DTLSServer Class

Properties   Methods   Events   Config Settings   Errors  

The DTLSServer class provides server-side functionality of the DTLS protocol.

Class Name

SecureBlackbox_DTLSServer

Procedural Interface

 secureblackbox_dtlsserver_open();
 secureblackbox_dtlsserver_close($res);
 secureblackbox_dtlsserver_register_callback($res, $id, $function);
 secureblackbox_dtlsserver_get_last_error($res);
 secureblackbox_dtlsserver_get_last_error_code($res);
 secureblackbox_dtlsserver_set($res, $id, $index, $value);
 secureblackbox_dtlsserver_get($res, $id, $index);
 secureblackbox_dtlsserver_do_broadcastdata($res, $connectionid, $data);
 secureblackbox_dtlsserver_do_broadcasttext($res, $connectionid, $text);
 secureblackbox_dtlsserver_do_cleanup($res);
 secureblackbox_dtlsserver_do_config($res, $configurationstring);
 secureblackbox_dtlsserver_do_doaction($res, $actionid, $actionparams);
 secureblackbox_dtlsserver_do_dropclient($res, $connectionid, $forced);
 secureblackbox_dtlsserver_do_exportkeymaterial($res, $connectionid, $lbl, $context, $len);
 secureblackbox_dtlsserver_do_listclients($res);
 secureblackbox_dtlsserver_do_pinclient($res, $connectionid);
 secureblackbox_dtlsserver_do_processplaindata($res, $connectionid, $buffer);
 secureblackbox_dtlsserver_do_reset($res);
 secureblackbox_dtlsserver_do_senddata($res, $connectionid, $buffer);
 secureblackbox_dtlsserver_do_sendkeepalive($res, $connectionid);
 secureblackbox_dtlsserver_do_sendplaindata($res, $connectionid, $buffer);
 secureblackbox_dtlsserver_do_sendtext($res, $connectionid, $text);
 secureblackbox_dtlsserver_do_start($res);
 secureblackbox_dtlsserver_do_stop($res);

Remarks

Use this component to receive data over a protected DTLS channel in your applcation.

Property List

---

The following is the full list of the properties of the class with short descriptions. Click on the links for further details.

Method List

---

The following is the full list of the methods of the class with short descriptions. Click on the links for further details.

Event List

---

The following is the full list of the events fired by the class with short descriptions. Click on the links for further details.

Config Settings

---

The following is a list of config settings for the class with short descriptions. Click on the links for further details.

Active Property (SecureBlackbox_DTLSServer Class)

Indicates whether the server is active and is listening to new connections.

Object Oriented Interface

public function getActive();

Procedural Interface

secureblackbox_dtlsserver_get($res, 1 );

Default Value

false

Remarks

This read-only property returns True if the server is listening to incoming connections.

This property is read-only and not available at design time.

Data Type

Boolean

BoundPort Property (SecureBlackbox_DTLSServer Class)

Indicates the bound listening port.

Object Oriented Interface

public function getBoundPort();

Procedural Interface

secureblackbox_dtlsserver_get($res, 2 );

Default Value

0

Remarks

Check this property to find out the port that has been allocated to the server by the system. The bound port always equals Port if it is provided, or is allocated dynamically if configured to fall in the range between PortRangeFrom and PortRangeTo constraints.

This property is read-only and not available at design time.

Data Type

Integer

ExternalCryptoAsyncDocumentID Property (SecureBlackbox_DTLSServer Class)

Specifies an optional document ID for SignAsyncBegin() and SignAsyncEnd() calls.

Object Oriented Interface

public function getExternalCryptoAsyncDocumentID();


public function setExternalCryptoAsyncDocumentID($value);

Procedural Interface

secureblackbox_dtlsserver_get($res, 3 );


secureblackbox_dtlsserver_set($res, 3, $value );

Default Value

''

Remarks

Specifies an optional document ID for SignAsyncBegin() and SignAsyncEnd() calls.

Use this property when working with multi-signature DCAuth requests and responses to uniquely identify documents signed within a larger batch. On the completion stage, this value helps the signing component identify the correct signature in the returned batch of responses.

If using batched requests, make sure to set this property to the same value on both the pre-signing (SignAsyncBegin) and completion (SignAsyncEnd) stages.

Data Type

String

ExternalCryptoCustomParams Property (SecureBlackbox_DTLSServer Class)

Custom parameters to be passed to the signing service (uninterpreted).

Object Oriented Interface

public function getExternalCryptoCustomParams();


public function setExternalCryptoCustomParams($value);

Procedural Interface

secureblackbox_dtlsserver_get($res, 4 );


secureblackbox_dtlsserver_set($res, 4, $value );

Default Value

''

Remarks

Custom parameters to be passed to the signing service (uninterpreted).

This property is not available at design time.

Data Type

String

ExternalCryptoData Property (SecureBlackbox_DTLSServer Class)

Additional data to be included in the async state and mirrored back by the requestor.

Object Oriented Interface

public function getExternalCryptoData();


public function setExternalCryptoData($value);

Procedural Interface

secureblackbox_dtlsserver_get($res, 5 );


secureblackbox_dtlsserver_set($res, 5, $value );

Default Value

''

Remarks

Additional data to be included in the async state and mirrored back by the requestor.

This property is not available at design time.

Data Type

String

ExternalCryptoExternalHashCalculation Property (SecureBlackbox_DTLSServer Class)

Specifies whether the message hash is to be calculated at the external endpoint.

