org.eclipse.californium.scandium.config

Class DtlsConnectorConfig

java.lang.Object

org.eclipse.californium.scandium.config.DtlsConnectorConfig

public final class DtlsConnectorConfig
extends Object

A container for all configuration options of a DTLSConnector.

Instances of this class are immutable and can only be created by means of the DtlsConnectorConfig.Builder, e.g.

 InetSocketAddress bindToAddress = new InetSocketAddress("localhost", 0); // use ephemeral port
 DtlsConnectorConfig config = new DtlsConnectorConfig.Builder()
    .setAddress(bindToAddress)
    .setPskStore(new StaticPskStore("identity", "secret".getBytes()))
    .set... // additional configuration
    .build();
 
 DTLSConnector connector = new DTLSConnector(config);
 connector.start();
 ...
 

Nested Class Summary

Nested Classes

Modifier and Type	Class and Description
static class	DtlsConnectorConfig.Builder A helper for creating instances of DtlsConnectorConfig based on the builder pattern.

Field Summary

Fields

Modifier and Type	Field and Description
static int	DEFAULT_MAX_CONNECTIONS The default value for the maxConncetions property.
static int	DEFAULT_MAX_DEFERRED_PROCESSED_APPLICATION_DATA_MESSAGES The default value for the maxDeferredProcessedApplicationDataMessages property.
static int	DEFAULT_MAX_DEFERRED_PROCESSED_HANDSHAKE_RECORDS_SIZE The default value for the maxDeferredProcessedHandshakeRecordsSize property.
static int	DEFAULT_MAX_FRAGMENTED_HANDSHAKE_MESSAGE_LENGTH The default value for the maxFragmentedHandshakeMessageLength property.
static int	DEFAULT_MAX_RETRANSMISSIONS The default value for the maxRetransmissions property.
static int	DEFAULT_MAX_TRANSMISSION_UNIT_LIMIT The default value for the maxTransmissionUnitLimit property.
static int	DEFAULT_RETRANSMISSION_TIMEOUT_MS The default value for the retransmissionTimeout property.
static long	DEFAULT_STALE_CONNECTION_TRESHOLD The default value for the staleConnectionThreshold property.
static int	DEFAULT_VERIFY_PEERS_ON_RESUMPTION_THRESHOLD_IN_PERCENT The default value for the verifyPeersOnResumptionThreshold property.

