Added in API level 1

Summary: Protected Ctors | Methods | Inherited Methods

SSLServerSocket

public abstract class SSLServerSocket
extends ServerSocket

java.lang.Object
↳	java.net.ServerSocket
	↳	javax.net.ssl.SSLServerSocket

This class extends ServerSockets and provides secure server sockets using protocols such as the Secure Sockets Layer (SSL) or Transport Layer Security (TLS) protocols.

Instances of this class are generally created using a SSLServerSocketFactory. The primary function of SSLServerSockets is to create SSLSockets by accepting connections.

SSLServerSockets contain several pieces of state data which are inherited by the SSLSocket at socket creation. These include the enabled cipher suites and protocols, whether client authentication is necessary, and whether created sockets should begin handshaking in client or server mode. The state inherited by the created SSLSocket can be overriden by calling the appropriate methods.

See also:

ServerSocket
SSLSocket

Summary

Protected constructors
`SSLServerSocket()` Used only by subclasses.
`SSLServerSocket(int port)` Used only by subclasses.
`SSLServerSocket(int port, int backlog)` Used only by subclasses.
`SSLServerSocket(int port, int backlog, InetAddress address)` Used only by subclasses.

Public methods
`abstract boolean`	`getEnableSessionCreation()` Returns true if new SSL sessions may be established by the sockets which are created from this server socket.
`abstract String[]`	`getEnabledCipherSuites()` Returns the list of cipher suites which are currently enabled for use by newly accepted connections.
`abstract String[]`	`getEnabledProtocols()` Returns the names of the protocols which are currently enabled for use by the newly accepted connections.
`abstract boolean`	`getNeedClientAuth()` Returns true if client authentication will be required on newly `accept`ed server-mode `SSLSocket`s.
`SSLParameters`	`getSSLParameters()` Returns the SSLParameters in effect for newly accepted connections.
`abstract String[]`	`getSupportedCipherSuites()` Returns the names of the cipher suites which could be enabled for use on an SSL connection.
`abstract String[]`	`getSupportedProtocols()` Returns the names of the protocols which could be enabled for use.
`abstract boolean`	`getUseClientMode()` Returns true if accepted connections will be in SSL client mode.
`abstract boolean`	`getWantClientAuth()` Returns true if client authentication will be requested on newly accepted server-mode connections.
`abstract void`	`setEnableSessionCreation(boolean flag)` Controls whether new SSL sessions may be established by the sockets which are created from this server socket.
`abstract void`	`setEnabledCipherSuites(String[] suites)` Sets the cipher suites enabled for use by accepted connections.
`abstract void`	`setEnabledProtocols(String[] protocols)` Controls which particular protocols are enabled for use by accepted connections.
`abstract void`	`setNeedClientAuth(boolean need)` Controls whether `accept`ed server-mode `SSLSockets` will be initially configured to require client authentication.
`void`	`setSSLParameters(SSLParameters params)` Applies SSLParameters to newly accepted connections.
`abstract void`	`setUseClientMode(boolean mode)` Controls whether accepted connections are in the (default) SSL server mode, or the SSL client mode.
`abstract void`	`setWantClientAuth(boolean want)` Controls whether `accept`ed server-mode `SSLSockets` will be initially configured to request client authentication.
`String`	`toString()` Returns the implementation address and implementation port of this socket as a `String`.

Inherited methods

From class


        
          java.net.ServerSocket

`Socket`	`accept()` Listens for a connection to be made to this socket and accepts it.
`void`	`bind(SocketAddress endpoint, int backlog)` Binds the `ServerSocket` to a specific address (IP address and port number).
`void`	`bind(SocketAddress endpoint)` Binds the `ServerSocket` to a specific address (IP address and port number).
`void`	`close()` Closes this socket.
`ServerSocketChannel`	`getChannel()` Returns the unique `ServerSocketChannel` object associated with this socket, if any.
`InetAddress`	`getInetAddress()` Returns the local address of this server socket.
`int`	`getLocalPort()` Returns the port number on which this socket is listening.
`SocketAddress`	`getLocalSocketAddress()` Returns the address of the endpoint this socket is bound to.
`<T> T`	`getOption(SocketOption<T> name)` Returns the value of a socket option.
`int`	`getReceiveBufferSize()` Gets the value of the `SO_RCVBUF` option for this `ServerSocket`, that is the proposed buffer size that will be used for Sockets accepted from this `ServerSocket`.
`boolean`	`getReuseAddress()` Tests if `SO_REUSEADDR` is enabled.
`int`	`getSoTimeout()` Retrieve setting for `SO_TIMEOUT`.
`final void`	`implAccept(Socket s)` Subclasses of ServerSocket use this method to override accept() to return their own subclass of socket.
`boolean`	`isBound()` Returns the binding state of the ServerSocket.
`boolean`	`isClosed()` Returns the closed state of the ServerSocket.
`<T> ServerSocket`	`setOption(SocketOption<T> name, T value)` Sets the value of a socket option.
`void`	`setPerformancePreferences(int connectionTime, int latency, int bandwidth)` Sets performance preferences for this ServerSocket.
`void`	`setReceiveBufferSize(int size)` Sets a default proposed value for the `SO_RCVBUF` option for sockets accepted from this `ServerSocket`.
`void`	`setReuseAddress(boolean on)` Enable/disable the `SO_REUSEADDR` socket option.
`void`	`setSoTimeout(int timeout)` Enable/disable `SO_TIMEOUT` with the specified timeout, in milliseconds.
`static void`	`setSocketFactory(SocketImplFactory fac)` Sets the server socket implementation factory for the application.
`Set<SocketOption<?>>`	`supportedOptions()` Returns a set of the socket options supported by this server socket.
`String`	`toString()` Returns the implementation address and implementation port of this socket as a `String`.

