ipworksssl
Class Ipdaemons

java.lang.Object
  ipworksssl.Ipdaemons

public class Ipdaemons
extends java.lang.Object

The IPDaemonS Bean is a generic TCP server component based on an asynchronous, event-driven architecture. It is designed to balance the load between connections for a fast, powerful server.

The IPDaemonS Bean is the SSL-enabled equivalent of the IP*Works! IPDaemon Bean. The main difference is the introduction of a set of new properties and events that deal with SSL security. The ipworksssl.Ipdaemons#config and {@link ipworksssl.Ipdaemons#config configuration settings determine which protocols are enabled and at what security level. The SSLCert properties are used to select a certificate for the server (please note that a valid certificate MUST be selected before the server can function). The {@link ipworksssl.Ipdaemons#isSSLAuthenticateClients SSLAuthenticateClients} property together with {@link ipworksssl.IpdaemonsSSLClientAuthenticationEvent SSLClientAuthentication} event allow you to use digital certificates for client authentication. Finally, the {@link ipworksssl.IpdaemonsSSLStatusEvent SSLStatus} event provides information about the SSL handshake.

IPDaemonS is the server complement of IPPortS (which is used to create client applications). They share a common design philosophy and interface. We expect you will find IPDaemonS as easy to use as IPPortS.

By default, each instance of IPDaemonS can handle up to 1,000 simultaneous incoming connections (this number may be increased up to 100,000 or decreased to a lower value by using the {@link ipworksssl.Ipdaemons#config configuration setting).

The connections are identified by a ConnectionId , an id generated by the component to identify each connection. This id is unique to each connection. IPDaemon's events also have ConnectionId as a parameter to identify the connection they relate to.

Our main goal in designing IPDaemonS was to make it easy to use without sacrificing performance. The bean has a minimum of properties, and six events: {@link ipworksssl.IpdaemonsConnectionRequestEvent ConnectionRequest} , {@link ipworksssl.IpdaemonsConnectedEvent Connected} , {@link ipworksssl.IpdaemonsDataInEvent DataIn} , {@link ipworksssl.IpdaemonsDisconnectedEvent Disconnected} , {@link ipworksssl.IpdaemonsReadyToSendEvent ReadyToSend} , and {@link ipworksssl.IpdaemonsErrorEvent Error} .

IPDaemonS can start to listen on a port by setting the {@link ipworksssl.Ipdaemons#isListening Listening} property to True. When a remote host asks for a connection, the {@link ipworksssl.IpdaemonsConnectionRequestEvent ConnectionRequest} event is fired. At that point, the connection can either be accepted or rejected. If the connection is accepted, a ConnectionId is assigned, and communication can start. From this point on, the operation is very similar to IPPort. Data is sent by assigning the data string to the {@link ipworksssl.Ipdaemons#getDataToSend DataToSend} property. The address and port of the incoming connection can be found by querying the {@link ipworksssl.Ipdaemons#getRemoteHost RemoteHost} and {@link ipworksssl.Ipdaemons#getRemotePort RemotePort} properties.

Field Summary

static int	sslAutomatic
static int	sslExplicit
static int	sslImplicit
static int	sslNone

Constructor Summary

Ipdaemons()
Creates an instance of Ipdaemons Bean.

Ipdaemons(java.lang.String runtimeLicense)
Creates an instance of Ipdaemons Bean with specified run-time license.