Object Oriented Interface

public function getExternalCryptoExternalHashCalculation();


public function setExternalCryptoExternalHashCalculation($value);

Procedural Interface

secureblackbox_dtlsserver_get($res, 6 );


secureblackbox_dtlsserver_set($res, 6, $value );

Default Value

false

Remarks

Specifies whether the message hash is to be calculated at the external endpoint. Please note that this mode is not supported by the DCAuth class.

If set to true, the class will pass a few kilobytes of to-be-signed data from the document to the OnExternalSign event. This only applies when SignExternal() is called.

Data Type

Boolean

ExternalCryptoHashAlgorithm Property (SecureBlackbox_DTLSServer Class)

Specifies the request's signature hash algorithm.

Object Oriented Interface

public function getExternalCryptoHashAlgorithm();


public function setExternalCryptoHashAlgorithm($value);

Procedural Interface

secureblackbox_dtlsserver_get($res, 7 );


secureblackbox_dtlsserver_set($res, 7, $value );

Default Value

'SHA256'

Remarks

Specifies the request's signature hash algorithm.

Data Type

String

ExternalCryptoKeyID Property (SecureBlackbox_DTLSServer Class)

The ID of the pre-shared key used for DC request authentication.

Object Oriented Interface

public function getExternalCryptoKeyID();


public function setExternalCryptoKeyID($value);

Procedural Interface

secureblackbox_dtlsserver_get($res, 8 );


secureblackbox_dtlsserver_set($res, 8, $value );

Default Value

''

Remarks

The ID of the pre-shared key used for DC request authentication.

Asynchronous DCAuth-driven communication requires that parties authenticate each other with a secret pre-shared cryptographic key. This provides an extra protection layer for the protocol and diminishes the risk of the private key becoming abused by foreign parties. Use this property to provide the pre-shared key identifier, and use ExternalCryptoKeySecret to pass the key itself.

The same KeyID/KeySecret pair should be used on the DCAuth side for the signing requests to be accepted.

Note: The KeyID/KeySecret scheme is very similar to the AuthKey scheme used in various Cloud service providers to authenticate users.

Example: signer.ExternalCrypto.KeyID = "MainSigningKey"; signer.ExternalCrypto.KeySecret = "abcdef0123456789";

Data Type

String

ExternalCryptoKeySecret Property (SecureBlackbox_DTLSServer Class)

The pre-shared key used for DC request authentication.

Object Oriented Interface

public function getExternalCryptoKeySecret();


public function setExternalCryptoKeySecret($value);

Procedural Interface

secureblackbox_dtlsserver_get($res, 9 );


secureblackbox_dtlsserver_set($res, 9, $value );

Default Value

''

Remarks

The pre-shared key used for DC request authentication. This key must be set and match the key used by the DCAuth counterpart for the scheme to work.

Read more about configuring authentication in the ExternalCryptoKeyID topic.

Data Type

String

ExternalCryptoMethod Property (SecureBlackbox_DTLSServer Class)

Specifies the asynchronous signing method.

Object Oriented Interface

public function getExternalCryptoMethod();


public function setExternalCryptoMethod($value);

Procedural Interface

secureblackbox_dtlsserver_get($res, 10 );


secureblackbox_dtlsserver_set($res, 10, $value );

Default Value

0

Remarks

Specifies the asynchronous signing method. This is typically defined by the DC server capabilities and setup.

Available options:

Data Type

Integer

ExternalCryptoMode Property (SecureBlackbox_DTLSServer Class)

Specifies the external cryptography mode.

Object Oriented Interface

public function getExternalCryptoMode();


public function setExternalCryptoMode($value);

Procedural Interface

secureblackbox_dtlsserver_get($res, 11 );


secureblackbox_dtlsserver_set($res, 11, $value );

Default Value

0

Remarks

Specifies the external cryptography mode.

Available options:

This property is not available at design time.

Data Type

Integer

ExternalCryptoPublicKeyAlgorithm Property (SecureBlackbox_DTLSServer Class)

Provide the public key algorithm here if the certificate is not available on the pre-signing stage.

Object Oriented Interface

public function getExternalCryptoPublicKeyAlgorithm();


public function setExternalCryptoPublicKeyAlgorithm($value);

Procedural Interface

secureblackbox_dtlsserver_get($res, 12 );


secureblackbox_dtlsserver_set($res, 12, $value );

Default Value

''

Remarks

Provide the public key algorithm here if the certificate is not available on the pre-signing stage.

Data Type

String

FIPSMode Property (SecureBlackbox_DTLSServer Class)

Reserved.

Object Oriented Interface

public function getFIPSMode();


public function setFIPSMode($value);

Procedural Interface

secureblackbox_dtlsserver_get($res, 13 );


secureblackbox_dtlsserver_set($res, 13, $value );

Default Value

false

Remarks

This property is reserved for future use.

Data Type

Boolean

Host Property (SecureBlackbox_DTLSServer Class)

The host to bind the listening port to.

Object Oriented Interface

public function getHost();


public function setHost($value);

Procedural Interface

secureblackbox_dtlsserver_get($res, 14 );


secureblackbox_dtlsserver_set($res, 14, $value );

Default Value

''

Remarks

Use this property to specify the IP address on which to listen to incoming connections.

Data Type

String

PinnedClientAEADCipher Property (SecureBlackbox_DTLSServer Class)

Indicates whether the encryption algorithm used is an AEAD cipher.