Method Summary

Methods

Modifier and Type	Method and Description
static DtlsConnectorConfig.Builder	builder() Create new builder for DtlsConnectorConfig.
static DtlsConnectorConfig.Builder	builder(DtlsConnectorConfig config) Create builder for DtlsConnectorConfig from provided DtlsConnectorConfig.
protected Object	clone()
InetSocketAddress	getAddress() Gets the IP address and port the connector is bound to.
NewAdvancedCertificateVerifier	getAdvancedCertificateVerifier() Gets the new advanced certificate verifier to be used during the DTLS handshake.
AdvancedPskStore	getAdvancedPskStore() Gets the advanced registry of shared secrets used for authenticating clients during a DTLS handshake.
ApplicationLevelInfoSupplier	getApplicationLevelInfoSupplier() Gets the supplier of application level information for an authenticated peer's identity.
Long	getAutoResumptionTimeoutMillis() Get the timeout for automatic session resumption.
Integer	getBackOffRetransmission() Number of retransmissions before the attempt to transmit a flight in back-off mode.
List<X509Certificate>	getCertificateChain() Gets the certificates forming the chain-of-trust from a root CA down to the certificate asserting the server's identity.
CertificateVerifier	getCertificateVerifier() Gets the verifier in charge of validating the peer's certificate chain during the DTLS handshake.
CipherSuiteSelector	getCipherSuiteSelector() Get cipher suite selector.
ConnectionIdGenerator	getConnectionIdGenerator() Gets connection ID generator.
ConnectionListener	getConnectionListener()
Integer	getConnectionThreadCount() Gets the number of threads which should be use to handle DTLS connection.
String	getDefaultHandshakeMode() Get the default handshake mode.
DtlsHealth	getHealthHandler() Gets health handler.
Integer	getHealthStatusInterval() Gets health status interval.
List<CertificateType>	getIdentityCertificateTypes() Gets the certificate types for the identity of this peer.
String	getLoggingTag() Get instance logging tag.
Integer	getMaxConnections() Gets the maximum number of (active) connections the connector will support.
Integer	getMaxDeferredProcessedIncomingRecordsSize() Gets the maximum size of all deferred processed incoming records.
Integer	getMaxDeferredProcessedOutgoingApplicationDataMessages() Gets the maximum number of deferred processed outgoing application data messages.
Integer	getMaxFragmentedHandshakeMessageLength() Gets the maximum length of a reassembled fragmented handshake message.
Integer	getMaxFragmentLengthCode() Gets the maximum amount of message payload data that this connector can receive in a single DTLS record.
Integer	getMaxRetransmissions() Gets the maximum number of times a flight of handshake messages gets re-transmitted to a peer.
Integer	getMaxTransmissionUnit() Gets the maximum transmission unit.
Integer	getMaxTransmissionUnitLimit() Gets the maximum transmission unit limit for auto detection.
Integer	getOutboundMessageBufferSize() Gets the number of outbound messages that can be buffered in memory before messages are dropped.
List<CipherSuite>	getPreselectedCipherSuites() Gets the preselected cipher suites.
PrivateKey	getPrivateKey() Gets the private key to use for proving identity to a peer during a DTLS handshake.
ProtocolVersion	getProtocolVersionForHelloVerifyRequests() Get protocol version for hello verify requests to send.
PskStore	getPskStore() Deprecated. use getAdvancedPskStore() instead
PublicKey	getPublicKey() Gets the public key to send to peers during the DTLS handshake for authentication purposes.
Integer	getReceiverThreadCount() Gets the number of threads which should be use to receive datagrams from the socket.
Integer	getRecordSizeLimit() Gets record size limit.
Integer	getRetransmissionTimeout() Gets the (initial) time to wait before a handshake flight of messages gets re-transmitted.
TrustedRpkStore	getRpkTrustStore() Note: the upcoming next major version 3.0 will remove this method.
Integer	getSocketReceiveBufferSize() Gets size of the socket receive buffer.
Integer	getSocketSendBufferSize() Gets size of the socket send buffer.
Long	getStaleConnectionThreshold() Gets the maximum number of seconds within which some records need to be exchanged over a connection before it is considered stale.
List<CipherSuite>	getSupportedCipherSuites() Gets the supported cipher suites.
List<XECDHECryptography.SupportedGroup>	getSupportedGroups() Gets the supported groups (curves).
List<SignatureAndHashAlgorithm>	getSupportedSignatureAlgorithms() Gets the supported signature and hash algorithms the connector should advertise in a DTLS handshake.
List<CertificateType>	getTrustCertificateTypes() Gets the certificate types for the trust of the other peer.
X509Certificate[]	getTrustStore() Gets the trusted root certificates to use when verifying a peer's certificate during authentication.
Integer	getVerifyPeersOnResumptionThreshold() Threshold to use a HELLO_VERIFY_REQUEST also for session resumption in percent of getMaxConnections().
Boolean	isAddressReuseEnabled()
Boolean	isClientAuthenticationRequired() Gets whether the connector requires DTLS clients to authenticate during the handshake.
Boolean	isClientAuthenticationWanted() Gets whether the connector wants (requests) DTLS clients to authenticate during the handshake.
Boolean	isClientOnly() Gets whether the connector acts only as client.
Boolean	isEarlyStopRetransmission()
Boolean	isRecommendedCipherSuitesOnly()
Boolean	isRecommendedSupportedGroupsOnly()
Boolean	isServerOnly() Gets whether the connector acts only as server and doesn't start new handshakes.
Boolean	isSniEnabled() Checks whether the connector should support the use of the TLS Server Name Indication extension in the DTLS handshake.
Boolean	useAntiReplayFilter() Use anti replay filter.
Boolean	useCidUpdateAddressOnNewerRecordFilter() Use filter to update the ip-address from DTLS 1.2 CID records only for newer records based on epoch/sequence_number.
Integer	useExtendedWindowFilter() Use filter for records in window and before limit.
Boolean	useHandshakeStateValidation() Use the handshake state validation to verify valid handshakes.
Boolean	useKeyUsageVerification() Use key usage verification for x509.
Boolean	useMultiHandshakeMessageRecords() Enable to use dtls records with multiple handshake messages.
Boolean	useMultiRecordMessages() Gets enable to use UDP messages with multiple dtls records.
Boolean	useNoServerSessionId() Indicates, that no session id is used by this server and so session are also not cached by this server and can not be resumed.
Boolean	useTruncatedCertificatePathForClientsCertificateMessage() Use truncated certificate paths for client's certificate message.
Boolean	useTruncatedCertificatePathForValidation() Use truncated certificate paths for validation.
Boolean	useWindowFilter() Deprecated. use useExtendedWindowFilter() instead.

