				160	* <td>9+</td>
				161	* <td></td>
				162	* </tr>
				163	* <tr>
				164	* <td>SSL_DH_anon_WITH_DES_CBC_SHA</td>
				165	* <td>9+</td>
				166	* <td></td>
				167	* </tr>
				168	* <tr>
				169	* <td>SSL_DH_anon_WITH_RC4_128_MD5</td>
				170	* <td>9+</td>
				171	* <td></td>
				172	* </tr>
				173	* <tr>
				174	* <td>SSL_RSA_EXPORT_WITH_DES40_CBC_SHA</td>
				175	* <td>9+</td>
				176	* <td>9-19</td>
				177	* </tr>
				178	* <tr>
				179	* <td>SSL_RSA_EXPORT_WITH_RC4_40_MD5</td>
				180	* <td>9+</td>
				181	* <td>9-19</td>
				182	* </tr>
				183	* <tr>
				184	* <td>SSL_RSA_WITH_3DES_EDE_CBC_SHA</td>
				185	* <td>9+</td>
Alex Klyubin	9a61ef3	2013-12-18 11:03:17 -0800	[diff] [blame]	186	* <td>9-19</td>
Alex Klyubin	50ef556	2013-12-10 14:56:33 -0800	[diff] [blame]	187	* </tr>
				188	* <tr>
				189	* <td>SSL_RSA_WITH_DES_CBC_SHA</td>
				190	* <td>9+</td>
				191	* <td>9-19</td>
				192	* </tr>
				193	* <tr>
				194	* <td>SSL_RSA_WITH_NULL_MD5</td>
				195	* <td>9+</td>
				196	* <td></td>
				197	* </tr>
				198	* <tr>
				199	* <td>SSL_RSA_WITH_NULL_SHA</td>
				200	* <td>9+</td>
				201	* <td></td>
				202	* </tr>
				203	* <tr>
				204	* <td>SSL_RSA_WITH_RC4_128_MD5</td>
				205	* <td>9+</td>
Alex Klyubin	71fa3ff	2013-12-18 14:13:01 -0800	[diff] [blame]	206	* <td>9-19</td>
Alex Klyubin	50ef556	2013-12-10 14:56:33 -0800	[diff] [blame]	207	* </tr>
				208	* <tr>
				209	* <td>SSL_RSA_WITH_RC4_128_SHA</td>
				210	* <td>9+</td>
				211	* <td>9+</td>
				212	* </tr>
				213	* <tr>
				214	* <td>TLS_DHE_DSS_WITH_AES_128_CBC_SHA</td>
				215	* <td>9+</td>
				216	* <td>9+</td>
				217	* </tr>
				218	* <tr>
Alex Klyubin	9e73d3f	2013-12-17 12:28:19 -0800	[diff] [blame]	219	* <td>TLS_DHE_DSS_WITH_AES_128_CBC_SHA256</td>
				220	* <td>20+</td>
				221	* <td></td>
				222	* </tr>
				223	* <tr>
				224	* <td>TLS_DHE_DSS_WITH_AES_128_GCM_SHA256</td>
				225	* <td>20+</td>
				226	* <td></td>
				227	* </tr>
				228	* <tr>
Alex Klyubin	50ef556	2013-12-10 14:56:33 -0800	[diff] [blame]	229	* <td>TLS_DHE_DSS_WITH_AES_256_CBC_SHA</td>
				230	* <td>9+</td>
				231	* <td>11+</td>
				232	* </tr>
				233	* <tr>
Alex Klyubin	9e73d3f	2013-12-17 12:28:19 -0800	[diff] [blame]	234	* <td>TLS_DHE_DSS_WITH_AES_256_CBC_SHA256</td>
				235	* <td>20+</td>
				236	* <td></td>
				237	* </tr>
				238	* <tr>
				239	* <td>TLS_DHE_DSS_WITH_AES_256_GCM_SHA384</td>
				240	* <td>20+</td>
				241	* <td></td>
				242	* </tr>
				243	* <tr>
Alex Klyubin	50ef556	2013-12-10 14:56:33 -0800	[diff] [blame]	244	* <td>TLS_DHE_RSA_WITH_AES_128_CBC_SHA</td>
				245	* <td>9+</td>
				246	* <td>9+</td>
				247	* </tr>
				248	* <tr>
Alex Klyubin	9e73d3f	2013-12-17 12:28:19 -0800	[diff] [blame]	249	* <td>TLS_DHE_RSA_WITH_AES_128_CBC_SHA256</td>
				250	* <td>20+</td>
				251	* <td></td>
				252	* </tr>
				253	* <tr>
				254	* <td>TLS_DHE_RSA_WITH_AES_128_GCM_SHA256</td>
				255	* <td>20+</td>
Alex Klyubin	0f0e96a	2013-12-17 14:36:43 -0800	[diff] [blame]	256	* <td>20+</td>
Alex Klyubin	9e73d3f	2013-12-17 12:28:19 -0800	[diff] [blame]	257	* </tr>
				258	* <tr>
Alex Klyubin	50ef556	2013-12-10 14:56:33 -0800	[diff] [blame]	259	* <td>TLS_DHE_RSA_WITH_AES_256_CBC_SHA</td>
				260	* <td>9+</td>
				261	* <td>11+</td>
				262	* </tr>
				263	* <tr>
Alex Klyubin	9e73d3f	2013-12-17 12:28:19 -0800	[diff] [blame]	264	* <td>TLS_DHE_RSA_WITH_AES_256_CBC_SHA256</td>
				265	* <td>20+</td>
				266	* <td></td>
				267	* </tr>
				268	* <tr>
				269	* <td>TLS_DHE_RSA_WITH_AES_256_GCM_SHA384</td>
				270	* <td>20+</td>
Alex Klyubin	0f0e96a	2013-12-17 14:36:43 -0800	[diff] [blame]	271	* <td>20+</td>
Alex Klyubin	9e73d3f	2013-12-17 12:28:19 -0800	[diff] [blame]	272	* </tr>
				273	* <tr>
Alex Klyubin	50ef556	2013-12-10 14:56:33 -0800	[diff] [blame]	274	* <td>TLS_DH_anon_WITH_AES_128_CBC_SHA</td>
				275	* <td>9+</td>
				276	* <td></td>
				277	* </tr>
				278	* <tr>
Alex Klyubin	9e73d3f	2013-12-17 12:28:19 -0800	[diff] [blame]	279	* <td>TLS_DH_anon_WITH_AES_128_CBC_SHA256</td>
				280	* <td>20+</td>
				281	* <td></td>
				282	* </tr>
				283	* <tr>
				284	* <td>TLS_DH_anon_WITH_AES_128_GCM_SHA256</td>
				285	* <td>20+</td>
				286	* <td></td>
				287	* </tr>
				288	* <tr>
Alex Klyubin	50ef556	2013-12-10 14:56:33 -0800	[diff] [blame]	289	* <td>TLS_DH_anon_WITH_AES_256_CBC_SHA</td>