Object Oriented Interface

public function getPinnedClientAEADCipher();

Procedural Interface

secureblackbox_dtlsserver_get($res, 15 );

Default Value

false

Remarks

Indicates whether the encryption algorithm used is an AEAD cipher.

This property is read-only and not available at design time.

Data Type

Boolean

PinnedClientChainValidationDetails Property (SecureBlackbox_DTLSServer Class)

The details of a certificate chain validation outcome.

Object Oriented Interface

public function getPinnedClientChainValidationDetails();

Procedural Interface

secureblackbox_dtlsserver_get($res, 16 );

Default Value

0

Remarks

The details of a certificate chain validation outcome. They may often suggest the reasons that contributed to the overall validation result.

Returns a bit mask of the following options:

This property is read-only and not available at design time.

Data Type

Integer

PinnedClientChainValidationResult Property (SecureBlackbox_DTLSServer Class)

The outcome of a certificate chain validation routine.

Object Oriented Interface

public function getPinnedClientChainValidationResult();

Procedural Interface

secureblackbox_dtlsserver_get($res, 17 );

Default Value

0

Remarks

The outcome of a certificate chain validation routine.

Available options:

Use the ValidationLog property to access the detailed validation log.

This property is read-only and not available at design time.

Data Type

Integer

PinnedClientCiphersuite Property (SecureBlackbox_DTLSServer Class)

The cipher suite employed by this connection.

Object Oriented Interface

public function getPinnedClientCiphersuite();

Procedural Interface

secureblackbox_dtlsserver_get($res, 18 );

Default Value

''

Remarks

The cipher suite employed by this connection.

For TLS connections, this property returns the ciphersuite that was/is employed by the connection.

This property is read-only and not available at design time.

Data Type

String

PinnedClientClientAuthenticated Property (SecureBlackbox_DTLSServer Class)

Specifies whether client authentication was performed during this connection.

Object Oriented Interface

public function getPinnedClientClientAuthenticated();

Procedural Interface

secureblackbox_dtlsserver_get($res, 19 );

Default Value

false

Remarks

Specifies whether client authentication was performed during this connection.

This property is read-only and not available at design time.

Data Type

Boolean

PinnedClientClientAuthRequested Property (SecureBlackbox_DTLSServer Class)

Specifies whether client authentication was requested during this connection.

Object Oriented Interface

public function getPinnedClientClientAuthRequested();

Procedural Interface

secureblackbox_dtlsserver_get($res, 20 );

Default Value

false

Remarks

Specifies whether client authentication was requested during this connection.

This property is read-only and not available at design time.

Data Type

Boolean

PinnedClientConnectionEstablished Property (SecureBlackbox_DTLSServer Class)

Indicates whether the connection has been established fully.

Object Oriented Interface

public function getPinnedClientConnectionEstablished();

Procedural Interface

secureblackbox_dtlsserver_get($res, 21 );

Default Value

false

Remarks

Indicates whether the connection has been established fully.

This property is read-only and not available at design time.

Data Type

Boolean

PinnedClientConnectionID Property (SecureBlackbox_DTLSServer Class)

The unique identifier assigned to this connection.

Object Oriented Interface

public function getPinnedClientConnectionID();

Procedural Interface

secureblackbox_dtlsserver_get($res, 22 );

Remarks

The unique identifier assigned to this connection.

This property is read-only and not available at design time.

Data Type

Byte Array

PinnedClientDigestAlgorithm Property (SecureBlackbox_DTLSServer Class)

The digest algorithm used in a TLS-enabled connection.

Object Oriented Interface

public function getPinnedClientDigestAlgorithm();

Procedural Interface

secureblackbox_dtlsserver_get($res, 23 );

Default Value

''

Remarks

The digest algorithm used in a TLS-enabled connection.

This property is read-only and not available at design time.

Data Type

String

PinnedClientEncryptionAlgorithm Property (SecureBlackbox_DTLSServer Class)

The symmetric encryption algorithm used in a TLS-enabled connection.

Object Oriented Interface

public function getPinnedClientEncryptionAlgorithm();

Procedural Interface

secureblackbox_dtlsserver_get($res, 24 );

Default Value

''

Remarks

The symmetric encryption algorithm used in a TLS-enabled connection.

This property is read-only and not available at design time.

Data Type

String

PinnedClientExportable Property (SecureBlackbox_DTLSServer Class)

Indicates whether a TLS connection uses a reduced-strength exportable cipher.

Object Oriented Interface

public function getPinnedClientExportable();

Procedural Interface

secureblackbox_dtlsserver_get($res, 25 );

Default Value

false

Remarks

Indicates whether a TLS connection uses a reduced-strength exportable cipher.

This property is read-only and not available at design time.

Data Type

Boolean

PinnedClientID Property (SecureBlackbox_DTLSServer Class)

The client connection's unique identifier.

Object Oriented Interface

public function getPinnedClientID();

Procedural Interface

secureblackbox_dtlsserver_get($res, 26 );

Default Value

-1

Remarks

The client connection's unique identifier. This value is used throughout to refer to a particular client connection.

This property is read-only and not available at design time.

Data Type

Long64

PinnedClientKeyExchangeAlgorithm Property (SecureBlackbox_DTLSServer Class)

The key exchange algorithm used in a TLS-enabled connection.

Object Oriented Interface

public function getPinnedClientKeyExchangeAlgorithm();

Procedural Interface

secureblackbox_dtlsserver_get($res, 27 );

Default Value

''

Remarks

The key exchange algorithm used in a TLS-enabled connection.

This property is read-only and not available at design time.

