Home / Class/ OpenSslContextOption Class — netty Architecture

OpenSslContextOption Class — netty Architecture

Architecture documentation for the OpenSslContextOption class in OpenSslContextOption.java from the netty codebase.

Entity Profile

Dependency Diagram

graph TD
  05b39d74_b81a_a3e0_ac6a_6c5cb72688a7["OpenSslContextOption"]
  eef8d375_8ccb_2e42_2ca7_97b2d2ded73c["OpenSslContextOption.java"]
  05b39d74_b81a_a3e0_ac6a_6c5cb72688a7 -->|defined in| eef8d375_8ccb_2e42_2ca7_97b2d2ded73c
  b9acb122_6755_a0bc_a716_062cd39951e7["OpenSslContextOption()"]
  05b39d74_b81a_a3e0_ac6a_6c5cb72688a7 -->|method| b9acb122_6755_a0bc_a716_062cd39951e7

Relationship Graph

Source Code

handler/src/main/java/io/netty/handler/ssl/OpenSslContextOption.java lines 23–105

public final class OpenSslContextOption<T> extends SslContextOption<T> {

    private OpenSslContextOption(String name) {
        super(name);
    }

    /**
     * If enabled heavy-operations may be offloaded from the {@link io.netty.channel.EventLoop} if possible.
     */
    public static final OpenSslContextOption<Boolean> USE_TASKS =
            new OpenSslContextOption<Boolean>("USE_TASKS");
    /**
     * If enabled <a href="https://tools.ietf.org/html/rfc7918">TLS false start</a> will be enabled if supported.
     * When TLS false start is enabled the flow of {@link SslHandshakeCompletionEvent}s may be different compared when,
     * not enabled.
     *
     * This is currently only supported when {@code BoringSSL} and ALPN is used.
     */
    public static final OpenSslContextOption<Boolean> TLS_FALSE_START =
            new OpenSslContextOption<Boolean>("TLS_FALSE_START");

    /**
     * Set the {@link OpenSslPrivateKeyMethod} to use. This allows to offload private-key operations
     * if needed.
     *
     * This is currently only supported when {@code BoringSSL} is used.
     */
    public static final OpenSslContextOption<OpenSslPrivateKeyMethod> PRIVATE_KEY_METHOD =
            new OpenSslContextOption<OpenSslPrivateKeyMethod>("PRIVATE_KEY_METHOD");

    /**
     * Set the {@link OpenSslAsyncPrivateKeyMethod} to use. This allows to offload private-key operations
     * if needed.
     *
     * This is currently only supported when {@code BoringSSL} is used.
     */
    public static final OpenSslContextOption<OpenSslAsyncPrivateKeyMethod> ASYNC_PRIVATE_KEY_METHOD =
            new OpenSslContextOption<OpenSslAsyncPrivateKeyMethod>("ASYNC_PRIVATE_KEY_METHOD");

    /**
     * Set the {@link OpenSslCertificateCompressionConfig} to use. This allows for the configuration of certificate
     * compression algorithms which should be used, the priority of those algorithms and the directions in which
     * they should be used.
     *
     * This is currently only supported when {@code BoringSSL} is used.
     */
    public static final OpenSslContextOption<OpenSslCertificateCompressionConfig> CERTIFICATE_COMPRESSION_ALGORITHMS =
            new OpenSslContextOption<OpenSslCertificateCompressionConfig>("CERTIFICATE_COMPRESSION_ALGORITHMS");

    /**
     * Set the maximum number of bytes that is allowed during the handshake for certificate chain.
     */
    public static final OpenSslContextOption<Integer> MAX_CERTIFICATE_LIST_BYTES =
            new OpenSslContextOption<Integer>("MAX_CERTIFICATE_LIST_BYTES");

    /**
     * Set the groups that should be used. This will override curves set with {@code -Djdk.tls.namedGroups}.
     * <p>
     * See <a href="https://docs.openssl.org/master/man3/SSL_CTX_set1_groups_list/#description">
     *     SSL_CTX_set1_groups_list</a>.
     */
    public static final OpenSslContextOption<String[]> GROUPS = new OpenSslContextOption<String[]>("GROUPS");

    /**
     * Set the desired length of the Diffie-Hellman ephemeral session keys.
     * This will override the key length set with {@code -Djdk.tls.ephemeralDHKeySize}.
     * <p>
     * The only supported values are {@code 512}, {@code 1024}, {@code 2048}, and {@code 4096}.
     * <p>
     * See <a href="https://docs.openssl.org/1.0.2/man3/SSL_CTX_set_tmp_dh_callback/">SSL_CTX_set_tmp_dh_callback</a>.
     */
    public static final OpenSslContextOption<Integer> TMP_DH_KEYLENGTH =
            new OpenSslContextOption<Integer>("TMP_DH_KEYLENGTH");

    /**
     * Set the policy for handling alternative key providers (such as hardware security keys,
     * smart cards, remote signing services, etc.) when using BoringSSL.
     * <p>
     * Note: this feature only works when {@code BoringSSL} or {@code AWS-LC} is used.
     */
    public static final OpenSslContextOption<Boolean> USE_JDK_PROVIDER_SIGNATURES =

Frequently Asked Questions

What is the OpenSslContextOption class?
OpenSslContextOption is a class in the netty codebase, defined in handler/src/main/java/io/netty/handler/ssl/OpenSslContextOption.java.
Where is OpenSslContextOption defined?
OpenSslContextOption is defined in handler/src/main/java/io/netty/handler/ssl/OpenSslContextOption.java at line 23.

Analyze Your Own Codebase

Get architecture documentation, dependency graphs, and domain analysis for your codebase in minutes.

Try Supermodel Free