				290	* <td>9+</td>
				291	* <td></td>
				292	* </tr>
				293	* <tr>
Alex Klyubin	9e73d3f	2013-12-17 12:28:19 -0800	[diff] [blame]	294	* <td>TLS_DH_anon_WITH_AES_256_CBC_SHA256</td>
				295	* <td>20+</td>
				296	* <td></td>
				297	* </tr>
				298	* <tr>
				299	* <td>TLS_DH_anon_WITH_AES_256_GCM_SHA384</td>
				300	* <td>20+</td>
				301	* <td></td>
				302	* </tr>
				303	* <tr>
Alex Klyubin	50ef556	2013-12-10 14:56:33 -0800	[diff] [blame]	304	* <td>TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA</td>
				305	* <td>11+</td>
Alex Klyubin	9a61ef3	2013-12-18 11:03:17 -0800	[diff] [blame]	306	* <td>11-19</td>
Alex Klyubin	50ef556	2013-12-10 14:56:33 -0800	[diff] [blame]	307	* </tr>
				308	* <tr>
				309	* <td>TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA</td>
				310	* <td>11+</td>
				311	* <td>11+</td>
				312	* </tr>
				313	* <tr>
Alex Klyubin	9e73d3f	2013-12-17 12:28:19 -0800	[diff] [blame]	314	* <td>TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256</td>
				315	* <td>20+</td>
				316	* <td></td>
				317	* </tr>
				318	* <tr>
Alex Klyubin	0f0e96a	2013-12-17 14:36:43 -0800	[diff] [blame]	319	* <td>TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256</td>
Alex Klyubin	9e73d3f	2013-12-17 12:28:19 -0800	[diff] [blame]	320	* <td>20+</td>
Alex Klyubin	0f0e96a	2013-12-17 14:36:43 -0800	[diff] [blame]	321	* <td>20+</td>
Alex Klyubin	9e73d3f	2013-12-17 12:28:19 -0800	[diff] [blame]	322	* </tr>
				323	* <tr>
Alex Klyubin	50ef556	2013-12-10 14:56:33 -0800	[diff] [blame]	324	* <td>TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA</td>
				325	* <td>11+</td>
				326	* <td>11+</td>
				327	* </tr>
				328	* <tr>
Alex Klyubin	9e73d3f	2013-12-17 12:28:19 -0800	[diff] [blame]	329	* <td>TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384</td>
				330	* <td>20+</td>
				331	* <td></td>
				332	* </tr>
				333	* <tr>
				334	* <td>TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384</td>
				335	* <td>20+</td>
Alex Klyubin	0f0e96a	2013-12-17 14:36:43 -0800	[diff] [blame]	336	* <td>20+</td>
Alex Klyubin	9e73d3f	2013-12-17 12:28:19 -0800	[diff] [blame]	337	* </tr>
				338	* <tr>
Alex Klyubin	50ef556	2013-12-10 14:56:33 -0800	[diff] [blame]	339	* <td>TLS_ECDHE_ECDSA_WITH_NULL_SHA</td>
				340	* <td>11+</td>
				341	* <td></td>
				342	* </tr>
				343	* <tr>
				344	* <td>TLS_ECDHE_ECDSA_WITH_RC4_128_SHA</td>
				345	* <td>11+</td>
				346	* <td>11+</td>
				347	* </tr>
				348	* <tr>
				349	* <td>TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA</td>
				350	* <td>11+</td>
Alex Klyubin	9a61ef3	2013-12-18 11:03:17 -0800	[diff] [blame]	351	* <td>11-19</td>
Alex Klyubin	50ef556	2013-12-10 14:56:33 -0800	[diff] [blame]	352	* </tr>
				353	* <tr>
				354	* <td>TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA</td>
				355	* <td>11+</td>
				356	* <td>11+</td>
				357	* </tr>
				358	* <tr>
Alex Klyubin	9e73d3f	2013-12-17 12:28:19 -0800	[diff] [blame]	359	* <td>TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256</td>
				360	* <td>20+</td>
				361	* <td></td>
				362	* </tr>
				363	* <tr>
				364	* <td>TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256</td>
				365	* <td>20+</td>
Alex Klyubin	0f0e96a	2013-12-17 14:36:43 -0800	[diff] [blame]	366	* <td>20+</td>
Alex Klyubin	9e73d3f	2013-12-17 12:28:19 -0800	[diff] [blame]	367	* </tr>
				368	* <tr>
Alex Klyubin	50ef556	2013-12-10 14:56:33 -0800	[diff] [blame]	369	* <td>TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA</td>
				370	* <td>11+</td>
				371	* <td>11+</td>
				372	* </tr>
				373	* <tr>
Alex Klyubin	9e73d3f	2013-12-17 12:28:19 -0800	[diff] [blame]	374	* <td>TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384</td>
				375	* <td>20+</td>
				376	* <td></td>
				377	* </tr>
				378	* <tr>
				379	* <td>TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384</td>
				380	* <td>20+</td>
Alex Klyubin	0f0e96a	2013-12-17 14:36:43 -0800	[diff] [blame]	381	* <td>20+</td>
Alex Klyubin	9e73d3f	2013-12-17 12:28:19 -0800	[diff] [blame]	382	* </tr>
				383	* <tr>
Alex Klyubin	50ef556	2013-12-10 14:56:33 -0800	[diff] [blame]	384	* <td>TLS_ECDHE_RSA_WITH_NULL_SHA</td>
				385	* <td>11+</td>
				386	* <td></td>
				387	* </tr>
				388	* <tr>
				389	* <td>TLS_ECDHE_RSA_WITH_RC4_128_SHA</td>