Data Type

String

PinnedClientKeyExchangeKeyBits Property (SecureBlackbox_DTLSServer Class)

The length of the key exchange key of a TLS-enabled connection.

Object Oriented Interface

public function getPinnedClientKeyExchangeKeyBits();

Procedural Interface

secureblackbox_dtlsserver_get($res, 28 );

Default Value

0

Remarks

The length of the key exchange key of a TLS-enabled connection.

This property is read-only and not available at design time.

Data Type

Integer

PinnedClientNamedECCurve Property (SecureBlackbox_DTLSServer Class)

The elliptic curve used in this connection.

Object Oriented Interface

public function getPinnedClientNamedECCurve();

Procedural Interface

secureblackbox_dtlsserver_get($res, 29 );

Default Value

''

Remarks

The elliptic curve used in this connection.

This property is read-only and not available at design time.

Data Type

String

PinnedClientPFSCipher Property (SecureBlackbox_DTLSServer Class)

Indicates whether the chosen ciphersuite provides perfect forward secrecy (PFS).

Object Oriented Interface

public function getPinnedClientPFSCipher();

Procedural Interface

secureblackbox_dtlsserver_get($res, 30 );

Default Value

false

Remarks

Indicates whether the chosen ciphersuite provides perfect forward secrecy (PFS).

This property is read-only and not available at design time.

Data Type

Boolean

PinnedClientPreSharedIdentity Property (SecureBlackbox_DTLSServer Class)

Specifies the identity used when the PSK (Pre-Shared Key) key-exchange mechanism is negotiated.

Object Oriented Interface

public function getPinnedClientPreSharedIdentity();

Procedural Interface

secureblackbox_dtlsserver_get($res, 31 );

Default Value

''

Remarks

Specifies the identity used when the PSK (Pre-Shared Key) key-exchange mechanism is negotiated.

This property is read-only and not available at design time.

Data Type

String

PinnedClientPreSharedIdentityHint Property (SecureBlackbox_DTLSServer Class)

A hint professed by the server to help the client select the PSK identity to use.

Object Oriented Interface

public function getPinnedClientPreSharedIdentityHint();

Procedural Interface

secureblackbox_dtlsserver_get($res, 32 );

Default Value

''

Remarks

A hint professed by the server to help the client select the PSK identity to use.

This property is read-only and not available at design time.

Data Type

String

PinnedClientPublicKeyBits Property (SecureBlackbox_DTLSServer Class)

The length of the public key.

Object Oriented Interface

public function getPinnedClientPublicKeyBits();

Procedural Interface

secureblackbox_dtlsserver_get($res, 33 );

Default Value

0

Remarks

The length of the public key.

This property is read-only and not available at design time.

Data Type

Integer

PinnedClientRemoteAddress Property (SecureBlackbox_DTLSServer Class)

The client's IP address.

Object Oriented Interface

public function getPinnedClientRemoteAddress();

Procedural Interface

secureblackbox_dtlsserver_get($res, 34 );

Default Value

''

Remarks

The client's IP address.

This property is read-only and not available at design time.

Data Type

String

PinnedClientRemotePort Property (SecureBlackbox_DTLSServer Class)

The remote port of the client connection.

Object Oriented Interface

public function getPinnedClientRemotePort();

Procedural Interface

secureblackbox_dtlsserver_get($res, 35 );

Default Value

0

Remarks

The remote port of the client connection.

This property is read-only and not available at design time.

Data Type

Integer

PinnedClientResumedSession Property (SecureBlackbox_DTLSServer Class)

Indicates whether a TLS-enabled connection was spawned from another TLS connection.

Object Oriented Interface

public function getPinnedClientResumedSession();

Procedural Interface

secureblackbox_dtlsserver_get($res, 36 );

Default Value

false

Remarks

Indicates whether a TLS-enabled connection was spawned from another TLS connection

This property is read-only and not available at design time.

Data Type

Boolean

PinnedClientSecureConnection Property (SecureBlackbox_DTLSServer Class)

Indicates whether TLS or SSL is enabled for this connection.

Object Oriented Interface

public function getPinnedClientSecureConnection();

Procedural Interface

secureblackbox_dtlsserver_get($res, 37 );

Default Value

false

Remarks

Indicates whether TLS or SSL is enabled for this connection.

This property is read-only and not available at design time.

Data Type

Boolean

PinnedClientServerAuthenticated Property (SecureBlackbox_DTLSServer Class)

Indicates whether server authentication was performed during a TLS-enabled connection.

Object Oriented Interface

public function getPinnedClientServerAuthenticated();

Procedural Interface

secureblackbox_dtlsserver_get($res, 38 );

Default Value

false

Remarks

Indicates whether server authentication was performed during a TLS-enabled connection.

This property is read-only and not available at design time.

Data Type

Boolean

PinnedClientSignatureAlgorithm Property (SecureBlackbox_DTLSServer Class)

The signature algorithm used in a TLS handshake.

Object Oriented Interface

public function getPinnedClientSignatureAlgorithm();

Procedural Interface

secureblackbox_dtlsserver_get($res, 39 );

Default Value

''

Remarks

The signature algorithm used in a TLS handshake.

This property is read-only and not available at design time.

Data Type

String

PinnedClientSymmetricBlockSize Property (SecureBlackbox_DTLSServer Class)

The block size of the symmetric algorithm used.

Object Oriented Interface

public function getPinnedClientSymmetricBlockSize();

Procedural Interface

secureblackbox_dtlsserver_get($res, 40 );

Default Value

0

Remarks

The block size of the symmetric algorithm used.

