SecureBlackbox 2020 macOS Edition

Questions / Feedback?

TLSClientEntry Type

A container for a connected TLS client's details.

Remarks

Use this property to access the details of a particular connected client.

Fields

address
String

The client's IP address.

chainValidationDetails
Int32

The details of a certificate chain validation outcome. They may often suggest what reasons that contributed to the overall validation result.

Returns a bit mask of the following options:

cvrBadData0x0001One or more certificates in the validation path are malformed

cvrRevoked0x0002One or more certificates are revoked

cvrNotYetValid0x0004One or more certificates are not yet valid

cvrExpired0x0008One or more certificates are expired

cvrInvalidSignature0x0010A certificate contains a non-valid digital signature

cvrUnknownCA0x0020A CA certificate for one or more certificates has not been found (chain incomplete)

cvrCAUnauthorized0x0040One of the CA certificates are not authorized to act as CA

cvrCRLNotVerified0x0080One or more CRLs could not be verified

cvrOCSPNotVerified0x0100One or more OCSP responses could not be verified

cvrIdentityMismatch0x0200The identity protected by the certificate (a TLS endpoint or an e-mail addressee) does not match what is recorded in the certificate

cvrNoKeyUsage0x0400A mandatory key usage is not enabled in one of the chain certificates

cvrBlocked0x0800One or more certificates are blocked

cvrFailure0x1000General validation failure

cvrChainLoop0x2000Chain loop: one of the CA certificates recursively signs itself

cvrWeakAlgorithm0x4000A weak algorithm is used in one of certificates or revocation elements

cvrUserEnforced0x8000The chain was considered invalid following intervention from a user code

chainValidationResult
ChainValidities

The outcome of a certificate chain validation routine.

Available options:

cvtValid0The chain is valid

cvtValidButUntrusted1The chain is valid, but the root certificate is not trusted

cvtInvalid2The chain is not valid (some of certificates are revoked, expired, or contain an invalid signature)

cvtCantBeEstablished3The validity of the chain cannot be established because of missing or unavailable validation information (certificates, CRLs, or OCSP responses)

Use the ValidationLog property to access the detailed validation log.

ciphersuite
String

The cipher suite employed by this connection.

For TLS connections, this property returns the ciphersuite that was/is employed by the connection.

clientAuthenticated
Bool

Specifies whether client authentication was performed during this connection.

digestAlgorithm
String

The digest algorithm used in a TLS-enabled connection.

encryptionAlgorithm
String

The symmetric encryption algorithm used in a TLS-enabled connection.

id
Int64

The client connection's unique identifier. This value is used throughout to refer to a particular client connection.

keyExchangeAlgorithm
String

The key exchange algorithm used in a TLS-enabled connection.

keyExchangeKeyBits
Int32

The length of the key exchange key of a TLS-enabled connection.

namedECCurve
String

The elliptic curve used in this connection.

pfsCipher
Bool

Indicates whether the chosen ciphersuite provides perfect forward secrecy (PFS).

port
Int32

The remote port of the client connection.

publicKeyBits
Int32

The length of the public key.

resumedSession
Bool

Indicates whether a TLS-enabled connection was spawned from another TLS connection

secureConnection
Bool

Indicates whether TLS or SSL is enabled for this connection.

signatureAlgorithm
String

The signature algorithm used in a TLS handshake.

symmetricBlockSize
Int32

The block size of the symmetric algorithm used.

symmetricKeyBits
Int32

The key length of the symmetric algorithm used.

totalBytesReceived
Int64

The total number of bytes received over this connection.

totalBytesSent
Int64

The total number of bytes sent over this connection.

validationLog
String

Contains the server certificate's chain validation log. This information may be very useful in investigating chain validation failures.

version
String

Indicates the version of SSL/TLS protocol negotiated during this connection.

Constructors

public init()

Creates a new TLSClientEntry object.

Copyright (c) 2022 /n software inc. - All rights reserved.
SecureBlackbox 2020 macOS Edition - Version 20.0 [Build 8165]