				390	* <td>11+</td>
				391	* <td>11+</td>
				392	* </tr>
				393	* <tr>
				394	* <td>TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA</td>
				395	* <td>11+</td>
Alex Klyubin	5b15ad6	2013-12-17 16:55:38 -0800	[diff] [blame]	396	* <td>11-19</td>
Alex Klyubin	50ef556	2013-12-10 14:56:33 -0800	[diff] [blame]	397	* </tr>
				398	* <tr>
				399	* <td>TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA</td>
				400	* <td>11+</td>
Alex Klyubin	5b15ad6	2013-12-17 16:55:38 -0800	[diff] [blame]	401	* <td>11-19</td>
Alex Klyubin	50ef556	2013-12-10 14:56:33 -0800	[diff] [blame]	402	* </tr>
				403	* <tr>
Alex Klyubin	9e73d3f	2013-12-17 12:28:19 -0800	[diff] [blame]	404	* <td>TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256</td>
				405	* <td>20+</td>
				406	* <td></td>
				407	* </tr>
				408	* <tr>
				409	* <td>TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256</td>
				410	* <td>20+</td>
				411	* <td></td>
				412	* </tr>
				413	* <tr>
Alex Klyubin	50ef556	2013-12-10 14:56:33 -0800	[diff] [blame]	414	* <td>TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA</td>
				415	* <td>11+</td>
Alex Klyubin	5b15ad6	2013-12-17 16:55:38 -0800	[diff] [blame]	416	* <td>11-19</td>
Alex Klyubin	50ef556	2013-12-10 14:56:33 -0800	[diff] [blame]	417	* </tr>
				418	* <tr>
Alex Klyubin	9e73d3f	2013-12-17 12:28:19 -0800	[diff] [blame]	419	* <td>TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384</td>
				420	* <td>20+</td>
				421	* <td></td>
				422	* </tr>
				423	* <tr>
				424	* <td>TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384</td>
				425	* <td>20+</td>
				426	* <td></td>
				427	* </tr>
				428	* <tr>
Alex Klyubin	50ef556	2013-12-10 14:56:33 -0800	[diff] [blame]	429	* <td>TLS_ECDH_ECDSA_WITH_NULL_SHA</td>
				430	* <td>11+</td>
				431	* <td></td>
				432	* </tr>
				433	* <tr>
				434	* <td>TLS_ECDH_ECDSA_WITH_RC4_128_SHA</td>
				435	* <td>11+</td>
Alex Klyubin	5b15ad6	2013-12-17 16:55:38 -0800	[diff] [blame]	436	* <td>11-19</td>
Alex Klyubin	50ef556	2013-12-10 14:56:33 -0800	[diff] [blame]	437	* </tr>
				438	* <tr>
				439	* <td>TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA</td>
				440	* <td>11+</td>
Alex Klyubin	5b15ad6	2013-12-17 16:55:38 -0800	[diff] [blame]	441	* <td>11-19</td>
Alex Klyubin	50ef556	2013-12-10 14:56:33 -0800	[diff] [blame]	442	* </tr>
				443	* <tr>
				444	* <td>TLS_ECDH_RSA_WITH_AES_128_CBC_SHA</td>
				445	* <td>11+</td>
Alex Klyubin	5b15ad6	2013-12-17 16:55:38 -0800	[diff] [blame]	446	* <td>11-19</td>
Alex Klyubin	50ef556	2013-12-10 14:56:33 -0800	[diff] [blame]	447	* </tr>
				448	* <tr>
Alex Klyubin	9e73d3f	2013-12-17 12:28:19 -0800	[diff] [blame]	449	* <td>TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256</td>
				450	* <td>20+</td>
				451	* <td></td>
				452	* </tr>
				453	* <tr>
				454	* <td>TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256</td>
				455	* <td>20+</td>
				456	* <td></td>
				457	* </tr>
				458	* <tr>
Alex Klyubin	50ef556	2013-12-10 14:56:33 -0800	[diff] [blame]	459	* <td>TLS_ECDH_RSA_WITH_AES_256_CBC_SHA</td>
				460	* <td>11+</td>
Alex Klyubin	5b15ad6	2013-12-17 16:55:38 -0800	[diff] [blame]	461	* <td>11-19</td>
Alex Klyubin	50ef556	2013-12-10 14:56:33 -0800	[diff] [blame]	462	* </tr>
				463	* <tr>
Alex Klyubin	9e73d3f	2013-12-17 12:28:19 -0800	[diff] [blame]	464	* <td>TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384</td>
				465	* <td>20+</td>
				466	* <td></td>
				467	* </tr>
				468	* <tr>
				469	* <td>TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384</td>
				470	* <td>20+</td>
				471	* <td></td>
				472	* </tr>
				473	* <tr>
Alex Klyubin	50ef556	2013-12-10 14:56:33 -0800	[diff] [blame]	474	* <td>TLS_ECDH_RSA_WITH_NULL_SHA</td>
				475	* <td>11+</td>
				476	* <td></td>
				477	* </tr>
				478	* <tr>
				479	* <td>TLS_ECDH_RSA_WITH_RC4_128_SHA</td>
				480	* <td>11+</td>
Alex Klyubin	5b15ad6	2013-12-17 16:55:38 -0800	[diff] [blame]	481	* <td>11-19</td>
Alex Klyubin	50ef556	2013-12-10 14:56:33 -0800	[diff] [blame]	482	* </tr>
				483	* <tr>
				484	* <td>TLS_ECDH_anon_WITH_3DES_EDE_CBC_SHA</td>
				485	* <td>11+</td>
				486	* <td></td>
				487	* </tr>
				488	* <tr>
				489	* <td>TLS_ECDH_anon_WITH_AES_128_CBC_SHA</td>
				490	* <td>11+</td>
				491	* <td></td>
				492	* </tr>