This property is read-only and not available at design time.

Data Type

Integer

PinnedClientSymmetricKeyBits Property (SecureBlackbox_DTLSServer Class)

The key length of the symmetric algorithm used.

Object Oriented Interface

public function getPinnedClientSymmetricKeyBits();

Procedural Interface

secureblackbox_dtlsserver_get($res, 41 );

Default Value

0

Remarks

The key length of the symmetric algorithm used.

This property is read-only and not available at design time.

Data Type

Integer

PinnedClientTotalBytesReceived Property (SecureBlackbox_DTLSServer Class)

The total number of bytes received over this connection.

Object Oriented Interface

public function getPinnedClientTotalBytesReceived();

Procedural Interface

secureblackbox_dtlsserver_get($res, 42 );

Default Value

0

Remarks

The total number of bytes received over this connection.

This property is read-only and not available at design time.

Data Type

Long64

PinnedClientTotalBytesSent Property (SecureBlackbox_DTLSServer Class)

The total number of bytes sent over this connection.

Object Oriented Interface

public function getPinnedClientTotalBytesSent();

Procedural Interface

secureblackbox_dtlsserver_get($res, 43 );

Default Value

0

Remarks

The total number of bytes sent over this connection.

This property is read-only and not available at design time.

Data Type

Long64

PinnedClientValidationLog Property (SecureBlackbox_DTLSServer Class)

Contains the server certificate's chain validation log.

Object Oriented Interface

public function getPinnedClientValidationLog();

Procedural Interface

secureblackbox_dtlsserver_get($res, 44 );

Default Value

''

Remarks

Contains the server certificate's chain validation log. This information may be very useful in investigating chain validation failures.

This property is read-only and not available at design time.

Data Type

String

PinnedClientVersion Property (SecureBlackbox_DTLSServer Class)

Indicates the version of SSL/TLS protocol negotiated during this connection.

Object Oriented Interface

public function getPinnedClientVersion();

Procedural Interface

secureblackbox_dtlsserver_get($res, 45 );

Default Value

''

Remarks

Indicates the version of SSL/TLS protocol negotiated during this connection.

This property is read-only and not available at design time.

Data Type

String

PinnedClientCertCount Property (SecureBlackbox_DTLSServer Class)

The number of records in the PinnedClientCert arrays.

Object Oriented Interface

public function getPinnedClientCertCount();

Procedural Interface

secureblackbox_dtlsserver_get($res, 46 );

Default Value

0

Remarks

This property controls the size of the following arrays:

• PinnedClientCertBytes
• PinnedClientCertCAKeyID
• PinnedClientCertFingerprint
• PinnedClientCertHandle
• PinnedClientCertIssuer
• PinnedClientCertIssuerRDN
• PinnedClientCertKeyAlgorithm
• PinnedClientCertKeyBits
• PinnedClientCertKeyFingerprint
• PinnedClientCertKeyUsage
• PinnedClientCertPublicKeyBytes
• PinnedClientCertSelfSigned
• PinnedClientCertSerialNumber
• PinnedClientCertSigAlgorithm
• PinnedClientCertSubject
• PinnedClientCertSubjectKeyID
• PinnedClientCertSubjectRDN
• PinnedClientCertValidFrom
• PinnedClientCertValidTo

The array indices start at 0 and end at PinnedClientCertCount - 1.

This property is read-only and not available at design time.

Data Type

Integer

PinnedClientCertBytes Property (SecureBlackbox_DTLSServer Class)

Returns the raw certificate data in DER format.

Object Oriented Interface

public function getPinnedClientCertBytes($pinnedclientcertindex);

Procedural Interface

secureblackbox_dtlsserver_get($res, 47 , $pinnedclientcertindex);

Remarks

Returns the raw certificate data in DER format.

The $pinnedclientcertindex parameter specifies the index of the item in the array. The size of the array is controlled by the PinnedClientCertCount property.

This property is read-only and not available at design time.

Data Type

Byte Array

PinnedClientCertCAKeyID Property (SecureBlackbox_DTLSServer Class)

A unique identifier (fingerprint) of the CA certificate's cryptographic key.

Object Oriented Interface

public function getPinnedClientCertCAKeyID($pinnedclientcertindex);

Procedural Interface

secureblackbox_dtlsserver_get($res, 49 , $pinnedclientcertindex);

Remarks

A unique identifier (fingerprint) of the CA certificate's cryptographic key.

Authority Key Identifier is a certificate extension which allows identification of certificates belonging to the same issuer, but with different public keys. It is a de-facto standard to include this extension in all certificates to facilitate chain building.

This setting cannot be set when generating a certificate as it always derives from another certificate property. CertificateManager generates this setting automatically if enough information is available to it: for self-signed certificates, this value is copied from the PinnedClientCertSubjectKeyID setting, and for lower-level certificates, from the parent certificate's subject key ID extension.

The $pinnedclientcertindex parameter specifies the index of the item in the array. The size of the array is controlled by the PinnedClientCertCount property.

This property is read-only and not available at design time.

Data Type

Byte Array

PinnedClientCertFingerprint Property (SecureBlackbox_DTLSServer Class)

Contains the fingerprint (a hash imprint) of this certificate.

Object Oriented Interface

public function getPinnedClientCertFingerprint($pinnedclientcertindex);

Procedural Interface

secureblackbox_dtlsserver_get($res, 53 , $pinnedclientcertindex);

Default Value

''

Remarks

Contains the fingerprint (a hash imprint) of this certificate.