From class


        
          java.lang.Object

`Object`	`clone()` Creates and returns a copy of this object.
`boolean`	`equals(Object obj)` Indicates whether some other object is "equal to" this one.
`void`	`finalize()` Called by the garbage collector on an object when garbage collection determines that there are no more references to the object.
`final Class<?>`	`getClass()` Returns the runtime class of this `Object`.
`int`	`hashCode()` Returns a hash code value for the object.
`final void`	`notify()` Wakes up a single thread that is waiting on this object's monitor.
`final void`	`notifyAll()` Wakes up all threads that are waiting on this object's monitor.
`String`	`toString()` Returns a string representation of the object.
`final void`	`wait(long timeoutMillis, int nanos)` Causes the current thread to wait until it is awakened, typically by being notified or interrupted, or until a certain amount of real time has elapsed.
`final void`	`wait(long timeoutMillis)` Causes the current thread to wait until it is awakened, typically by being notified or interrupted, or until a certain amount of real time has elapsed.
`final void`	`wait()` Causes the current thread to wait until it is awakened, typically by being notified or interrupted.

From interface


        
          java.io.Closeable


      close()

Closes this stream and releases any system resources associated with it.

From interface


        
          java.lang.AutoCloseable


      close()

Closes this resource, relinquishing any underlying resources.

Protected constructors

SSLServerSocket

Added in API level 1

protected SSLServerSocket ()

Used only by subclasses.

Create an unbound TCP server socket using the default authentication context.

Throws
`IOException`	if an I/O error occurs when creating the socket

SSLServerSocket

Added in API level 1

protected SSLServerSocket (int port)

Used only by subclasses.

Create a TCP server socket on a port, using the default authentication context. The connection backlog defaults to fifty connections queued up before the system starts to reject new connection requests.

A port number of 0 creates a socket on any free port.

If there is a security manager, its checkListen method is called with the port argument as its argument to ensure the operation is allowed. This could result in a SecurityException.

Parameters
`port`	`int`: the port on which to listen

Throws
`IOException`	if an I/O error occurs when creating the socket
`SecurityException`	if a security manager exists and its `checkListen` method doesn't allow the operation.
`IllegalArgumentException`	if the port parameter is outside the specified range of valid port values, which is between 0 and 65535, inclusive.

See also:

SecurityManager.checkListen(int)

SSLServerSocket

Added in API level 1

protected SSLServerSocket (int port, 
                int backlog)

Used only by subclasses.

Create a TCP server socket on a port, using the default authentication context and a specified backlog of connections.

A port number of 0 creates a socket on any free port.

The backlog argument is the requested maximum number of pending connections on the socket. Its exact semantics are implementation specific. In particular, an implementation may impose a maximum length or may choose to ignore the parameter altogther. The value provided should be greater than 0. If it is less than or equal to 0, then an implementation specific default will be used.

If there is a security manager, its checkListen method is called with the port argument as its argument to ensure the operation is allowed. This could result in a SecurityException.

Parameters
`port`	`int`: the port on which to listen
`backlog`	`int`: requested maximum length of the queue of incoming connections.

Throws
`IOException`	if an I/O error occurs when creating the socket
`SecurityException`	if a security manager exists and its `checkListen` method doesn't allow the operation.
`IllegalArgumentException`	if the port parameter is outside the specified range of valid port values, which is between 0 and 65535, inclusive.

See also:

SecurityManager.checkListen(int)

SSLServerSocket

Added in API level 1

protected SSLServerSocket (int port, 
                int backlog, 
                InetAddress address)

Used only by subclasses.

Create a TCP server socket on a port, using the default authentication context and a specified backlog of connections as well as a particular specified network interface. This constructor is used on multihomed hosts, such as those used for firewalls or as routers, to control through which interface a network service is provided.