				493	* <tr>
				494	* <td>TLS_ECDH_anon_WITH_AES_256_CBC_SHA</td>
				495	* <td>11+</td>
				496	* <td></td>
				497	* </tr>
				498	* <tr>
				499	* <td>TLS_ECDH_anon_WITH_NULL_SHA</td>
				500	* <td>11+</td>
				501	* <td></td>
				502	* </tr>
				503	* <tr>
				504	* <td>TLS_EMPTY_RENEGOTIATION_INFO_SCSV</td>
				505	* <td>11+</td>
				506	* <td>11+</td>
				507	* </tr>
				508	* <tr>
				509	* <td>TLS_ECDH_anon_WITH_RC4_128_SHA</td>
				510	* <td>11+</td>
				511	* <td></td>
				512	* </tr>
				513	* <tr>
				514	* <td>TLS_RSA_WITH_AES_128_CBC_SHA</td>
				515	* <td>9+</td>
				516	* <td>9+</td>
				517	* </tr>
				518	* <tr>
Alex Klyubin	9e73d3f	2013-12-17 12:28:19 -0800	[diff] [blame]	519	* <td>TLS_RSA_WITH_AES_128_CBC_SHA256</td>
				520	* <td>20+</td>
				521	* <td></td>
				522	* </tr>
				523	* <tr>
				524	* <td>TLS_RSA_WITH_AES_128_GCM_SHA256</td>
				525	* <td>20+</td>
Alex Klyubin	0f0e96a	2013-12-17 14:36:43 -0800	[diff] [blame]	526	* <td>20+</td>
Alex Klyubin	9e73d3f	2013-12-17 12:28:19 -0800	[diff] [blame]	527	* </tr>
				528	* <tr>
Alex Klyubin	50ef556	2013-12-10 14:56:33 -0800	[diff] [blame]	529	* <td>TLS_RSA_WITH_AES_256_CBC_SHA</td>
				530	* <td>9+</td>
				531	* <td>11+</td>
				532	* </tr>
Alex Klyubin	9e73d3f	2013-12-17 12:28:19 -0800	[diff] [blame]	533	* <tr>
				534	* <td>TLS_RSA_WITH_AES_256_CBC_SHA256</td>
				535	* <td>20+</td>
				536	* <td></td>
				537	* </tr>
				538	* <tr>
				539	* <td>TLS_RSA_WITH_AES_256_GCM_SHA384</td>
				540	* <td>20+</td>
Alex Klyubin	0f0e96a	2013-12-17 14:36:43 -0800	[diff] [blame]	541	* <td>20+</td>
Alex Klyubin	9e73d3f	2013-12-17 12:28:19 -0800	[diff] [blame]	542	* </tr>
				543	* <tr>
				544	* <td>TLS_RSA_WITH_NULL_SHA256</td>
				545	* <td>20+</td>
				546	* <td></td>
				547	* </tr>
Alex Klyubin	50ef556	2013-12-10 14:56:33 -0800	[diff] [blame]	548	* </tbody>
				549	* </table>
				550	*
				551	* <p>API Levels 1 to 8 use OpenSSL names for cipher suites. The table below
				552	* lists these OpenSSL names and their corresponding standard names used in API
				553	* Levels 9 and newer.
				554	* <table>
				555	* <thead>
				556	* <tr>
				557	* <th>OpenSSL cipher suite</th>
				558	* <th>Standard cipher suite</th>
				559	* <th>Supported (API Levels)</th>
				560	* <th>Enabled by default (API Levels)</th>
				561	* </tr>
				562	* </thead>
				563	*
				564	* <tbody>
				565	* <tr>
				566	* <td>AES128-SHA</td>
				567	* <td>TLS_RSA_WITH_AES_128_CBC_SHA</td>
				568	* <td>1+</td>
				569	* <td>1+</td>
				570	* </tr>
				571	* <tr>
				572	* <td>AES256-SHA</td>
				573	* <td>TLS_RSA_WITH_AES_256_CBC_SHA</td>
				574	* <td>1+</td>
				575	* <td>1-8, 11+</td>
				576	* </tr>
				577	* <tr>
				578	* <td>DES-CBC-MD5</td>
				579	* <td>SSL_CK_DES_64_CBC_WITH_MD5</td>
				580	* <td>1-8</td>
				581	* <td>1-8</td>
				582	* </tr>
				583	* <tr>
				584	* <td>DES-CBC-SHA</td>
				585	* <td>SSL_RSA_WITH_DES_CBC_SHA</td>
				586	* <td>1+</td>
				587	* <td>1-19</td>
				588	* </tr>
				589	* <tr>
				590	* <td>DES-CBC3-MD5</td>
				591	* <td>SSL_CK_DES_192_EDE3_CBC_WITH_MD5</td>
				592	* <td>1-8</td>
				593	* <td>1-8</td>
				594	* </tr>
				595	* <tr>
				596	* <td>DES-CBC3-SHA</td>
				597	* <td>SSL_RSA_WITH_3DES_EDE_CBC_SHA</td>
				598	* <td>1+</td>
Alex Klyubin	9a61ef3	2013-12-18 11:03:17 -0800	[diff] [blame]	599	* <td>1-19</td>
Alex Klyubin	50ef556	2013-12-10 14:56:33 -0800	[diff] [blame]	600	* </tr>
				601	* <tr>
				602	* <td>DHE-DSS-AES128-SHA</td>
				603	* <td>TLS_DHE_DSS_WITH_AES_128_CBC_SHA</td>
				604	* <td>1+</td>
				605	* <td>1+</td>
				606	* </tr>
				607	* <tr>
				608	* <td>DHE-DSS-AES256-SHA</td>
				609	* <td>TLS_DHE_DSS_WITH_AES_256_CBC_SHA</td>
				610	* <td>1+</td>
				611	* <td>1-8, 11+</td>
				612	* </tr>
				613	* <tr>
				614	* <td>DHE-RSA-AES128-SHA</td>
				615	* <td>TLS_DHE_RSA_WITH_AES_128_CBC_SHA</td>
				616	* <td>1+</td>
				617	* <td>1+</td>
				618	* </tr>
				619	* <tr>
				620	* <td>DHE-RSA-AES256-SHA</td>
				621	* <td>TLS_DHE_RSA_WITH_AES_256_CBC_SHA</td>
				622	* <td>1+</td>
				623	* <td>1-8, 11+</td>
				624	* </tr>
				625	* <tr>
				626	* <td>EDH-DSS-DES-CBC-SHA</td>
				627	* <td>SSL_DHE_DSS_WITH_DES_CBC_SHA</td>
				628	* <td>1+</td>
				629	* <td>1-19</td>
				630	* </tr>
				631	* <tr>