While there is no formal standard defining what a fingerprint is, a SHA1 hash of the certificate's DER-encoded body is typically used.

The $pinnedclientcertindex parameter specifies the index of the item in the array. The size of the array is controlled by the PinnedClientCertCount property.

This property is read-only and not available at design time.

Data Type

String

PinnedClientCertHandle Property (SecureBlackbox_DTLSServer Class)

Allows to get or set a 'handle', a unique identifier of the underlying property object.

Object Oriented Interface

public function getPinnedClientCertHandle($pinnedclientcertindex);

Procedural Interface

secureblackbox_dtlsserver_get($res, 55 , $pinnedclientcertindex);

Default Value

0

Remarks

Allows to get or set a 'handle', a unique identifier of the underlying property object. Use this property to assign objects of the same type in a quicker manner, without copying them fieldwise.

When you pass a handle of one object to another, the source object is copied to the destination rather than assigned. It is safe to get rid of the original object after such operation. pdfSigner.setSigningCertHandle(certMgr.getCertHandle());

The $pinnedclientcertindex parameter specifies the index of the item in the array. The size of the array is controlled by the PinnedClientCertCount property.

This property is read-only and not available at design time.

Data Type

Long64

PinnedClientCertIssuer Property (SecureBlackbox_DTLSServer Class)

The common name of the certificate issuer (CA), typically a company name.

Object Oriented Interface

public function getPinnedClientCertIssuer($pinnedclientcertindex);

Procedural Interface

secureblackbox_dtlsserver_get($res, 57 , $pinnedclientcertindex);

Default Value

''

Remarks

The common name of the certificate issuer (CA), typically a company name. This is part of a larger set of credentials available via PinnedClientCertIssuerRDN.

The $pinnedclientcertindex parameter specifies the index of the item in the array. The size of the array is controlled by the PinnedClientCertCount property.

This property is read-only and not available at design time.

Data Type

String

PinnedClientCertIssuerRDN Property (SecureBlackbox_DTLSServer Class)

A list of Property=Value pairs that uniquely identify the certificate issuer.

Object Oriented Interface

public function getPinnedClientCertIssuerRDN($pinnedclientcertindex);

Procedural Interface

secureblackbox_dtlsserver_get($res, 58 , $pinnedclientcertindex);

Default Value

''

Remarks

A list of Property=Value pairs that uniquely identify the certificate issuer.

Example: /C=US/O=Nationwide CA/CN=Web Certification Authority

The $pinnedclientcertindex parameter specifies the index of the item in the array. The size of the array is controlled by the PinnedClientCertCount property.

This property is read-only and not available at design time.

Data Type

String

PinnedClientCertKeyAlgorithm Property (SecureBlackbox_DTLSServer Class)

Specifies the public key algorithm of this certificate.

Object Oriented Interface

public function getPinnedClientCertKeyAlgorithm($pinnedclientcertindex);

Procedural Interface

secureblackbox_dtlsserver_get($res, 59 , $pinnedclientcertindex);

Default Value

'0'

Remarks

Specifies the public key algorithm of this certificate.

Use the PinnedClientCertKeyBits, PinnedClientCertCurve, and PinnedClientCertPublicKeyBytes properties to get more details about the key the certificate contains.

The $pinnedclientcertindex parameter specifies the index of the item in the array. The size of the array is controlled by the PinnedClientCertCount property.

This property is read-only and not available at design time.

Data Type

String

PinnedClientCertKeyBits Property (SecureBlackbox_DTLSServer Class)

Returns the length of the public key in bits.

Object Oriented Interface

public function getPinnedClientCertKeyBits($pinnedclientcertindex);

Procedural Interface

secureblackbox_dtlsserver_get($res, 60 , $pinnedclientcertindex);

Default Value

0

Remarks

Returns the length of the public key in bits.

This value indicates the length of the principal cryptographic parameter of the key, such as the length of the RSA modulus or ECDSA field. The key data returned by the PinnedClientCertPublicKeyBytes or PinnedClientCertPrivateKeyBytes property would typically contain auxiliary values, and therefore be longer.

The $pinnedclientcertindex parameter specifies the index of the item in the array. The size of the array is controlled by the PinnedClientCertCount property.

This property is read-only and not available at design time.

Data Type

Integer

PinnedClientCertKeyFingerprint Property (SecureBlackbox_DTLSServer Class)

Returns a SHA1 fingerprint of the public key contained in the certificate.

Object Oriented Interface

public function getPinnedClientCertKeyFingerprint($pinnedclientcertindex);

Procedural Interface

secureblackbox_dtlsserver_get($res, 61 , $pinnedclientcertindex);

Default Value

''

Remarks

Returns a SHA1 fingerprint of the public key contained in the certificate.

Note that the key fingerprint is different from the certificate fingerprint accessible via the PinnedClientCertFingerprint property. The key fingeprint uniquely identifies the public key, and so can be the same for multiple certificates containing the same key.

The $pinnedclientcertindex parameter specifies the index of the item in the array. The size of the array is controlled by the PinnedClientCertCount property.

This property is read-only and not available at design time.

Data Type

String

PinnedClientCertKeyUsage Property (SecureBlackbox_DTLSServer Class)

Indicates the purposes of the key contained in the certificate, in the form of an OR'ed flag set.

Object Oriented Interface

public function getPinnedClientCertKeyUsage($pinnedclientcertindex);

Procedural Interface

secureblackbox_dtlsserver_get($res, 62 , $pinnedclientcertindex);

Default Value

0

Remarks

Indicates the purposes of the key contained in the certificate, in the form of an OR'ed flag set.