Methods inherited from class java.lang.Object

equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Detail

DEFAULT_MAX_DEFERRED_PROCESSED_APPLICATION_DATA_MESSAGES

public static final int DEFAULT_MAX_DEFERRED_PROCESSED_APPLICATION_DATA_MESSAGES

The default value for the maxDeferredProcessedApplicationDataMessages property.

See Also:

Constant Field Values

DEFAULT_MAX_CONNECTIONS

public static final int DEFAULT_MAX_CONNECTIONS

The default value for the maxConncetions property.

See Also:

Constant Field Values

DEFAULT_MAX_FRAGMENTED_HANDSHAKE_MESSAGE_LENGTH

public static final int DEFAULT_MAX_FRAGMENTED_HANDSHAKE_MESSAGE_LENGTH

The default value for the maxFragmentedHandshakeMessageLength property.

See Also:

Constant Field Values

DEFAULT_MAX_DEFERRED_PROCESSED_HANDSHAKE_RECORDS_SIZE

public static final int DEFAULT_MAX_DEFERRED_PROCESSED_HANDSHAKE_RECORDS_SIZE

The default value for the maxDeferredProcessedHandshakeRecordsSize property.

See Also:

Constant Field Values

DEFAULT_STALE_CONNECTION_TRESHOLD

public static final long DEFAULT_STALE_CONNECTION_TRESHOLD

The default value for the staleConnectionThreshold property.

See Also:

Constant Field Values

DEFAULT_RETRANSMISSION_TIMEOUT_MS

public static final int DEFAULT_RETRANSMISSION_TIMEOUT_MS

The default value for the retransmissionTimeout property.

See Also:

Constant Field Values

DEFAULT_MAX_RETRANSMISSIONS

public static final int DEFAULT_MAX_RETRANSMISSIONS

The default value for the maxRetransmissions property.

See Also:

Constant Field Values

DEFAULT_VERIFY_PEERS_ON_RESUMPTION_THRESHOLD_IN_PERCENT

public static final int DEFAULT_VERIFY_PEERS_ON_RESUMPTION_THRESHOLD_IN_PERCENT

The default value for the verifyPeersOnResumptionThreshold property.

See Also:

Constant Field Values

DEFAULT_MAX_TRANSMISSION_UNIT_LIMIT

public static final int DEFAULT_MAX_TRANSMISSION_UNIT_LIMIT

The default value for the maxTransmissionUnitLimit property.

Since:

2.3

See Also:

Constant Field Values

Method Detail

getRecordSizeLimit

public Integer getRecordSizeLimit()

Gets record size limit. Included in the CLIENT_HELLO and SERVER_HELLO to negotiate the record size limit.

Returns:

record size limit, or null, if not used.

Since:

2.4

getMaxFragmentLengthCode

public Integer getMaxFragmentLengthCode()

Gets the maximum amount of message payload data that this connector can receive in a single DTLS record.