Method Summary

void	addIpdaemonsEventListener(IpdaemonsEventListener l)
java.lang.String	config(java.lang.String configurationString) Sets or retrieves a {@link ipworksssl.Ipdaemons#config configuration setting.
void	disconnect(java.lang.String connectionId) Disconnect the specified client.
void	doEvents() Processes events from the internal message queue.
int	getConnectionBacklog() The maximum number of pending connections maintained by the TCP/IP subsystem.
ConnectionMap	getConnections() A collection of currently connected clients.
byte[]	getDefaultEOL() A default EOL value to be used by incoming connections.
int	getDefaultMaxLineLength() The default maximum line length value for inbound connections.
int	getDefaultTimeout() An initial timeout value to be used by incoming connections.
java.lang.String	getLocalHost() The name of the local host or user-assigned IP interface through which connections are initiated or accepted.
int	getLocalPort() The TCP port in the local host where the bean listens.
Certificate	getSSLCert() The certificate to be used during SSL negotiation.
int	getSSLStartMode() Determines how the bean starts the SSL negotiation.
void	interrupt(java.lang.String connectionId) Interrupts a synchronous send to the remote host.
boolean	isDefaultSingleLineMode() Tells the bean whether or not to treat new connections as line-oriented.
boolean	isKeepAlive() When True, KEEPALIVE packets are enabled (for long connections).
boolean	isLinger() When set to True, connections are terminated gracefully.
boolean	isListening() If True, the bean accepts incoming connections on LocalPort.
boolean	isSSLAuthenticateClients() If true, the server asks the client(s) for a certificate.
void	removeIpdaemonsEventListener(IpdaemonsEventListener l)
void	send(java.lang.String connectionId, byte[] text) Sends data to the remote host.
void	sendFile(java.lang.String connectionId, java.lang.String fileName) Send file to the remote host.
void	sendLine(java.lang.String connectionId, java.lang.String text) Sends a string followed by a newline.
void	setConnectionBacklog(int connectionBacklog) The maximum number of pending connections maintained by the TCP/IP subsystem.
void	setDefaultEOL(byte[] defaultEOL) A default EOL value to be used by incoming connections.
void	setDefaultMaxLineLength(int defaultMaxLineLength) The default maximum line length value for inbound connections.
void	setDefaultSingleLineMode(boolean defaultSingleLineMode) Tells the bean whether or not to treat new connections as line-oriented.
void	setDefaultTimeout(int defaultTimeout) An initial timeout value to be used by incoming connections.
void	setKeepAlive(boolean keepAlive) When True, KEEPALIVE packets are enabled (for long connections).
void	setLinger(boolean linger) When set to True, connections are terminated gracefully.
void	setListening(boolean listening) If True, the bean accepts incoming connections on LocalPort.
void	setLocalHost(java.lang.String localHost) The name of the local host or user-assigned IP interface through which connections are initiated or accepted.
void	setLocalPort(int localPort) The TCP port in the local host where the bean listens.
void	setSSLAuthenticateClients(boolean SSLAuthenticateClients) If true, the server asks the client(s) for a certificate.
void	setSSLCert(Certificate SSLCert) The certificate to be used during SSL negotiation.
void	setSSLStartMode(int SSLStartMode) Determines how the bean starts the SSL negotiation.
void	shutdown() Shuts down the server.
void	startSSL(java.lang.String connectionId) Starts SSL negotiation on a connection.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Detail

sslAutomatic

public static final int sslAutomatic

See Also:

Constant Field Values

sslImplicit

public static final int sslImplicit

See Also:

Constant Field Values

sslExplicit

public static final int sslExplicit

See Also:

Constant Field Values

sslNone

public static final int sslNone

See Also:

Constant Field Values

Constructor Detail

Ipdaemons

public Ipdaemons()

Creates an instance of Ipdaemons Bean.

Ipdaemons

public Ipdaemons(java.lang.String runtimeLicense)

Creates an instance of Ipdaemons Bean with specified run-time license.

Method Detail

getConnectionBacklog

public int getConnectionBacklog()

The maximum number of pending connections maintained by the TCP/IP subsystem.

This property contains the maximum number of pending connections maintained by the TCP/IP subsystem. This value reflects the SOMAXCON option for the main listening socket. The default value for most systems is 5. You may set this property to a larger value if the server is expected to receive a large number of connections, and queuing them is desirable.

setConnectionBacklog

public void setConnectionBacklog(int connectionBacklog)
                          throws IPWorksSSLException

The maximum number of pending connections maintained by the TCP/IP subsystem.

This property contains the maximum number of pending connections maintained by the TCP/IP subsystem. This value reflects the SOMAXCON option for the main listening socket. The default value for most systems is 5. You may set this property to a larger value if the server is expected to receive a large number of connections, and queuing them is desirable.

Throws:

IPWorksSSLException

getConnections

public ConnectionMap getConnections()

A collection of currently connected clients.

This property contains a collection of currently connected clients. All of the connections may be managed using this property. Each connection is described by the different fields of the connection type.

This collection is a hashtable type of collection, in which the Connection ID string is used as the key to the desired connection. You may acquire the key for a given connection through the Connected event.

Example (Broadcasting Data)

 Iterator keys = ipdaemon1.getConnections().keySet().iterator();
 while (keys.hasNext()) {
   Connection c = (Connection) ipdaemon1.getConnections().get(keys.next());
   c.setDataToSend("Broadcast Data");
 } 

getDefaultEOL

public byte[] getDefaultEOL()

A default EOL value to be used by incoming connections.

This property contains a default End Of Line (EOL) value to be used by incoming connections. Once the bean accepts and establishes an inbound connection, it will set that connection's EOL to the value in this property. By default, this value is empty (""), meaning that data will be fired as it is received.

setDefaultEOL

public void setDefaultEOL(byte[] defaultEOL)
                   throws IPWorksSSLException

A default EOL value to be used by incoming connections.

This property contains a default End Of Line (EOL) value to be used by incoming connections. Once the bean accepts and establishes an inbound connection, it will set that connection's EOL to the value in this property. By default, this value is empty (""), meaning that data will be fired as it is received.