This value is a bit mask of the following values:

Set this property before generating the certificate to propagate the key usage flags to the new certificate.

The $pinnedclientcertindex parameter specifies the index of the item in the array. The size of the array is controlled by the PinnedClientCertCount property.

This property is read-only and not available at design time.

Data Type

Integer

PinnedClientCertPublicKeyBytes Property (SecureBlackbox_DTLSServer Class)

Contains the certificate's public key in DER format.

Object Oriented Interface

public function getPinnedClientCertPublicKeyBytes($pinnedclientcertindex);

Procedural Interface

secureblackbox_dtlsserver_get($res, 71 , $pinnedclientcertindex);

Remarks

Contains the certificate's public key in DER format.

This typically would contain an ASN.1-encoded public key value. The exact format depends on the type of the public key contained in the certificate.

The $pinnedclientcertindex parameter specifies the index of the item in the array. The size of the array is controlled by the PinnedClientCertCount property.

This property is read-only and not available at design time.

Data Type

Byte Array

PinnedClientCertSelfSigned Property (SecureBlackbox_DTLSServer Class)

Indicates whether the certificate is self-signed (root) or signed by an external CA.

Object Oriented Interface

public function getPinnedClientCertSelfSigned($pinnedclientcertindex);

Procedural Interface

secureblackbox_dtlsserver_get($res, 75 , $pinnedclientcertindex);

Default Value

false

Remarks

Indicates whether the certificate is self-signed (root) or signed by an external CA.

The $pinnedclientcertindex parameter specifies the index of the item in the array. The size of the array is controlled by the PinnedClientCertCount property.

This property is read-only and not available at design time.

Data Type

Boolean

PinnedClientCertSerialNumber Property (SecureBlackbox_DTLSServer Class)

Returns the certificate's serial number.

Object Oriented Interface

public function getPinnedClientCertSerialNumber($pinnedclientcertindex);

Procedural Interface

secureblackbox_dtlsserver_get($res, 76 , $pinnedclientcertindex);

Remarks

Returns the certificate's serial number.

The serial number is a binary string that uniquely identifies a certificate among others issued by the same CA. According to the X.509 standard, the (issuer, serial number) pair should be globally unique to facilitate chain building.

The $pinnedclientcertindex parameter specifies the index of the item in the array. The size of the array is controlled by the PinnedClientCertCount property.

This property is read-only and not available at design time.

Data Type

Byte Array

PinnedClientCertSigAlgorithm Property (SecureBlackbox_DTLSServer Class)

Indicates the algorithm that was used by the CA to sign this certificate.

Object Oriented Interface

public function getPinnedClientCertSigAlgorithm($pinnedclientcertindex);

Procedural Interface

secureblackbox_dtlsserver_get($res, 77 , $pinnedclientcertindex);

Default Value

''

Remarks

Indicates the algorithm that was used by the CA to sign this certificate.

A signature algorithm typically combines hash and public key algorithms together, such as sha256WithRSAEncryption or ecdsa-with-SHA256.

The $pinnedclientcertindex parameter specifies the index of the item in the array. The size of the array is controlled by the PinnedClientCertCount property.

This property is read-only and not available at design time.

Data Type

String

PinnedClientCertSubject Property (SecureBlackbox_DTLSServer Class)

The common name of the certificate holder, typically an individual's name, a URL, an e-mail address, or a company name.

Object Oriented Interface

public function getPinnedClientCertSubject($pinnedclientcertindex);

Procedural Interface

secureblackbox_dtlsserver_get($res, 79 , $pinnedclientcertindex);

Default Value

''

Remarks

The common name of the certificate holder, typically an individual's name, a URL, an e-mail address, or a company name. This is part of a larger set of credentials available via PinnedClientCertSubjectRDN.

The $pinnedclientcertindex parameter specifies the index of the item in the array. The size of the array is controlled by the PinnedClientCertCount property.

This property is read-only and not available at design time.

Data Type

String

PinnedClientCertSubjectKeyID Property (SecureBlackbox_DTLSServer Class)

Contains a unique identifier of the certificate's cryptographic key.

Object Oriented Interface

public function getPinnedClientCertSubjectKeyID($pinnedclientcertindex);

Procedural Interface

secureblackbox_dtlsserver_get($res, 81 , $pinnedclientcertindex);

Remarks

Contains a unique identifier of the certificate's cryptographic key.

Subject Key Identifier is a certificate extension which allows a specific public key to be associated with a certificate holder. Typically, subject key identifiers of CA certificates are recorded as respective CA key identifiers in the subordinate certificates that they issue, which facilitates chain building.

The PinnedClientCertSubjectKeyID and PinnedClientCertCAKeyID properties of self-signed certificates typically contain identical values, as in that specific case, the issuer and the subject are the same entity.

The $pinnedclientcertindex parameter specifies the index of the item in the array. The size of the array is controlled by the PinnedClientCertCount property.

This property is read-only and not available at design time.

Data Type

Byte Array

PinnedClientCertSubjectRDN Property (SecureBlackbox_DTLSServer Class)

A list of Property=Value pairs that uniquely identify the certificate holder (subject).

Object Oriented Interface

public function getPinnedClientCertSubjectRDN($pinnedclientcertindex);

Procedural Interface

secureblackbox_dtlsserver_get($res, 82 , $pinnedclientcertindex);

Default Value

''

Remarks

A list of Property=Value pairs that uniquely identify the certificate holder (subject).