The code returned is either null or one of the following:

• 1 - 2^9 bytes
• 2 - 2^10 bytes
• 3 - 2^11 bytes
• 4 - 2^12 bytes

Returns:

the code indicating the maximum payload length

getMaxFragmentedHandshakeMessageLength

public Integer getMaxFragmentedHandshakeMessageLength()

Gets the maximum length of a reassembled fragmented handshake message.

Returns:

maximum length

useMultiRecordMessages

public Boolean useMultiRecordMessages()

Gets enable to use UDP messages with multiple dtls records. Default behavior enables the usage of multiple records, but disables it as back off after two retransmissions.

Returns:

true, if enabled, false, otherwise. null for default behavior.

Since:

2.4

useMultiHandshakeMessageRecords

public Boolean useMultiHandshakeMessageRecords()

Enable to use dtls records with multiple handshake messages. Default behavior disables the usage on the server side, and enables the usage of multiple handshake messages on the client side, if the server send such dtls records.

Returns:

true, if enabled, false, otherwise. null for default behavior.

Since:

2.4

getProtocolVersionForHelloVerifyRequests

public ProtocolVersion getProtocolVersionForHelloVerifyRequests()

Get protocol version for hello verify requests to send. Before version 2.5.0, Californium used fixed the protocol version DTLS 1.2 to send the HelloVerifyRequest. According RFC 6347, 4.2.1. Denial-of-Service Countermeasures, that HelloVerifyRequest SHOULD be sent using protocol version DTLS 1.0. But that found to be ambiguous, because it's also requested that "The server MUST use the same version number in the HelloVerifyRequest that it would use when sending a ServerHello." With that, Californium from 2.6.0 on will, by default, reply the version the client sent in the HelloVerifyRequest, and will postpone the version negotiation until the client has verified it's endpoint ownership. If that client version is below DTLS 1.0, a DTLS 1.0 will be used. If a different behavior is wanted, you may use the related setter to provide a fixed version for the HelloVerifyRequest. In order to provide backwards compatibility to version before 2.5.0 , configure to use protocol version DTLS 1.2.

Returns:

fixed protocol version, or null, to reply the clients version. Default is null.

Since:

2.5

See Also:

HelloVerifyRequest

getRetransmissionTimeout

public Integer getRetransmissionTimeout()

Gets the (initial) time to wait before a handshake flight of messages gets re-transmitted. This timeout gets adjusted during the course of repeated re-transmission of a flight. The DTLS spec suggests an exponential back-off strategy, i.e. after each re-transmission the timeout value is doubled.

Returns:

the (initial) time to wait in milliseconds

getMaxDeferredProcessedOutgoingApplicationDataMessages

public Integer getMaxDeferredProcessedOutgoingApplicationDataMessages()

Gets the maximum number of deferred processed outgoing application data messages.

Returns:

the maximum number of deferred processed outgoing application data messages

getMaxDeferredProcessedIncomingRecordsSize

public Integer getMaxDeferredProcessedIncomingRecordsSize()

Gets the maximum size of all deferred processed incoming records.

Returns:

the maximum size of all deferred processed incoming records

getBackOffRetransmission

public Integer getBackOffRetransmission()

Number of retransmissions before the attempt to transmit a flight in back-off mode. RFC 6347, Section 4.1.1.1, Page 12 In back-off mode, UDP datagrams of maximum 512 bytes are used. Each handshake message is placed in one dtls record, or more dtls records, if the handshake message is too large and must be fragmented. Beside of the CCS and FINISH dtls records, which send together in one UDP datagram, all other records are send in separate datagrams. The useMultiHandshakeMessageRecords() and useMultiRecordMessages() has precedence over the back-off definition. Value 0, to disable it, default is value maxRetransmissions / 2.

Returns:

the number of re-transmissions to use the back-off mode

Since:

2.4

getMaxRetransmissions

public Integer getMaxRetransmissions()

Gets the maximum number of times a flight of handshake messages gets re-transmitted to a peer.