Throws:

IPWorksSSLException

getDefaultMaxLineLength

public int getDefaultMaxLineLength()

The default maximum line length value for inbound connections.

This property controls the default size of an internal buffer which holds received data while waiting for an end-of-line (EOL) string.

The minimum value for this property is 256 bytes. The default value is 2048 bytes. The maximum value is 65536 bytes.

setDefaultMaxLineLength

public void setDefaultMaxLineLength(int defaultMaxLineLength)
                             throws IPWorksSSLException

The default maximum line length value for inbound connections.

This property controls the default size of an internal buffer which holds received data while waiting for an end-of-line (EOL) string.

The minimum value for this property is 256 bytes. The default value is 2048 bytes. The maximum value is 65536 bytes.

Throws:

IPWorksSSLException

isDefaultSingleLineMode

public boolean isDefaultSingleLineMode()

Tells the bean whether or not to treat new connections as line-oriented.

This property instructs the component whether or not to treat newly established connections as line-oriented protocols. If this value is True, newly accepted connections will read the incoming data stream as lines separated by CRLF, CR, or LF, and will ignore the end of lines (EOLs).

setDefaultSingleLineMode

public void setDefaultSingleLineMode(boolean defaultSingleLineMode)
                              throws IPWorksSSLException

Tells the bean whether or not to treat new connections as line-oriented.

This property instructs the component whether or not to treat newly established connections as line-oriented protocols. If this value is True, newly accepted connections will read the incoming data stream as lines separated by CRLF, CR, or LF, and will ignore the end of lines (EOLs).

Throws:

IPWorksSSLException

getDefaultTimeout

public int getDefaultTimeout()

An initial timeout value to be used by incoming connections.

This property is used by the bean to set the operational timeout value of all inbound connections once they are established. By default, the timeout is 0. If the Timeout property is set to 0, all operations will run uninterrupted until successful completion or an error condition is encountered.

setDefaultTimeout

public void setDefaultTimeout(int defaultTimeout)
                       throws IPWorksSSLException

An initial timeout value to be used by incoming connections.

This property is used by the bean to set the operational timeout value of all inbound connections once they are established. By default, the timeout is 0. If the Timeout property is set to 0, all operations will run uninterrupted until successful completion or an error condition is encountered.

Throws:

IPWorksSSLException

isKeepAlive

public boolean isKeepAlive()

When True, KEEPALIVE packets are enabled (for long connections).

This property enables the SO_KEEPALIVE option on the incoming connections. This option prevents long connections from timing out in case of inactivity.

Please note that system TCP/IP stack implementations are not required to support SO_KEEPALIVE.

This property is shared among incoming connections. When the property is set, the corresponding value is set for incoming connections as they are accepted. Existing connections are not modified.

setKeepAlive

public void setKeepAlive(boolean keepAlive)
                  throws IPWorksSSLException

When True, KEEPALIVE packets are enabled (for long connections).

This property enables the SO_KEEPALIVE option on the incoming connections. This option prevents long connections from timing out in case of inactivity.

Please note that system TCP/IP stack implementations are not required to support SO_KEEPALIVE.

This property is shared among incoming connections. When the property is set, the corresponding value is set for incoming connections as they are accepted. Existing connections are not modified.

Throws:

IPWorksSSLException

isLinger

public boolean isLinger()

When set to True, connections are terminated gracefully.

This property controls how a connection is closed. The default is True. In this case the connection is closed only after all the data is sent. Setting it to False forces an abrupt (hard) disconnection. Any data that was in the sending queue may be lost.

The default behavior (which is also the default mode for stream sockets) might result in an indefinite delay in closing the connection. Although the bean returns control immediately, the system might indefinitely hold system resources until all pending data is sent (even after your application closes). This means that valuable system resources might be wasted.

Setting this property to False forces an immediate disconnection. If you know that the other side has received all the data you have sent (by a client acknowledgment, for example), setting this property to False might be the appropriate course of action.

This property is shared among incoming connections. When the property is set, the corresponding value is set for incoming connections as they are accepted. Existing connections are not modified.

setLinger

public void setLinger(boolean linger)
               throws IPWorksSSLException

When set to True, connections are terminated gracefully.

This property controls how a connection is closed. The default is True. In this case the connection is closed only after all the data is sent. Setting it to False forces an abrupt (hard) disconnection. Any data that was in the sending queue may be lost.

The default behavior (which is also the default mode for stream sockets) might result in an indefinite delay in closing the connection. Although the bean returns control immediately, the system might indefinitely hold system resources until all pending data is sent (even after your application closes). This means that valuable system resources might be wasted.

Setting this property to False forces an immediate disconnection. If you know that the other side has received all the data you have sent (by a client acknowledgment, for example), setting this property to False might be the appropriate course of action.

