Protocol Selection

---

SSLSocket provides methods for selection of protocol version and cipher suites:

• The ability to select a protocol. The ICEssl module supports TLS, SSL3, and SSL2. By default the ICEssl module will be able to connect to servers that use any of these protocols, but this can be restricted using setProtocols call in SSLSocket. The SSLSocket class contains the constants SSL_2_0, SSL_3_0, and TLS_1_0, which can be used as input to the setProtocols call. These values can be logically ORed, so any combination of the protocols can be used.

  The following code shows how to specify that only SSL 3 and TLS will be accepted:

  SSLSocket.setProtocols(SSLSocket.SSL_3_0 | SSLSocket.TLS_1_0);
   
  

• For SSL 3 and TLS the method setCipherSuiteList(int[ ] cipherSuites) is a static method for setting the cipher suites to be used with the protocol version. The method getSupportedCipherSuiteList() returns the list of legal ciphers suites. The accepted cipher suite list can not be changed independently for TLS and SSL3.0.
• For SSL 2 the methods setCipherSuiteListV2(int[ ] cipherSuites) and getSupportedCipherSuiteListV2() must be used instead.

Note: In accordance with SSL specifications, the server chooses the actual cipher suite at each connection.

Copyright 2005. ICEsoft Technologies, Inc. http://www.icesoft.com