If there is a security manager, its checkListen method is called with the port argument as its argument to ensure the operation is allowed. This could result in a SecurityException.

A port number of 0 creates a socket on any free port.

If address is null, it will default accepting connections on any/all local addresses.

Parameters
`port`	`int`: the port on which to listen
`backlog`	`int`: requested maximum length of the queue of incoming connections.
`address`	`InetAddress`: the address of the network interface through which connections will be accepted

Throws
`IOException`	if an I/O error occurs when creating the socket
`SecurityException`	if a security manager exists and its `checkListen` method doesn't allow the operation.
`IllegalArgumentException`	if the port parameter is outside the specified range of valid port values, which is between 0 and 65535, inclusive.

See also:

SecurityManager.checkListen(int)

Public methods

getEnableSessionCreation

Added in API level 1

public abstract boolean getEnableSessionCreation ()

Returns true if new SSL sessions may be established by the sockets which are created from this server socket.

Returns
`boolean`	true indicates that sessions may be created; this is the default. false indicates that an existing session must be resumed

See also:

setEnableSessionCreation(boolean)

getEnabledCipherSuites

Added in API level 1

public abstract String[] getEnabledCipherSuites ()

Returns the list of cipher suites which are currently enabled for use by newly accepted connections.

If this list has not been explicitly modified, a system-provided default guarantees a minimum quality of service in all enabled cipher suites.

There are several reasons why an enabled cipher suite might not actually be used. For example: the server socket might not have appropriate private keys available to it or the cipher suite might be anonymous, precluding the use of client authentication, while the server socket has been told to require that sort of authentication.

Returns
`String[]`	an array of cipher suites enabled

See also:

getEnabledProtocols

Added in API level 1

public abstract String[] getEnabledProtocols ()

Returns the names of the protocols which are currently enabled for use by the newly accepted connections.

Returns
`String[]`	an array of protocol names

See also:

getNeedClientAuth

Added in API level 1

public abstract boolean getNeedClientAuth ()

Returns true if client authentication will be required on newly accepted server-mode SSLSockets.

The initial inherited setting may be overridden by calling SSLSocket#setNeedClientAuth(boolean) or SSLSocket#setWantClientAuth(boolean).

Returns
`boolean`	true if client authentication is required, or false if no client authentication is desired.

See also:

getSSLParameters

Added in API level 24

public SSLParameters getSSLParameters ()

Returns the SSLParameters in effect for newly accepted connections. The ciphersuites and protocols of the returned SSLParameters are always non-null.

Returns
`SSLParameters`	the SSLParameters in effect for newly accepted connections

See also:

setSSLParameters(SSLParameters)

getSupportedCipherSuites

Added in API level 1

public abstract String[] getSupportedCipherSuites ()

Returns the names of the cipher suites which could be enabled for use on an SSL connection.

Normally, only a subset of these will actually be enabled by default, since this list may include cipher suites which do not meet quality of service requirements for those defaults. Such cipher suites are useful in specialized applications.

Applications should not blindly enable all supported cipher suites. The supported cipher suites can include signaling cipher suite values that can cause connection problems if enabled inappropriately.

The proper way to use this method is to either check if a specific cipher suite is supported via Arrays.asList(getSupportedCipherSuites()).contains(...) or to filter a desired list of cipher suites to only the supported ones via desiredSuiteSet.retainAll(Arrays.asList(getSupportedCipherSuites())).

Returns
`String[]`	an array of cipher suite names

See also:

getSupportedProtocols

Added in API level 1

public abstract String[] getSupportedProtocols ()

Returns the names of the protocols which could be enabled for use.

Returns
`String[]`	an array of protocol names supported

See also:

getUseClientMode

Added in API level 1

public abstract boolean getUseClientMode ()

Returns true if accepted connections will be in SSL client mode.

Returns
`boolean`	true if the connection should use SSL client mode.

See also:

setUseClientMode(boolean)

getWantClientAuth

Added in API level 1

public abstract boolean getWantClientAuth ()

Returns true if client authentication will be requested on newly accepted server-mode connections.

The initial inherited setting may be overridden by calling SSLSocket#setNeedClientAuth(boolean) or SSLSocket#setWantClientAuth(boolean).

Returns
`boolean`	true if client authentication is requested, or false if no client authentication is desired.

See also:

setEnableSessionCreation

Added in API level 1

public abstract void setEnableSessionCreation (boolean flag)

Controls whether new SSL sessions may be established by the sockets which are created from this server socket.

SSLSockets returned from accept() inherit this setting.

Parameters
`flag`	`boolean`: true indicates that sessions may be created; this is the default. false indicates that an existing session must be resumed.

See also:

getEnableSessionCreation()

setEnabledCipherSuites

Added in API level 1

public abstract void setEnabledCipherSuites (String[] suites)

Sets the cipher suites enabled for use by accepted connections.

