Package apple.security.enums
Class SSLSessionOption
- java.lang.Object
-
- apple.security.enums.SSLSessionOption
-
public final class SSLSessionOption extends java.lang.ObjectSSL session options
-
-
Field Summary
Fields Modifier and Type Field Description static intAllowRenegotiationSet this option to Allow renegotations.static intAllowServerIdentityChangeAllow/Disallow server identity change on renegotiation.static intBreakOnCertRequestedSet this option to enable returning from SSLHandshake (with a result of errSSLClientCertRequested) when the server requests a client certificate.static intBreakOnClientAuthThis option is the same as kSSLSessionOptionBreakOnServerAuth but applies to the case where SecureTransport is the server and the client has presented its certificates allowing the server to verify whether these should be allowed to authenticate.static intBreakOnClientHelloSet this option to break from a client hello in order to check for SNIstatic intBreakOnServerAuthSet this option to enable returning from SSLHandshake (with a result of errSSLServerAuthCompleted) when the server authentication portion of the handshake is complete.static intEnableSessionTicketsSet this option to enable session tickets.static intFallbackEnable fallback countermeasures.static intFalseStartEnable/Disable TLS False Start When enabled, False Start will only be performed if a adequate cipher-suite is negotiated.static intSendOneByteRecordEnable/Disable 1/n-1 record splitting for BEAST attack mitigation.
-
-
-
Field Detail
-
BreakOnServerAuth
public static final int BreakOnServerAuth
Set this option to enable returning from SSLHandshake (with a result of errSSLServerAuthCompleted) when the server authentication portion of the handshake is complete. This disable certificate verification and provides an opportunity to perform application-specific server verification before deciding to continue.- See Also:
- Constant Field Values
-
BreakOnCertRequested
public static final int BreakOnCertRequested
Set this option to enable returning from SSLHandshake (with a result of errSSLClientCertRequested) when the server requests a client certificate.- See Also:
- Constant Field Values
-
BreakOnClientAuth
public static final int BreakOnClientAuth
This option is the same as kSSLSessionOptionBreakOnServerAuth but applies to the case where SecureTransport is the server and the client has presented its certificates allowing the server to verify whether these should be allowed to authenticate.- See Also:
- Constant Field Values
-
FalseStart
public static final int FalseStart
Enable/Disable TLS False Start When enabled, False Start will only be performed if a adequate cipher-suite is negotiated.- See Also:
- Constant Field Values
-
SendOneByteRecord
public static final int SendOneByteRecord
Enable/Disable 1/n-1 record splitting for BEAST attack mitigation. When enabled, record splitting will only be performed for TLS 1.0 connections using a block cipher.- See Also:
- Constant Field Values
-
AllowServerIdentityChange
public static final int AllowServerIdentityChange
Allow/Disallow server identity change on renegotiation. Disallow by default to avoid Triple Handshake attack.- See Also:
- Constant Field Values
-
Fallback
public static final int Fallback
Enable fallback countermeasures. Use this option when retyring a SSL connection with a lower protocol version because of failure to connect.- See Also:
- Constant Field Values
-
BreakOnClientHello
public static final int BreakOnClientHello
Set this option to break from a client hello in order to check for SNI- See Also:
- Constant Field Values
-
AllowRenegotiation
public static final int AllowRenegotiation
Set this option to Allow renegotations. False by default.- See Also:
- Constant Field Values
-
EnableSessionTickets
public static final int EnableSessionTickets
Set this option to enable session tickets. False by default.- See Also:
- Constant Field Values
-
-