This property is shared among incoming connections. When the property is set, the corresponding value is set for incoming connections as they are accepted. Existing connections are not modified.

Throws:

IPWorksSSLException

isListening

public boolean isListening()

If True, the bean accepts incoming connections on LocalPort.

Use this property to make the bean 'listen' (accept connections) on the port specified by the LocalPort property. Setting this property to False will make the bean stop listening. (Please note that this does not close any existing connections).

setListening

public void setListening(boolean listening)
                  throws IPWorksSSLException

If True, the bean accepts incoming connections on LocalPort.

Use this property to make the bean 'listen' (accept connections) on the port specified by the LocalPort property. Setting this property to False will make the bean stop listening. (Please note that this does not close any existing connections).

Throws:

IPWorksSSLException

getLocalHost

public java.lang.String getLocalHost()

The name of the local host or user-assigned IP interface through which connections are initiated or accepted.

The LocalHost property contains the name of the local host as obtained by the gethostname() system call, or if the user has assigned an IP address, the value of that address.

In multi-homed hosts (machines with more than one IP interface) setting LocalHost to the value of an interface will make the bean initiate connections (or accept in the case of server beans) only through that interface.

If the bean is connected, the LocalHost property shows the IP address of the interface through which the connection is made in internet dotted format (aaa.bbb.ccc.ddd). In most cases, this is the address of the local host, except for multi-homed hosts (machines with more than one IP interface).

NOTE: LocalHost is not persistent. You must always set it in code, and never in the property window.

setLocalHost

public void setLocalHost(java.lang.String localHost)
                  throws IPWorksSSLException

The name of the local host or user-assigned IP interface through which connections are initiated or accepted.

The LocalHost property contains the name of the local host as obtained by the gethostname() system call, or if the user has assigned an IP address, the value of that address.

In multi-homed hosts (machines with more than one IP interface) setting LocalHost to the value of an interface will make the bean initiate connections (or accept in the case of server beans) only through that interface.

If the bean is connected, the LocalHost property shows the IP address of the interface through which the connection is made in internet dotted format (aaa.bbb.ccc.ddd). In most cases, this is the address of the local host, except for multi-homed hosts (machines with more than one IP interface).

NOTE: LocalHost is not persistent. You must always set it in code, and never in the property window.

Throws:

IPWorksSSLException

getLocalPort

public int getLocalPort()

The TCP port in the local host where the bean listens.

This property must be set before the bean can start listening. If its value is 0, then the TCP/IP subsystem picks a port number at random. The port number can be found by checking the value of this property after the bean is listening (ie. after successfully assigning True to the Listening property).

The service port is not shared among servers so two beans cannot be listening on the same port at the same time.

setLocalPort

public void setLocalPort(int localPort)
                  throws IPWorksSSLException

The TCP port in the local host where the bean listens.

This property must be set before the bean can start listening. If its value is 0, then the TCP/IP subsystem picks a port number at random. The port number can be found by checking the value of this property after the bean is listening (ie. after successfully assigning True to the Listening property).

The service port is not shared among servers so two beans cannot be listening on the same port at the same time.

Throws:

IPWorksSSLException

isSSLAuthenticateClients

public boolean isSSLAuthenticateClients()

If true, the server asks the client(s) for a certificate.

This property is used in conjunction with the SSLClientAuthentication event. Please refer to the documentation of the SSLClientAuthentication event for details.

setSSLAuthenticateClients

public void setSSLAuthenticateClients(boolean SSLAuthenticateClients)
                               throws IPWorksSSLException

If true, the server asks the client(s) for a certificate.

This property is used in conjunction with the SSLClientAuthentication event. Please refer to the documentation of the SSLClientAuthentication event for details.

Throws:

IPWorksSSLException

getSSLCert

public Certificate getSSLCert()

The certificate to be used during SSL negotiation.

The digital certificate that the bean will use during SSL negotiation. Set this property to a valid certificate before starting SSL negotiation. To set a certificate, you may set the Encoded field to the encoded certificate. To select a certificate, use the store and subject fields.

setSSLCert

public void setSSLCert(Certificate SSLCert)
                throws IPWorksSSLException

The certificate to be used during SSL negotiation.

The digital certificate that the bean will use during SSL negotiation. Set this property to a valid certificate before starting SSL negotiation. To set a certificate, you may set the Encoded field to the encoded certificate. To select a certificate, use the store and subject fields.

Throws:

IPWorksSSLException

getSSLStartMode

public int getSSLStartMode()

Determines how the bean starts the SSL negotiation.

The SSLStartMode property may have one of the following values:

0 (sslAutomatic - default)

If the remote port is set to the standard plaintext port of the protocol (where applicable), the bean will behave the same as if SSLStartMode is set to sslExplicit . In all other cases, SSL negotiation will be implicit ( sslImplicit ).

