Tomcat JSS SSL Implementation

SSLImplementation

The SSL implementation needs to extend the org.apache.tomcat.util.net.SSLImplementation class which is defined as follows:

package org.apache.tomcat.util.net;

public class SSLImplementation {

    SSLImplementation();

    static SSLImplementation getInstance(String className);

    abstract SSLSupport getSSLSupport(SSLSession session);
    abstract SSLUtil getSSLUtil(SSLHostConfigCertificate certificate);
}

SSLEngine

SSLEngine is used by AbstractJsseEndpoint.createSSLEngine():

SSLHostConfig sslHostConfig = getSSLHostConfig(sniHostName);

SSLHostConfigCertificate certificate = selectCertificate(sslHostConfig, clientRequestedCiphers);

SSLContext sslContext = certificate.getSslContext();
if (sslContext == null) {
    throw new IllegalStateException(sm.getString("endpoint.jsse.noSslContext", sniHostName));
}

SSLEngine engine = sslContext.createSSLEngine();
switch (sslHostConfig.getCertificateVerification()) {
case NONE:
    engine.setNeedClientAuth(false);
    engine.setWantClientAuth(false);
    break;
case OPTIONAL:
case OPTIONAL_NO_CA:
    engine.setWantClientAuth(true);
    break;
case REQUIRED:
    engine.setNeedClientAuth(true);
    break;
}
engine.setUseClientMode(false);
engine.setEnabledCipherSuites(sslHostConfig.getEnabledCiphers());
engine.setEnabledProtocols(sslHostConfig.getEnabledProtocols());

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Tomcat JSS SSL Implementation

SSLImplementation

SSLEngine

Clone this wiki locally