net.jini.jeri.ssl

Class ConfidentialityStrength

java.lang.Object

net.jini.jeri.ssl.ConfidentialityStrength

All Implemented Interfaces:

Serializable, InvocationConstraint

public final class ConfidentialityStrength
extends Object
implements InvocationConstraint, Serializable

Represents a constraint that, if confidentiality of message contents is ensured, the specified strength of confidentiality be used.

The use of an instance of this constraint does not directly imply a Confidentiality.YES constraint; that must be specified separately to ensure that confidentiality is actually ensured.

Serialization for this class is guaranteed to produce instances that are comparable with ==. For future security, this may be converted to an enum, which is a breaking change, in order to honor the preceding statement.

This constraint is supported by the endpoints defined in this package.

The SslTrustVerifier trust verifier may be used for establishing trust in remote proxies that use instances of this class.

Since:

2.0

See Also:

SslEndpoint, SslServerEndpoint, HttpsEndpoint, HttpsServerEndpoint, SslTrustVerifier, Serialized Form

Field Summary

Fields

Modifier and Type	Field and Description
static ConfidentialityStrength	STRONG RFC 7525 Current best practice, if confidentiality of message contents is ensured, then use strong confidentiality for message contents.
static ConfidentialityStrength	WEAK If confidentiality of message contents is ensured, then use weak confidentiality for message contents.

Constructor Summary

Constructors

Constructor and Description
ConfidentialityStrength(AtomicSerial.GetArg arg)

Method Summary

Modifier and Type	Method and Description
String	toString() Returns a string representation of this object.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, wait, wait, wait

Field Detail

STRONG

public static final ConfidentialityStrength STRONG

RFC 7525 Current best practice, if confidentiality of message contents is ensured, then use strong confidentiality for message contents.

STRONG confidentiality isn't possible, unless both client and server are authenticated.

Guidance:

• Keys used for strong encryption must not be shared by WEAK encryption connections.
• Public Keys lengths used must follow the guidance of RFC 7525.
• DHE_DSS and ECDHE_ECDSA key exchanges are allowed in addition to those recommended in RFC 7525.

For the endpoints in this package, this constraint is supported by cipher suites with the following cipher algorithms:

• AES_128_GCM
• AES_256_GCM

Key exchange is limited to the following ephemeral protocols with forward secrecy.

• ECDHE_RSA
• DHE_RSA
• DHE_DSS
• ECDHE_ECDSA

WEAK

public static final ConfidentialityStrength WEAK

If confidentiality of message contents is ensured, then use weak confidentiality for message contents.

All protocols allowed by WEAK are known to be vulnerable to attack.

Note that in all previous versions of Apache River and Jini, that the following protocols are considered STRONG.

For the endpoints in this package, this constraint is supported by cipher suites with the following cipher algorithms:

• AES_128_CBC
• AES_256_CBC
• 3DES_EDE_CBC
• RC4_128

Constructor Detail

ConfidentialityStrength

public ConfidentialityStrength(AtomicSerial.GetArg arg)
                        throws IOException

Throws:

IOException

Method Detail

toString

public String toString()

Returns a string representation of this object.

Overrides:

toString in class Object