1 (sslImplicit)

The SSL negotiation will start immediately after the connection is established.

2 (sslExplicit)

The bean will first connect in plaintext, and then explicitly start SSL negotiation through a protocol command such as STARTTLS.

3 (sslNone)

No SSL negotiation, no SSL security. All communication will be in plaintext mode.

setSSLStartMode

public void setSSLStartMode(int SSLStartMode)
                     throws IPWorksSSLException

Determines how the bean starts the SSL negotiation.

The SSLStartMode property may have one of the following values:

0 (sslAutomatic - default)

If the remote port is set to the standard plaintext port of the protocol (where applicable), the bean will behave the same as if SSLStartMode is set to sslExplicit . In all other cases, SSL negotiation will be implicit ( sslImplicit ).

1 (sslImplicit)

The SSL negotiation will start immediately after the connection is established.

2 (sslExplicit)

The bean will first connect in plaintext, and then explicitly start SSL negotiation through a protocol command such as STARTTLS.

3 (sslNone)

No SSL negotiation, no SSL security. All communication will be in plaintext mode.

Throws:

IPWorksSSLException

config

public java.lang.String config(java.lang.String configurationString)
                        throws IPWorksSSLException

Sets or retrieves a ipworksssl.Ipdaemons#config configuration setting.

{@link ipworksssl.Ipdaemons#config Config} is a generic method available in every bean. It is used to set and retrieve {@link ipworksssl.Ipdaemons#config configuration settingsfor the bean.

These settings are similar in functionality to properties, but they are rarely used. In order to avoid "polluting" the property namespace of the bean, access to these internal properties is provided through the {@link ipworksssl.Ipdaemons#config Config} method.

To set a configuration setting named PROPERTY , you must call Config("PROPERTY=VALUE") , where VALUE is the value of the setting expressed as a string. For boolean values, use the strings "True", "False", "0", "1", "Yes", or "No" (case does not matter).

To read (query) the value of a {@link ipworksssl.Ipdaemons#config configuration setting, you must call Config("PROPERTY") . The value will be returned as a string.

The bean accepts one or more of the following configuration settings . Configuration settings are similar in functionality to properties, but they are rarely used. In order to avoid "polluting" the property namespace of the bean, access to these internal properties is provided through the {@link ipworksssl.Ipdaemons#config Config} method.

IPDaemon Configuration Settings

BindExclusively

Whether or not the component considers a local port reserved for exclusive use

If this is true (default), the component will bind to the local port with the ExclusiveAddressUse option set, meaning that nothing else can bind to the same port. Also the component will not be able to bind to local ports that are already in use by some other instance and attempts to do so will result in failure.

InBufferSize

The size in bytes of the incoming queue of the socket

This is the size of an internal queue in the TCP/IP stack. You can increase or decrease its size depending on the amount of data that you will be receiving. Increasing the value of the InBufferSize setting can provide significant improvements in performance in some cases.Some TCP/IP implementations do not support variable buffer sizes. If that is the case, when the bean is activated the InBufferSize reverts to its defined size. The same happens if you attempt to make it too large or too small.

InBufferSize is shared among incoming connections. When the property is set, the corresponding value is set for incoming connections as they are accepted. Existing connections are not modified.

MaxConnections

The maximum number of connections available

The maximum number of connections available. This property must be set before {@link ipworksssl.Ipdaemons#isListening Listening} is set to True, and once set, it can no longer be changed for the current instance of the bean. The maximum value for this setting is 100,000 connections.

OutBufferSize

The size in bytes of the outgoing queue of the socket

This is the size of an internal queue in the TCP/IP stack. You can increase or decrease its size depending on the amount of data that you will be sending. Increasing the value of the OutBufferSize setting can provide significant improvements in performance in some cases.Some TCP/IP implementations do not support variable buffer sizes. If that is the case, when the bean is activated the OutBufferSize reverts to its defined size. The same happens if you attempt to make it too large or too small.

OutBufferSize is shared among incoming connections. When the property is set, the corresponding value is set for incoming connections as they are accepted. Existing connections are not modified.

KeepAliveTime

The inactivity time in milliseconds before a TCP keep-alive packet is sent

By default the operating system will determine the time a connection is idle before a TCP keep-alive packet is sent. This system default if this value is not specified here is 2 hours. In many cases a shorter interval is more useful. Set this value to the desired interval in milliseconds. This setting is applicable to all connections.Note: This value is not applicable in Java.