Returns:

the maximum number of re-transmissions

getMaxTransmissionUnit

public Integer getMaxTransmissionUnit()

Gets the maximum transmission unit. Maximum number of bytes sent in one transmission.

Returns:

maximum transmission unit

getMaxTransmissionUnitLimit

public Integer getMaxTransmissionUnitLimit()

Gets the maximum transmission unit limit for auto detection. Limit Maximum number of bytes sent in one transmission.

Returns:

maximum transmission unit limit. Default 1500.

Since:

2.3

isEarlyStopRetransmission

public Boolean isEarlyStopRetransmission()

Returns:

true if retransmissions should be stopped as soon as we receive handshake message

isAddressReuseEnabled

public Boolean isAddressReuseEnabled()

Returns:

true, if address reuse should be enabled for the socket.

isSniEnabled

public Boolean isSniEnabled()

Checks whether the connector should support the use of the TLS Server Name Indication extension in the DTLS handshake.

If enabled, the client side should send a server name extension, if the server is specified with hostname rather then with a raw ip-address. The server side support currently includes a server name specific PSK secret lookup and a forwarding of the server name to the CoAP stack in the DtlsEndpointContext. The x509 or RPK credentials lookup is currently not server name specific, therefore the server's certificate will be the same, regardless of the indicated server name.

The default value of this property is null. If this property is not set explicitly using DtlsConnectorConfig.Builder.setSniEnabled(boolean), then the DtlsConnectorConfig.Builder.build() method will set it to false.

Returns:

true if SNI should be used.

getVerifyPeersOnResumptionThreshold

public Integer getVerifyPeersOnResumptionThreshold()

Threshold to use a HELLO_VERIFY_REQUEST also for session resumption in percent of getMaxConnections(). Though a CLIENT_HELLO with an session id is used in session resumption, that session ID could be used to check.

 Value 
 0 : always use a verify request.
 1 ... 100 : dynamically use a verify request.
 

Peers are identified by their endpoint (ip-address and port) and dtls sessions have a id and may be also related to an endpoint. If a peer resumes its own session (by id, and that session is related to the same endpoint as the peer), no verify request is used. If a peer resumes as session (by id), but a different session is related to its endpoint, then a verify request is used to ensure, that the peer really owns that endpoint. If a peer resumes a session, and the endpoint of the peer is either unused or not related to a established session, this threshold controls, if a verify request is used or not. If more resumption handshakes without verified peers are pending than this threshold, then a verify request is used. Note: a value larger than 0 will call SessionCache.get(org.eclipse.californium.scandium.dtls.SessionId). If that implementation is expensive, please ensure, that this value is configured with 0. Otherwise, CLIENT_HELLOs with invalid session ids may be spoofed and gets too expensive. Note: if spoofing is considered to be relevant for the used network environment, please set this to 0 using DtlsConnectorConfig.Builder.setVerifyPeersOnResumptionThreshold(int) in order to disable this function.

Returns:

threshold handshakes without verified peer in percent of getMaxConnections().

getConnectionIdGenerator

public ConnectionIdGenerator getConnectionIdGenerator()

Gets connection ID generator.

Returns:

connection id generator. null for not supported. The returned generator may only support the use of a connection id without using it by itself. In that case ConnectionIdGenerator.useConnectionId() will return false.

getOutboundMessageBufferSize

public Integer getOutboundMessageBufferSize()

Gets the number of outbound messages that can be buffered in memory before messages are dropped.

Returns:

the number of messages

getAddress

public InetSocketAddress getAddress()

Gets the IP address and port the connector is bound to.

Returns:

the address

getCertificateChain

public List<X509Certificate> getCertificateChain()

Gets the certificates forming the chain-of-trust from a root CA down to the certificate asserting the server's identity.

Returns:

the certificates or null if the connector is not supposed to support certificate based authentication

getCipherSuiteSelector

public CipherSuiteSelector getCipherSuiteSelector()

Get cipher suite selector.

Returns:

cipher suite selector. Default DefaultCipherSuiteSelector.