				632	* <td>EDH-DSS-DES-CBC3-SHA</td>
				633	* <td>SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA</td>
				634	* <td>1+</td>
Alex Klyubin	9a61ef3	2013-12-18 11:03:17 -0800	[diff] [blame]	635	* <td>1-19</td>
Alex Klyubin	50ef556	2013-12-10 14:56:33 -0800	[diff] [blame]	636	* </tr>
				637	* <tr>
				638	* <td>EDH-RSA-DES-CBC-SHA</td>
				639	* <td>SSL_DHE_RSA_WITH_DES_CBC_SHA</td>
				640	* <td>1+</td>
				641	* <td>1-19</td>
				642	* </tr>
				643	* <tr>
				644	* <td>EDH-RSA-DES-CBC3-SHA</td>
				645	* <td>SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA</td>
				646	* <td>1+</td>
Alex Klyubin	9a61ef3	2013-12-18 11:03:17 -0800	[diff] [blame]	647	* <td>1-19</td>
Alex Klyubin	50ef556	2013-12-10 14:56:33 -0800	[diff] [blame]	648	* </tr>
				649	* <tr>
				650	* <td>EXP-DES-CBC-SHA</td>
				651	* <td>SSL_RSA_EXPORT_WITH_DES40_CBC_SHA</td>
				652	* <td>1+</td>
				653	* <td>1-19</td>
				654	* </tr>
				655	* <tr>
				656	* <td>EXP-EDH-DSS-DES-CBC-SHA</td>
				657	* <td>SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA</td>
				658	* <td>1+</td>
				659	* <td>1-19</td>
				660	* </tr>
				661	* <tr>
				662	* <td>EXP-EDH-RSA-DES-CBC-SHA</td>
				663	* <td>SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA</td>
				664	* <td>1+</td>
				665	* <td>1-19</td>
				666	* </tr>
				667	* <tr>
				668	* <td>EXP-RC2-CBC-MD5</td>
				669	* <td>SSL_RSA_EXPORT_WITH_RC2_CBC_40_MD5</td>
				670	* <td>1-8</td>
				671	* <td>1-8</td>
				672	* </tr>
				673	* <tr>
				674	* <td>EXP-RC4-MD5</td>
				675	* <td>SSL_RSA_EXPORT_WITH_RC4_40_MD5</td>
				676	* <td>1+</td>
				677	* <td>1-19</td>
				678	* </tr>
				679	* <tr>
				680	* <td>RC2-CBC-MD5</td>
				681	* <td>SSL_CK_RC2_128_CBC_WITH_MD5</td>
				682	* <td>1-8</td>
				683	* <td>1-8</td>
				684	* </tr>
				685	* <tr>
				686	* <td>RC4-MD5</td>
				687	* <td>SSL_RSA_WITH_RC4_128_MD5</td>
				688	* <td>1+</td>
Alex Klyubin	71fa3ff	2013-12-18 14:13:01 -0800	[diff] [blame]	689	* <td>1-19</td>
Alex Klyubin	50ef556	2013-12-10 14:56:33 -0800	[diff] [blame]	690	* </tr>
				691	* <tr>
				692	* <td>RC4-SHA</td>
				693	* <td>SSL_RSA_WITH_RC4_128_SHA</td>
				694	* <td>1+</td>
				695	* <td>1+</td>
				696	* </tr>
				697	* </tbody>
				698	* </table>
The Android Open Source Project	adc854b	2009-03-03 19:28:47 -0800	[diff] [blame]	699	*/
				700	public abstract class SSLSocket extends Socket {
Jesse Wilson	f921579	2009-08-25 16:30:17 -0700	[diff] [blame]	701
The Android Open Source Project	adc854b	2009-03-03 19:28:47 -0800	[diff] [blame]	702	/**
				703	* Only to be used by subclasses.
				704	* <p>
				705	* Creates a TCP socket.
The Android Open Source Project	adc854b	2009-03-03 19:28:47 -0800	[diff] [blame]	706	*/
				707	protected SSLSocket() {
The Android Open Source Project	adc854b	2009-03-03 19:28:47 -0800	[diff] [blame]	708	}
				709
				710	/**
				711	* Only to be used by subclasses.
				712	* <p>
				713	* Creates a TCP socket connection to the specified host at the specified
				714	* port.
Jesse Wilson	f921579	2009-08-25 16:30:17 -0700	[diff] [blame]	715	*
The Android Open Source Project	adc854b	2009-03-03 19:28:47 -0800	[diff] [blame]	716	* @param host
				717	* the host name to connect to.
				718	* @param port
				719	* the port number to connect to.
				720	* @throws IOException
				721	* if creating the socket fails.
				722	* @throws UnknownHostException
				723	* if the specified host is not known.
The Android Open Source Project	adc854b	2009-03-03 19:28:47 -0800	[diff] [blame]	724	*/
Jesse Wilson	f921579	2009-08-25 16:30:17 -0700	[diff] [blame]	725	protected SSLSocket(String host, int port) throws IOException, UnknownHostException {
The Android Open Source Project	adc854b	2009-03-03 19:28:47 -0800	[diff] [blame]	726	super(host, port);
				727	}
				728
				729	/**
				730	* Only to be used by subclasses.
				731	* <p>
				732	* Creates a TCP socket connection to the specified address at the specified
				733	* port.
Jesse Wilson	f921579	2009-08-25 16:30:17 -0700	[diff] [blame]	734	*
The Android Open Source Project	adc854b	2009-03-03 19:28:47 -0800	[diff] [blame]	735	* @param address
				736	* the address to connect to.
				737	* @param port
				738	* the port number to connect to.
				739	* @throws IOException
				740	* if creating the socket fails.