KeepAliveInterval

The retry interval, in milliseconds, to be used when a TCP keep-alive packet is sent and no response is received

A TCP keep-alive packet will be sent after a period of inactivity as defined by {@link ipworksssl.Ipdaemons#config . If no acknowledgement is received from the remote host the keep-alive packet will be re-sent. This setting specifies the interval at which the successive keep-alive packets are sent in milliseconds. This system default if this value is not specified here is 1 second. This setting is applicable to all connections.Note: This value is not applicable in Java or MAC.

TcpNoDelay

Whether or not to delay when sending packets

When true, the socket will send all data that is ready to send at once. When false, the socket will send smaller buffered packets of data at small intervals. This is known as the Nagle algorithm.By default, this config is set to false.

CloseStreamAfterTransfer

If true, the component will close the upload or download stream after the transfer

This setting determines whether the input or output stream is closed after the transfer completes. When set to True (default), all streams will be closed after a transfer is completed. In order to keep streams open after the transfer of data, set this to False. the default value is True.

SSL Configuration Settings

ReuseSSLSession

Determines if the SSL session is reused

If set to true, the component will reuse the context if and only if the following criteria are met:

• The target host name is the same.
• The system cache entry has not expired (default timeout is 10 hours).
• The application process that calls the function is the same.
• The logon session is the same.
• The instance of the component is the same.

SSLCipherStrength

The minimum cipher strength used for bulk encryption

This minimum cipher strength largely dependent on the security modules installed on the system. If the cipher strength specified is not supported, an error will be returned when connections are initiated.Please note that this setting contains the minimum cipher strength requested from the security library. The actual cipher strength used for the connection is shown by the {@link ipworksssl.IpdaemonsSSLStatusEvent SSLStatus} event.

Use this setting with caution. Requesting a lower cipher strength than necessary could potentially cause serious security vulnerabilities in your application.

When the provider is OpenSSL, SSLCipherStrength is currently not supported. This functionality is instead made available through the {@link ipworksssl.Ipdaemons#config config setting.

SSLEnabledProtocols

Used to enable/disable the supported security protocols

Used to enable/disable the supported security protocols.Not all supported protocols are enabled by default (the value of this setting is 192). If you want more granular control over the enabled protocols, you can set this property to the binary 'OR' of one or more of the following values:

TLS1.2

3072 (Hex C00)

TLS1.1

768 (Hex 300)

TLS1

192 (Hex C0) (Default)

SSL3

48 (Hex 30)

SSL2

12 (Hex 0C)

Please note that although a number of sites still support SSL2, it is usually a good idea to disable it because of potential security vulnerabilities.

When the provider is OpenSSL, SSLCipherStrength is currently not supported. This functionality is instead made available through the {@link ipworksssl.Ipdaemons#config config setting.

TLS 1.1 and TLS1.2 support are only available starting with Windows 7.

SSLProvider

The name of the security provider to use

Change this setting to use security providers other than the system default.Use this setting with caution. Disabling SSL security or pointing to the wrong provider could potentially cause serious security vulnerabilities in your application.

The special value "*" (default) picks the default SSL provider defined in the system.

Note: On Windows systems, the default SSL Provider is "Microsoft Unified Security Protocol Provider" and cannot be changed.

SSLSecurityFlags

Flags that control certificate verification

The following flags are defined (specified in hexadecimal notation). They can be or-ed together to exclude multiple conditions:

0x00000001

Ignore time validity status of certificate.

0x00000002

Ignore time validity status of CTL.

0x00000004

Ignore non-nested certificate times.

0x00000010

Allow unknown Certificate Authority.

0x00000020

Ignore wrong certificate usage.

0x00000100

Ignore unknown certificate revocation status.

0x00000200

Ignore unknown CTL signer revocation status.

0x00000400

Ignore unknown Certificate Authority revocation status.

0x00000800

Ignore unknown Root revocation status.

0x00008000

Allow test Root certificate.

0x00004000

Trust test Root certificate.

0x80000000

Ignore non-matching CN (certificate CN not-matching server name).

This functionality is currently not available in Java or when the provider is OpenSSL.

SSLContextProtocol

The protocol used when getting an SSLContext instance

Possible values are SSL, SSLv2, SSLv3, TLS and TLSv1. Use it only in case your security provider does not support TLS. This is the parameter "protocol" inside the SSLContext.getInstance(protocol) call.

SSLTrustManagerFactoryAlgorithm

The algorithm to be used to create a TrustManager through TrustManagerFactory

Possible values include SunX509. This is the parameter "algorithm" inside the TrustManagerFactory.getInstance(algorithm) call.

SSLEnabledCipherSuites

The cipher suite to be used in an SSL negotiation

The enabled cipher suites to be used in SSL negotiation.By default, the enabled cipher suites will include all available ciphers ("*").

The special value "*" means that the component will pick all of the supported cipher suites. If SSLEnabledCipherSuites is set to any other value, only the specified cipher suites will be considered.