Since:

2.3

getPreselectedCipherSuites

public List<CipherSuite> getPreselectedCipherSuites()

Gets the preselected cipher suites. If no supported cipher suites are provided, consider only this subset of CipherSuite to be automatically selected as supported cipher suites depending on other setting (e.g. if settings allow only PSK, only PSK compatible cipher suite from this list will be selected). Not used, if supported cipher suites are provided.

Returns:

the preselected cipher suites

Since:

2.5

See Also:

getSupportedCipherSuites()

getSupportedCipherSuites

public List<CipherSuite> getSupportedCipherSuites()

Gets the supported cipher suites. On the client side the connector advertise these cipher suites in a DTLS handshake. On the server side the connector limits the acceptable cipher suites to this list.

Returns:

the supported cipher suites (ordered by preference)

getSupportedSignatureAlgorithms

public List<SignatureAndHashAlgorithm> getSupportedSignatureAlgorithms()

Gets the supported signature and hash algorithms the connector should advertise in a DTLS handshake.

Returns:

the supported signature and hash algorithms (ordered by preference). If empty, the client does not advertise it's supported signature and hash algorithms, and the server assumes the SignatureAndHashAlgorithm.DEFAULT as list of supported signature and hash algorithms

Since:

2.3

getSupportedGroups

public List<XECDHECryptography.SupportedGroup> getSupportedGroups()

Gets the supported groups (curves). On the client side the connector advertise these supported groups (curves) in a DTLS handshake. On the server side the connector limits the acceptable supported groups (curves) to this list. According RFC 8422, 5.1. Client Hello Extensions, Actions of the receiver This affects both, curves for ECDH and the certificates for ECDSA.

Returns:

the supported groups (curves, ordered by preference)

Since:

2.3

getPrivateKey

public PrivateKey getPrivateKey()

Gets the private key to use for proving identity to a peer during a DTLS handshake.

Returns:

the key

getPskStore

@Deprecated
public PskStore getPskStore()

Deprecated. use getAdvancedPskStore() instead

Gets the registry of shared secrets used for authenticating clients during a DTLS handshake.

Returns:

the registry. Maybe null, if a advanced psk store is provided to the builder.

getAdvancedPskStore

public AdvancedPskStore getAdvancedPskStore()

Gets the advanced registry of shared secrets used for authenticating clients during a DTLS handshake. If a PskStore is provided to the builder using DtlsConnectorConfig.Builder.setPskStore(PskStore), a AdvancedInMemoryPskStore is returned using that psk store after DtlsConnectorConfig.Builder.build() is called.

Returns:

the registry

Since:

2.3

getPublicKey

public PublicKey getPublicKey()

Gets the public key to send to peers during the DTLS handshake for authentication purposes.

Returns:

the key

getTrustStore

public X509Certificate[] getTrustStore()

Gets the trusted root certificates to use when verifying a peer's certificate during authentication. Only valid, if DtlsConnectorConfig.Builder.setTrustStore(Certificate[]) is used. Note: the upcoming next major version 3.0 will remove this method.

Returns:

the root certificates. If empty (length of zero), all certificates are trusted. If null, the trust may be implemented by a CertificateVerifier.

getCertificateVerifier

public CertificateVerifier getCertificateVerifier()

Gets the verifier in charge of validating the peer's certificate chain during the DTLS handshake. Note: the upcoming next major version 3.0 will remove this method.

Returns:

the certificate chain verifier

getAdvancedCertificateVerifier

public NewAdvancedCertificateVerifier getAdvancedCertificateVerifier()

Gets the new advanced certificate verifier to be used during the DTLS handshake.

Returns:

the new advanced certificate verifier

Since:

2.5

getApplicationLevelInfoSupplier

public ApplicationLevelInfoSupplier getApplicationLevelInfoSupplier()

Gets the supplier of application level information for an authenticated peer's identity.