The Android Open Source Project	adc854b	2009-03-03 19:28:47 -0800	[diff] [blame]	741	*/
				742	protected SSLSocket(InetAddress address, int port) throws IOException {
				743	super(address, port);
				744	}
				745
				746	/**
				747	* Only to be used by subclasses.
				748	* <p>
				749	* Creates a TCP socket connection to the specified host at the specified
				750	* port with the client side bound to the specified address and port.
Jesse Wilson	f921579	2009-08-25 16:30:17 -0700	[diff] [blame]	751	*
The Android Open Source Project	adc854b	2009-03-03 19:28:47 -0800	[diff] [blame]	752	* @param host
				753	* the host name to connect to.
				754	* @param port
				755	* the port number to connect to.
				756	* @param clientAddress
				757	* the client address to bind to
				758	* @param clientPort
				759	* the client port number to bind to.
				760	* @throws IOException
				761	* if creating the socket fails.
				762	* @throws UnknownHostException
				763	* if the specified host is not known.
The Android Open Source Project	adc854b	2009-03-03 19:28:47 -0800	[diff] [blame]	764	*/
Jesse Wilson	f921579	2009-08-25 16:30:17 -0700	[diff] [blame]	765	protected SSLSocket(String host, int port, InetAddress clientAddress, int clientPort)
				766	throws IOException, UnknownHostException {
The Android Open Source Project	adc854b	2009-03-03 19:28:47 -0800	[diff] [blame]	767	super(host, port, clientAddress, clientPort);
				768	}
				769
				770	/**
				771	* Only to be used by subclasses.
				772	* <p>
				773	* Creates a TCP socket connection to the specified address at the specified
				774	* port with the client side bound to the specified address and port.
Jesse Wilson	f921579	2009-08-25 16:30:17 -0700	[diff] [blame]	775	*
The Android Open Source Project	adc854b	2009-03-03 19:28:47 -0800	[diff] [blame]	776	* @param address
				777	* the address to connect to.
				778	* @param port
				779	* the port number to connect to.
				780	* @param clientAddress
				781	* the client address to bind to.
				782	* @param clientPort
				783	* the client port number to bind to.
				784	* @throws IOException
				785	* if creating the socket fails.
The Android Open Source Project	adc854b	2009-03-03 19:28:47 -0800	[diff] [blame]	786	*/
Jesse Wilson	f921579	2009-08-25 16:30:17 -0700	[diff] [blame]	787	protected SSLSocket(InetAddress address, int port, InetAddress clientAddress, int clientPort)
				788	throws IOException {
The Android Open Source Project	adc854b	2009-03-03 19:28:47 -0800	[diff] [blame]	789	super(address, port, clientAddress, clientPort);
				790	}
Jesse Wilson	f921579	2009-08-25 16:30:17 -0700	[diff] [blame]	791
The Android Open Source Project	adc854b	2009-03-03 19:28:47 -0800	[diff] [blame]	792	/**
Jesse Wilson	0c58d22	2011-06-23 14:59:32 -0700	[diff] [blame]	793	* Unsupported for SSL because reading from an SSL socket may require
				794	* writing to the network.
				795	*/
				796	@Override public void shutdownInput() throws IOException {
				797	throw new UnsupportedOperationException();
				798	}
				799
				800	/**
				801	* Unsupported for SSL because writing to an SSL socket may require reading
				802	* from the network.
				803	*/
				804	@Override public void shutdownOutput() throws IOException {
				805	throw new UnsupportedOperationException();
				806	}
				807
				808	/**
The Android Open Source Project	adc854b	2009-03-03 19:28:47 -0800	[diff] [blame]	809	* Returns the names of the supported cipher suites.
The Android Open Source Project	adc854b	2009-03-03 19:28:47 -0800	[diff] [blame]	810	*/
				811	public abstract String[] getSupportedCipherSuites();
Jesse Wilson	f921579	2009-08-25 16:30:17 -0700	[diff] [blame]	812
The Android Open Source Project	adc854b	2009-03-03 19:28:47 -0800	[diff] [blame]	813	/**
				814	* Returns the names of the enabled cipher suites.
The Android Open Source Project	adc854b	2009-03-03 19:28:47 -0800	[diff] [blame]	815	*/
				816	public abstract String[] getEnabledCipherSuites();
Jesse Wilson	f921579	2009-08-25 16:30:17 -0700	[diff] [blame]	817
The Android Open Source Project	adc854b	2009-03-03 19:28:47 -0800	[diff] [blame]	818	/**
				819	* Sets the names of the cipher suites to be enabled.
				820	* Only cipher suites returned by {@link #getSupportedCipherSuites()} are
				821	* allowed.
Jesse Wilson	f921579	2009-08-25 16:30:17 -0700	[diff] [blame]	822	*
The Android Open Source Project	adc854b	2009-03-03 19:28:47 -0800	[diff] [blame]	823	* @param suites
				824	* the names of the to be enabled cipher suites.
				825	* @throws IllegalArgumentException
				826	* if one of the cipher suite names is not supported.
The Android Open Source Project	adc854b	2009-03-03 19:28:47 -0800	[diff] [blame]	827	*/
				828	public abstract void setEnabledCipherSuites(String[] suites);
Jesse Wilson	f921579	2009-08-25 16:30:17 -0700	[diff] [blame]	829
The Android Open Source Project	adc854b	2009-03-03 19:28:47 -0800	[diff] [blame]	830	/**
				831	* Returns the names of the supported protocols.
The Android Open Source Project	adc854b	2009-03-03 19:28:47 -0800	[diff] [blame]	832	*/
				833	public abstract String[] getSupportedProtocols();
Jesse Wilson	f921579	2009-08-25 16:30:17 -0700	[diff] [blame]	834
The Android Open Source Project	adc854b	2009-03-03 19:28:47 -0800	[diff] [blame]	835	/**
				836	* Returns the names of the enabled protocols.
The Android Open Source Project	adc854b	2009-03-03 19:28:47 -0800	[diff] [blame]	837	*/
				838	public abstract String[] getEnabledProtocols();
Jesse Wilson	f921579	2009-08-25 16:30:17 -0700	[diff] [blame]	839
The Android Open Source Project	adc854b	2009-03-03 19:28:47 -0800	[diff] [blame]	840	/**
				841	* Sets the names of the protocols to be enabled. Only
				842	* protocols returned by {@link #getSupportedProtocols()} are allowed.