Multiple cipher suites are separated by semicolons.

Example values:

 obj.config("SSLEnabledCipherSuites=*");
 obj.config("SSLEnabledCipherSuites=SSL_RSA_WITH_RC4_128_SHA");
 obj.config("SSLEnabledCipherSuites=SSL_RSA_WITH_RC4_128_SHA; SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA"); 

Possible values include:

• SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA
• SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA
• SSL_RSA_WITH_RC4_128_SHA
• SSL_RSA_WITH_DES_CBC_SHA
• SSL_RSA_EXPORT_WITH_DES40_CBC_SHA
• SSL_DH_anon_WITH_DES_CBC_SHA
• SSL_RSA_EXPORT_WITH_RC4_40_MD5
• SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA
• SSL_DH_anon_EXPORT_WITH_RC4_40_MD5
• SSL_DHE_DSS_WITH_DES_CBC_SHA
• SSL_RSA_WITH_NULL_MD5
• SSL_DH_anon_WITH_3DES_EDE_CBC_SHA
• SSL_DHE_RSA_WITH_DES_CBC_SHA
• SSL_DH_anon_EXPORT_WITH_DES40_CBC_SHA
• SSL_RSA_WITH_NULL_SHA
• SSL_DH_anon_WITH_RC4_128_MD5
• SSL_RSA_WITH_RC4_128_MD5
• SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA
• SSL_RSA_WITH_3DES_EDE_CBC_SHA
• TLS_ECDH_ECDSA_WITH_NULL_SHA
• TLS_DH_anon_WITH_AES_128_CBC_SHA256
• TLS_ECDH_anon_WITH_RC4_128_SHA
• TLS_DH_anon_WITH_AES_128_CBC_SHA
• TLS_DHE_RSA_WITH_AES_128_CBC_SHA
• TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA
• TLS_KRB5_WITH_3DES_EDE_CBC_SHA
• TLS_DHE_DSS_WITH_AES_128_CBC_SHA256
• TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA
• TLS_DHE_RSA_WITH_AES_128_CBC_SHA256
• TLS_KRB5_EXPORT_WITH_RC4_40_SHA
• TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256
• TLS_ECDHE_RSA_WITH_RC4_128_SHA
• TLS_ECDH_ECDSA_WITH_RC4_128_SHA
• TLS_ECDH_anon_WITH_NULL_SHA
• TLS_ECDHE_ECDSA_WITH_RC4_128_SHA
• TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
• TLS_RSA_WITH_NULL_SHA256
• TLS_ECDH_anon_WITH_3DES_EDE_CBC_SHA
• TLS_KRB5_WITH_RC4_128_MD5
• TLS_ECDHE_ECDSA_WITH_NULL_SHA
• TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA
• TLS_ECDH_RSA_WITH_RC4_128_SHA
• TLS_EMPTY_RENEGOTIATION_INFO_SCSV
• TLS_KRB5_WITH_3DES_EDE_CBC_MD5
• TLS_KRB5_WITH_RC4_128_SHA
• TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA
• TLS_ECDH_RSA_WITH_NULL_SHA
• TLS_ECDH_RSA_WITH_AES_128_CBC_SHA
• TLS_KRB5_WITH_DES_CBC_MD5
• TLS_KRB5_EXPORT_WITH_RC4_40_MD5
• TLS_KRB5_EXPORT_WITH_DES_CBC_40_MD5
• TLS_ECDH_anon_WITH_AES_128_CBC_SHA
• TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA
• TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
• TLS_KRB5_WITH_DES_CBC_SHA
• TLS_RSA_WITH_AES_128_CBC_SHA
• TLS_KRB5_EXPORT_WITH_DES_CBC_40_SHA
• TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256
• TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256
• TLS_ECDHE_RSA_WITH_NULL_SHA
• TLS_RSA_WITH_AES_128_CBC_SHA256
• TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA
• TLS_DHE_DSS_WITH_AES_128_CBC_SHA

SSLEnabledCipherSuites is used together with SSLCipherStrength .

Note: This configuration setting is available only in .NET and Java.