The cipher suites must have been listed by getSupportedCipherSuites() as being supported. Following a successful call to this method, only suites listed in the suites parameter are enabled for use.

Suites that require authentication information which is not available in this ServerSocket's authentication context will not be used in any case, even if they are enabled.

SSLSockets returned from accept() inherit this setting.

Parameters
`suites`	`String`: Names of all the cipher suites to enable

Throws
`IllegalArgumentException`	when one or more of ciphers named by the parameter is not supported, or when the parameter is null.

See also:

setEnabledProtocols

Added in API level 1

public abstract void setEnabledProtocols (String[] protocols)

Controls which particular protocols are enabled for use by accepted connections.

The protocols must have been listed by getSupportedProtocols() as being supported. Following a successful call to this method, only protocols listed in the protocols parameter are enabled for use.

Because of the way the protocol version is negotiated, connections will only be able to use a member of the lowest set of contiguous enabled protocol versions. For example, enabling TLSv1.2 and TLSv1 will result in connections only being able to use TLSv1.

SSLSockets returned from accept() inherit this setting.

Parameters
`protocols`	`String`: Names of all the protocols to enable.

Throws
`IllegalArgumentException`	when one or more of the protocols named by the parameter is not supported or when the protocols parameter is null.

See also:

setNeedClientAuth

Added in API level 1

public abstract void setNeedClientAuth (boolean need)

Controls whether accepted server-mode SSLSockets will be initially configured to require client authentication.

A socket's client authentication setting is one of the following:

client authentication required
client authentication requested
no client authentication desired

Unlike setWantClientAuth(boolean), if the accepted socket's option is set and the client chooses not to provide authentication information about itself, the negotiations will stop and the connection will be dropped.

Calling this method overrides any previous setting made by this method or setWantClientAuth(boolean).

The initial inherited setting may be overridden by calling SSLSocket#setNeedClientAuth(boolean) or SSLSocket#setWantClientAuth(boolean).

Parameters
`need`	`boolean`: set to true if client authentication is required, or false if no client authentication is desired.

See also:

setSSLParameters

Added in API level 24

public void setSSLParameters (SSLParameters params)

Applies SSLParameters to newly accepted connections.

This means:

If params.getCipherSuites() is non-null, setEnabledCipherSuites() is called with that value.
If params.getProtocols() is non-null, setEnabledProtocols() is called with that value.
If params.getNeedClientAuth() or params.getWantClientAuth() return true, setNeedClientAuth(true) and setWantClientAuth(true) are called, respectively; otherwise setWantClientAuth(false) is called.
If params.getServerNames() is non-null, the socket will configure its server names with that value.
If params.getSNIMatchers() is non-null, the socket will configure its SNI matchers with that value.

Parameters
`params`	`SSLParameters`: the parameters

Throws
`IllegalArgumentException`	if the setEnabledCipherSuites() or the setEnabledProtocols() call fails

See also:

getSSLParameters()

setUseClientMode

Added in API level 1

public abstract void setUseClientMode (boolean mode)

Controls whether accepted connections are in the (default) SSL server mode, or the SSL client mode.

Servers normally authenticate themselves, and clients are not required to do so.

In rare cases, TCP servers need to act in the SSL client mode on newly accepted connections. For example, FTP clients acquire server sockets and listen there for reverse connections from the server. An FTP client would use an SSLServerSocket in "client" mode to accept the reverse connection while the FTP server uses an SSLSocket with "client" mode disabled to initiate the connection. During the resulting handshake, existing SSL sessions may be reused.

SSLSockets returned from accept() inherit this setting.

Parameters
`mode`	`boolean`: true if newly accepted connections should use SSL client mode.

See also:

getUseClientMode()

setWantClientAuth

Added in API level 1

public abstract void setWantClientAuth (boolean want)

Controls whether accepted server-mode SSLSockets will be initially configured to request client authentication.

A socket's client authentication setting is one of the following:

client authentication required
client authentication requested
no client authentication desired

Unlike setNeedClientAuth(boolean), if the accepted socket's option is set and the client chooses not to provide authentication information about itself, the negotiations will continue.

Calling this method overrides any previous setting made by this method or setNeedClientAuth(boolean).

The initial inherited setting may be overridden by calling SSLSocket#setNeedClientAuth(boolean) or SSLSocket#setWantClientAuth(boolean).

Parameters
`want`	`boolean`: set to true if client authentication is requested, or false if no client authentication is desired.

See also:

toString

Added in API level 1

public String toString ()

Returns the implementation address and implementation port of this socket as a String.

If there is a security manager set, its checkConnect method is called with the local address and -1 as its arguments to see if the operation is allowed. If the operation is not allowed, an InetAddress representing the loopback address is returned as the implementation address.

Returns
`String`	a string representation of this socket.