Jesse Wilson	f921579	2009-08-25 16:30:17 -0700	[diff] [blame]	843	*
The Android Open Source Project	adc854b	2009-03-03 19:28:47 -0800	[diff] [blame]	844	* @param protocols
				845	* the names of the to be enabled protocols.
				846	* @throws IllegalArgumentException
				847	* if one of the protocols is not supported.
The Android Open Source Project	adc854b	2009-03-03 19:28:47 -0800	[diff] [blame]	848	*/
				849	public abstract void setEnabledProtocols(String[] protocols);
Jesse Wilson	f921579	2009-08-25 16:30:17 -0700	[diff] [blame]	850
The Android Open Source Project	adc854b	2009-03-03 19:28:47 -0800	[diff] [blame]	851	/**
				852	* Returns the {@code SSLSession} for this connection. If necessary, a
				853	* handshake will be initiated, in which case this method will block until the handshake
				854	* has been established. If the handshake fails, an invalid session object
				855	* will be returned.
Jesse Wilson	f921579	2009-08-25 16:30:17 -0700	[diff] [blame]	856	*
The Android Open Source Project	adc854b	2009-03-03 19:28:47 -0800	[diff] [blame]	857	* @return the session object.
The Android Open Source Project	adc854b	2009-03-03 19:28:47 -0800	[diff] [blame]	858	*/
				859	public abstract SSLSession getSession();
Jesse Wilson	f921579	2009-08-25 16:30:17 -0700	[diff] [blame]	860
The Android Open Source Project	adc854b	2009-03-03 19:28:47 -0800	[diff] [blame]	861	/**
Kenny Root	70bf6bc	2014-03-20 12:38:31 -0700	[diff] [blame]	862	* Returns the {@code SSLSession} for this connection. It will not initiate
				863	* the handshake and thus will not block until the handshake has been
				864	* established.
Jesse Wilson	f921579	2009-08-25 16:30:17 -0700	[diff] [blame]	865	*
Kenny Root	70bf6bc	2014-03-20 12:38:31 -0700	[diff] [blame]	866	* @return the session object.
				867	* @since 1.7
				868	* @hide
				869	*/
				870	public SSLSession getHandshakeSession() {
				871	throw new UnsupportedOperationException();
				872	}
				873
				874	/**
				875	* Registers the specified listener to receive notification on completion of
				876	* a handshake on this connection.
				877	*
				878	* @param listener the listener to register.
				879	* @throws IllegalArgumentException if {@code listener} is {@code null}.
The Android Open Source Project	adc854b	2009-03-03 19:28:47 -0800	[diff] [blame]	880	*/
				881	public abstract void addHandshakeCompletedListener(HandshakeCompletedListener listener);
Jesse Wilson	f921579	2009-08-25 16:30:17 -0700	[diff] [blame]	882
The Android Open Source Project	adc854b	2009-03-03 19:28:47 -0800	[diff] [blame]	883	/**
				884	* Removes the specified handshake completion listener.
Jesse Wilson	f921579	2009-08-25 16:30:17 -0700	[diff] [blame]	885	*
The Android Open Source Project	adc854b	2009-03-03 19:28:47 -0800	[diff] [blame]	886	* @param listener
				887	* the listener to remove.
				888	* @throws IllegalArgumentException
				889	* if the specified listener is not registered or {@code null}.
The Android Open Source Project	adc854b	2009-03-03 19:28:47 -0800	[diff] [blame]	890	*/
				891	public abstract void removeHandshakeCompletedListener(HandshakeCompletedListener listener);
Jesse Wilson	f921579	2009-08-25 16:30:17 -0700	[diff] [blame]	892
The Android Open Source Project	adc854b	2009-03-03 19:28:47 -0800	[diff] [blame]	893	/**
				894	* Starts a new SSL handshake on this connection.
Jesse Wilson	f921579	2009-08-25 16:30:17 -0700	[diff] [blame]	895	*
The Android Open Source Project	adc854b	2009-03-03 19:28:47 -0800	[diff] [blame]	896	* @throws IOException
				897	* if an error occurs.
The Android Open Source Project	adc854b	2009-03-03 19:28:47 -0800	[diff] [blame]	898	*/
				899	public abstract void startHandshake() throws IOException;
Jesse Wilson	f921579	2009-08-25 16:30:17 -0700	[diff] [blame]	900
The Android Open Source Project	adc854b	2009-03-03 19:28:47 -0800	[diff] [blame]	901	/**
				902	* Sets whether this connection should act in client mode when handshaking.
Jesse Wilson	f921579	2009-08-25 16:30:17 -0700	[diff] [blame]	903	*
The Android Open Source Project	adc854b	2009-03-03 19:28:47 -0800	[diff] [blame]	904	* @param mode
				905	* {@code true} if this connection should act in client mode,
				906	* {@code false} if not.
The Android Open Source Project	adc854b	2009-03-03 19:28:47 -0800	[diff] [blame]	907	*/
				908	public abstract void setUseClientMode(boolean mode);
Jesse Wilson	f921579	2009-08-25 16:30:17 -0700	[diff] [blame]	909
The Android Open Source Project	adc854b	2009-03-03 19:28:47 -0800	[diff] [blame]	910	/**
Jesse Wilson	0c58d22	2011-06-23 14:59:32 -0700	[diff] [blame]	911	* Returns true if this connection will act in client mode when handshaking.
The Android Open Source Project	adc854b	2009-03-03 19:28:47 -0800	[diff] [blame]	912	*/
				913	public abstract boolean getUseClientMode();
Jesse Wilson	f921579	2009-08-25 16:30:17 -0700	[diff] [blame]	914
The Android Open Source Project	adc854b	2009-03-03 19:28:47 -0800	[diff] [blame]	915	/**
Jesse Wilson	0c58d22	2011-06-23 14:59:32 -0700	[diff] [blame]	916	* Sets whether the server should require client authentication. This
				917	* does not apply to sockets in {@link #getUseClientMode() client mode}.