SSLAlgorithmList

A string that controls the cipher algorithms to be used by SSL

This configuration option takes a semicolon (;) delimited list of cipher algorithms to specify what algorithms may be used by SSL. This option can be used in conjunction with SSLEnabledProtocols to control which ciphers are used.For example:

 obj.Config("SSLEnabledProtocols=3072"); // TLS1.2  (supports SHA_256)
   obj.Config("SSLAlgorithmList=CALG_SHA_256;CALG_MD5"); 

Possible values include:

• CALG_3DES
• CALG_3DES_112
• CALG_AES
• CALG_AES_128
• CALG_AES_192
• CALG_AES_256
• CALG_AGREEDKEY_ANY
• CALG_CYLINK_MEK
• CALG_DES
• CALG_DESX
• CALG_DH_EPHEM
• CALG_DH_SF
• CALG_DSS_SIGN
• CALG_ECDH
• CALG_ECDSA
• CALG_ECMQV
• CALG_HASH_REPLACE_OWF
• CALG_HUGHES_MD5
• CALG_HMAC
• CALG_KEA_KEYX
• CALG_MAC
• CALG_MD2
• CALG_MD4
• CALG_MD5
• CALG_NO_SIGN
• CALG_OID_INFO_CNG_ONLY
• CALG_OID_INFO_PARAMETERS
• CALG_PCT1_MASTER
• CALG_RC2
• CALG_RC4
• CALG_RC5
• CALG_RSA_KEYX
• CALG_RSA_SIGN
• CALG_SCHANNEL_ENC_KEY
• CALG_SCHANNEL_MAC_KEY
• CALG_SCHANNEL_MASTER_HASH
• CALG_SEAL
• CALG_SHA
• CALG_SHA1
• CALG_SHA_256
• CALG_SHA_384
• CALG_SHA_512
• CALG_SKIPJACK
• CALG_SSL2_MASTER
• CALG_SSL3_MASTER
• CALG_SSL3_SHAMD5
• CALG_TEK
• CALG_TLS1_MASTER
• CALG_TLS1PRF

This option is only valid in Windows.

Base Configuration Settings

GUIAvailable

Tells the bean whether or not a message loop is available for processing events

In a GUI-based application, long-running blocking operations may cause the application to stop responding to input until the operation returns. The bean will attempt to discover whether or not the application has a message loop and, if one is discovered, it will process events in that message loop during any such blocking operation.In some non-GUI applications an invalid message loop may be discovered that will result in errant behavior. In these cases, setting GuiAvailable to false will ensure that the bean does not attempt to process external events.

UseDaemonThreads

Whether threads created by the bean are daemon threads

If set to True, when the bean creates a thread the thread's Daemon property will be explicitly set to True. By default this setting is False and the bean will not set the Daemon property on the created thread.

Throws:

IPWorksSSLException

disconnect

public void disconnect(java.lang.String connectionId)
                throws IPWorksSSLException

Disconnect the specified client.

Calling this method will disconnect the client specified by the ConnectionId parameter.

Throws:

IPWorksSSLException

doEvents

public void doEvents()
              throws IPWorksSSLException

Processes events from the internal message queue.

When DoEvents is called, the bean processes any available events. If no events are available, it waits for a preset period of time, and then returns.

Throws:

IPWorksSSLException

interrupt

public void interrupt(java.lang.String connectionId)
               throws IPWorksSSLException

Interrupts a synchronous send to the remote host.

This property is called using the Connection ID if you wish to interrupt a connection and stop a file from uploading without disconnecting the client connected to the bean. If you use SendFile to upload a file, the bean will run synchronously on that Connection ID until it is completed.

Throws:

IPWorksSSLException

send

public void send(java.lang.String connectionId,
                 byte[] text)
          throws IPWorksSSLException

Sends data to the remote host.

This method sends data to the remote host. Calling this method is equivalent to setting the DataToSend property to Text .

Throws:

IPWorksSSLException

sendFile

public void sendFile(java.lang.String connectionId,
                     java.lang.String fileName)
              throws IPWorksSSLException

Send file to the remote host.

This method sends the file to the client specified by the ConnectionId .

Throws:

IPWorksSSLException

sendLine

public void sendLine(java.lang.String connectionId,
                     java.lang.String text)
              throws IPWorksSSLException

Sends a string followed by a newline.

This method is used to send data with line-oriented protocols. The line is followed by CRLF ("\r\ n") .

Please refer to the GetLine method and SingleLineMode property for more information.

Throws:

IPWorksSSLException

shutdown

public void shutdown()
              throws IPWorksSSLException

Shuts down the server.

This method shuts down the server. Calling this method is equivalent to setting Listening to False, and then breaking every client connection by calling Disconnect .

Throws:

IPWorksSSLException

startSSL

public void startSSL(java.lang.String connectionId)
              throws IPWorksSSLException

Starts SSL negotiation on a connection.

This method is used to start SSL negotiation on a plaintext connection. Please refer to the SSLStartMode property for more information.

Note that the Connected event will fire again after SSL negotiation is complete.

Throws:

IPWorksSSLException

addIpdaemonsEventListener

public void addIpdaemonsEventListener(IpdaemonsEventListener l)
                               throws java.util.TooManyListenersException

Throws:

java.util.TooManyListenersException

removeIpdaemonsEventListener

public void removeIpdaemonsEventListener(IpdaemonsEventListener l)