Returns:

the supplier or null if not set

isClientAuthenticationWanted

public Boolean isClientAuthenticationWanted()

Gets whether the connector wants (requests) DTLS clients to authenticate during the handshake. The handshake doesn't fail, if the client didn't authenticate itself during the handshake. That mostly requires the client to use a proprietary mechanism to authenticate itself on the application layer (e.g. username/password). It's mainly used, if the implementation of the other peer has no PSK cipher suite and client certificate should not be used for some reason. Only used by the DTLS server side.

Returns:

true if clients wanted to authenticate

isClientAuthenticationRequired

public Boolean isClientAuthenticationRequired()

Gets whether the connector requires DTLS clients to authenticate during the handshake. Only used by the DTLS server side.

Returns:

true if clients need to authenticate

isServerOnly

public Boolean isServerOnly()

Gets whether the connector acts only as server and doesn't start new handshakes.

Returns:

true if the connector acts only as server

getDefaultHandshakeMode

public String getDefaultHandshakeMode()

Get the default handshake mode. Used, if no handshake mode is provided in the endpoint context, see DtlsEndpointContext.KEY_HANDSHAKE_MODE.

Returns:

default handshake mode. DtlsEndpointContext.HANDSHAKE_MODE_NONE or DtlsEndpointContext.HANDSHAKE_MODE_AUTO (default)

Since:

2.1

getIdentityCertificateTypes

public List<CertificateType> getIdentityCertificateTypes()

Gets the certificate types for the identity of this peer. In the order of preference.

Returns:

certificate types ordered by preference, or null, if no certificates are used to identify this peer.

getTrustCertificateTypes

public List<CertificateType> getTrustCertificateTypes()

Gets the certificate types for the trust of the other peer. In the order of preference.

Returns:

certificate types ordered by preference, or null, if no certificates are used to trust the other peer.

getMaxConnections

public Integer getMaxConnections()

Gets the maximum number of (active) connections the connector will support.

Once this limit is reached, new connections will only be accepted if stale connections exist. A stale connection is one that hasn't been used for at least staleConnectionThreshold seconds.

Returns:

The maximum number of active connections supported.

See Also:

getStaleConnectionThreshold()

getStaleConnectionThreshold

public Long getStaleConnectionThreshold()

Gets the maximum number of seconds within which some records need to be exchanged over a connection before it is considered stale.

Once a connection becomes stale, it cannot be used to transfer DTLS records anymore.

Returns:

The number of seconds.

See Also:

getMaxConnections()

getConnectionThreadCount

public Integer getConnectionThreadCount()

Gets the number of threads which should be use to handle DTLS connection.

The default value is 6 * #(CPU cores).

Returns:

the number of threads.

getReceiverThreadCount

public Integer getReceiverThreadCount()

Gets the number of threads which should be use to receive datagrams from the socket.

The default value is half of #(CPU cores).

Returns:

the number of threads.

getSocketReceiveBufferSize

public Integer getSocketReceiveBufferSize()

Gets size of the socket receive buffer.

Returns:

the socket receive buffer in bytes, or null, to use the OS default.

getSocketSendBufferSize

public Integer getSocketSendBufferSize()

Gets size of the socket send buffer.

Returns:

the socket send buffer in bytes, or null, to use the OS default.

getAutoResumptionTimeoutMillis

public Long getAutoResumptionTimeoutMillis()

Get the timeout for automatic session resumption. If no messages are exchanged for this timeout, the next message will trigger a session resumption automatically. Intended to be used, if traffic is routed over a NAT. The value may be overridden by the endpoint context attribute DtlsEndpointContext.KEY_RESUMPTION_TIMEOUT.

Returns:

timeout in milliseconds, or null, if no automatic resumption is intended.

useNoServerSessionId

public Boolean useNoServerSessionId()

Indicates, that no session id is used by this server and so session are also not cached by this server and can not be resumed.

Returns:

true if no session id is used by this server.

useAntiReplayFilter

public Boolean useAntiReplayFilter()

Use anti replay filter.