				918	* Client authentication is one of the following:
The Android Open Source Project	adc854b	2009-03-03 19:28:47 -0800	[diff] [blame]	919	* <ul>
				920	* <li>authentication required</li>
				921	* <li>authentication requested</li>
				922	* <li>no authentication needed</li>
				923	* </ul>
				924	* This method overrides the setting of {@link #setWantClientAuth(boolean)}.
The Android Open Source Project	adc854b	2009-03-03 19:28:47 -0800	[diff] [blame]	925	*/
				926	public abstract void setNeedClientAuth(boolean need);
Jesse Wilson	f921579	2009-08-25 16:30:17 -0700	[diff] [blame]	927
The Android Open Source Project	adc854b	2009-03-03 19:28:47 -0800	[diff] [blame]	928	/**
Jesse Wilson	0c58d22	2011-06-23 14:59:32 -0700	[diff] [blame]	929	* Sets whether the server should request client authentication. Unlike
				930	* {@link #setNeedClientAuth} this won't stop the negotiation if the client
				931	* doesn't authenticate. This does not apply to sockets in {@link
				932	* #getUseClientMode() client mode}.The client authentication is one of:
The Android Open Source Project	adc854b	2009-03-03 19:28:47 -0800	[diff] [blame]	933	* <ul>
				934	* <li>authentication required</li>
				935	* <li>authentication requested</li>
				936	* <li>no authentication needed</li>
				937	* </ul>
				938	* This method overrides the setting of {@link #setNeedClientAuth(boolean)}.
The Android Open Source Project	adc854b	2009-03-03 19:28:47 -0800	[diff] [blame]	939	*/
				940	public abstract void setWantClientAuth(boolean want);
Jesse Wilson	f921579	2009-08-25 16:30:17 -0700	[diff] [blame]	941
The Android Open Source Project	adc854b	2009-03-03 19:28:47 -0800	[diff] [blame]	942	/**
Jesse Wilson	0c58d22	2011-06-23 14:59:32 -0700	[diff] [blame]	943	* Returns true if the server socket should require client authentication.
				944	* This does not apply to sockets in {@link #getUseClientMode() client
				945	* mode}.
				946	*/
				947	public abstract boolean getNeedClientAuth();
				948
				949	/**
				950	* Returns true if the server should request client authentication. This
				951	* does not apply to sockets in {@link #getUseClientMode() client mode}.
The Android Open Source Project	adc854b	2009-03-03 19:28:47 -0800	[diff] [blame]	952	*/
				953	public abstract boolean getWantClientAuth();
Jesse Wilson	f921579	2009-08-25 16:30:17 -0700	[diff] [blame]	954
The Android Open Source Project	adc854b	2009-03-03 19:28:47 -0800	[diff] [blame]	955	/**
				956	* Sets whether new SSL sessions may be created by this socket or if
Jesse Wilson	0c58d22	2011-06-23 14:59:32 -0700	[diff] [blame]	957	* existing sessions must be reused. If {@code flag} is false and there are
				958	* no sessions to resume, handshaking will fail.
Jesse Wilson	f921579	2009-08-25 16:30:17 -0700	[diff] [blame]	959	*
Jesse Wilson	0c58d22	2011-06-23 14:59:32 -0700	[diff] [blame]	960	* @param flag {@code true} if new sessions may be created.
The Android Open Source Project	adc854b	2009-03-03 19:28:47 -0800	[diff] [blame]	961	*/
				962	public abstract void setEnableSessionCreation(boolean flag);
Jesse Wilson	f921579	2009-08-25 16:30:17 -0700	[diff] [blame]	963
The Android Open Source Project	adc854b	2009-03-03 19:28:47 -0800	[diff] [blame]	964	/**
				965	* Returns whether new SSL sessions may be created by this socket or if
				966	* existing sessions must be reused.
Jesse Wilson	f921579	2009-08-25 16:30:17 -0700	[diff] [blame]	967	*
The Android Open Source Project	adc854b	2009-03-03 19:28:47 -0800	[diff] [blame]	968	* @return {@code true} if new sessions may be created, otherwise
				969	* {@code false}.
The Android Open Source Project	adc854b	2009-03-03 19:28:47 -0800	[diff] [blame]	970	*/
				971	public abstract boolean getEnableSessionCreation();
Jesse Wilson	f921579	2009-08-25 16:30:17 -0700	[diff] [blame]	972
Brian Carlstrom	0c131a2	2010-05-20 15:27:31 -0700	[diff] [blame]	973	/**
				974	* Returns a new SSLParameters based on this SSLSocket's current
				975	* cipher suites, protocols, and client authentication settings.
				976	*
				977	* @since 1.6
				978	*/
				979	public SSLParameters getSSLParameters() {
				980	SSLParameters p = new SSLParameters();
				981	p.setCipherSuites(getEnabledCipherSuites());
				982	p.setProtocols(getEnabledProtocols());
				983	p.setNeedClientAuth(getNeedClientAuth());
				984	p.setWantClientAuth(getWantClientAuth());
				985	return p;
				986	}
				987
				988	/**
				989	* Sets various SSL handshake parameters based on the SSLParameter
				990	* argument. Specifically, sets the SSLSocket's enabled cipher
				991	* suites if the parameter's cipher suites are non-null. Similarly
				992	* sets the enabled protocols. If the parameters specify the want
				993	* or need for client authentication, those requirements are set
				994	* on the SSLSocket, otherwise both are set to false.
				995	* @since 1.6
				996	*/
				997	public void setSSLParameters(SSLParameters p) {
				998	String[] cipherSuites = p.getCipherSuites();
				999	if (cipherSuites != null) {
				1000	setEnabledCipherSuites(cipherSuites);
				1001	}
				1002	String[] protocols = p.getProtocols();
				1003	if (protocols != null) {
				1004	setEnabledProtocols(protocols);
				1005	}
				1006	if (p.getNeedClientAuth()) {
				1007	setNeedClientAuth(true);
				1008	} else if (p.getWantClientAuth()) {
				1009	setWantClientAuth(true);
				1010	} else {
				1011	setWantClientAuth(false);
				1012	}
				1013	}
Jesse Wilson	f921579	2009-08-25 16:30:17 -0700	[diff] [blame]	1014	}