Returns:

true, apply anti replay filter

See Also:

"http://tools.ietf.org/html/rfc6347#section-4.1"

useWindowFilter

@Deprecated
public Boolean useWindowFilter()

Deprecated. use useExtendedWindowFilter() instead.

Use window filter. Messages too old for the filter window will pass the filter.

Returns:

true, apply window filter

See Also:

"http://tools.ietf.org/html/rfc6347#section-4.1"

useExtendedWindowFilter

public Integer useExtendedWindowFilter()

Use filter for records in window and before limit. The value will be subtracted from to lower receive window boundary. A value of -1 will set that calculated lower boundary to 0. Messages between lower receive window boundary and that calculated value will pass the filter, for other messages the filter is applied.

Returns:

value to extend lower receive window boundary, -1, to extend lower boundary to 0, 0 to disable extended window filter.

Since:

2.4

See Also:

"http://tools.ietf.org/html/rfc6347#section-4.1"

useCidUpdateAddressOnNewerRecordFilter

public Boolean useCidUpdateAddressOnNewerRecordFilter()

Use filter to update the ip-address from DTLS 1.2 CID records only for newer records based on epoch/sequence_number.

Returns:

true, apply the newer filter

getRpkTrustStore

public TrustedRpkStore getRpkTrustStore()

Note: the upcoming next major version 3.0 will remove this method.

Returns:

The trust store for raw public keys verified out-of-band for DTLS-RPK handshakes

useHandshakeStateValidation

public Boolean useHandshakeStateValidation()

Use the handshake state validation to verify valid handshakes.

Returns:

true, if handshake state validation is used

useKeyUsageVerification

public Boolean useKeyUsageVerification()

Use key usage verification for x509.

Returns:

true, if check of key usage (x509 extension) is enabled

Since:

2.1

useTruncatedCertificatePathForClientsCertificateMessage

public Boolean useTruncatedCertificatePathForClientsCertificateMessage()

Use truncated certificate paths for client's certificate message. Truncate certificate path according the received certificate authorities in the CertificateRequest for the client's CertificateMessage.

Returns:

true, if path should be truncated for client's certificate message.

Since:

2.1

useTruncatedCertificatePathForValidation

public Boolean useTruncatedCertificatePathForValidation()

Use truncated certificate paths for validation. Truncate certificate path according the available trusted certificates before validation.

Returns:

true, if path should be truncated at available trust anchors for validation

Since:

2.1

getConnectionListener

public ConnectionListener getConnectionListener()

getLoggingTag

public String getLoggingTag()

Get instance logging tag.

Returns:

logging tag.

getHealthStatusInterval

public Integer getHealthStatusInterval()

Gets health status interval.

Returns:

health status interval in seconds.

getHealthHandler

public DtlsHealth getHealthHandler()

Gets health handler.

Returns:

health handler.

isClientOnly

public Boolean isClientOnly()

Gets whether the connector acts only as client.

Returns:

true if the connector acts only as client

See Also:

DtlsConnectorConfig.Builder.setClientOnly()

isRecommendedCipherSuitesOnly

public Boolean isRecommendedCipherSuitesOnly()

Returns:

true if only recommended cipher suites are used.

See Also:

DtlsConnectorConfig.Builder.setRecommendedCipherSuitesOnly(boolean)

isRecommendedSupportedGroupsOnly

public Boolean isRecommendedSupportedGroupsOnly()

Returns:

true if only recommended supported groups (curves) are used.

Since:

2.3

See Also:

DtlsConnectorConfig.Builder.setRecommendedSupportedGroupsOnly(boolean)

clone

protected Object clone()

Overrides:

clone in class Object

Returns:

a copy of this configuration

builder

public static DtlsConnectorConfig.Builder builder()

Create new builder for DtlsConnectorConfig.

Returns:

created builder

Since:

2.5

builder

public static DtlsConnectorConfig.Builder builder(DtlsConnectorConfig config)

Create builder for DtlsConnectorConfig from provided DtlsConnectorConfig.

Parameters:

config - DtlsConnectorConfig to clone

Returns:

created builder

Since:

2.5