Depending on the purpose of the certificate and the policies of the CA that issued it, the values included in the subject record may differ drastically and contain business or personal names, web URLs, email addresses, and other data.

Example: /C=US/O=Oranges and Apples, Inc./OU=Accounts Receivable/1.2.3.4.5=Value with unknown OID/CN=Margaret Watkins.

The $pinnedclientcertindex parameter specifies the index of the item in the array. The size of the array is controlled by the PinnedClientCertCount property.

This property is read-only and not available at design time.

Data Type

String

PinnedClientCertValidFrom Property (SecureBlackbox_DTLSServer Class)

The time point at which the certificate becomes valid, in UTC.

Object Oriented Interface

public function getPinnedClientCertValidFrom($pinnedclientcertindex);

Procedural Interface

secureblackbox_dtlsserver_get($res, 84 , $pinnedclientcertindex);

Default Value

''

Remarks

The time point at which the certificate becomes valid, in UTC.

The $pinnedclientcertindex parameter specifies the index of the item in the array. The size of the array is controlled by the PinnedClientCertCount property.

This property is read-only and not available at design time.

Data Type

String

PinnedClientCertValidTo Property (SecureBlackbox_DTLSServer Class)

The time point at which the certificate expires, in UTC.

Object Oriented Interface

public function getPinnedClientCertValidTo($pinnedclientcertindex);

Procedural Interface

secureblackbox_dtlsserver_get($res, 85 , $pinnedclientcertindex);

Default Value

''

Remarks

The time point at which the certificate expires, in UTC.

The $pinnedclientcertindex parameter specifies the index of the item in the array. The size of the array is controlled by the PinnedClientCertCount property.

This property is read-only and not available at design time.

Data Type

String

Port Property (SecureBlackbox_DTLSServer Class)

Specifies the port number to listen for connections on.

Object Oriented Interface

public function getPort();


public function setPort($value);

Procedural Interface

secureblackbox_dtlsserver_get($res, 86 );


secureblackbox_dtlsserver_set($res, 86, $value );

Default Value

80

Remarks

Use this property to specify the port number to listen to connections on. Standard port numbers are 80 for an HTTP server, and 443 for an HTTPS server.

Alternatively, you may specify the acceptable range of listening ports via PortRangeFrom and PortRangeTo properties. In this case the port will be allocated within the requested range by the operating system, and reported in BoundPort.

Data Type

Integer

PortRangeFrom Property (SecureBlackbox_DTLSServer Class)

Specifies the lower limit of the listening port range for incoming connections.

Object Oriented Interface

public function getPortRangeFrom();


public function setPortRangeFrom($value);

Procedural Interface

secureblackbox_dtlsserver_get($res, 87 );


secureblackbox_dtlsserver_set($res, 87, $value );

Default Value

0

Remarks

Use this property to specify the lower limit of the port range to listen to connections on. When a port range is used to specify the listening port (as opposed to a fixed value provided via Port), the port will be allocated within the requested range by the operating system, and reported in BoundPort.

Note that this property is ignored if the Port property is set to a non-zero value, in which case the server always aims to listen on that fixed port.

Data Type

Integer

PortRangeTo Property (SecureBlackbox_DTLSServer Class)

Specifies the upper limit of the listening port range for incoming connections.

Object Oriented Interface

public function getPortRangeTo();


public function setPortRangeTo($value);

Procedural Interface

secureblackbox_dtlsserver_get($res, 88 );


secureblackbox_dtlsserver_set($res, 88, $value );

Default Value

0

Remarks

Use this property to specify the upper limit of the port range to listen to connections on. When a port range is used to specify the listening port (as opposed to a fixed value provided via Port), the port will be allocated within the requested range by the operating system, and reported in BoundPort.

Note that this property is ignored if the Port property is set to a non-zero value, in which case the server always aims to listen on that fixed port.

Data Type

Integer

SocketIncomingSpeedLimit Property (SecureBlackbox_DTLSServer Class)

The maximum number of bytes to read from the socket, per second.

Object Oriented Interface

public function getSocketIncomingSpeedLimit();


public function setSocketIncomingSpeedLimit($value);

Procedural Interface

secureblackbox_dtlsserver_get($res, 94 );


secureblackbox_dtlsserver_set($res, 94, $value );

Default Value

0

Remarks

The maximum number of bytes to read from the socket, per second.

Data Type

Integer

SocketLocalAddress Property (SecureBlackbox_DTLSServer Class)

The local network interface to bind the socket to.

Object Oriented Interface

public function getSocketLocalAddress();


public function setSocketLocalAddress($value);

Procedural Interface

secureblackbox_dtlsserver_get($res, 95 );


secureblackbox_dtlsserver_set($res, 95, $value );

Default Value

''

Remarks

The local network interface to bind the socket to.

Data Type

String

SocketLocalPort Property (SecureBlackbox_DTLSServer Class)

The local port number to bind the socket to.

Object Oriented Interface

public function getSocketLocalPort();


public function setSocketLocalPort($value);

Procedural Interface

secureblackbox_dtlsserver_get($res, 96 );


secureblackbox_dtlsserver_set($res, 96, $value );

Default Value

0

Remarks

The local port number to bind the socket to.

Data Type

Integer

SocketOutgoingSpeedLimit Property (SecureBlackbox_DTLSServer Class)

The maximum number of bytes to write to the socket, per second.

Object Oriented Interface

public function getSocketOutgoingSpeedLimit();


public function setSocketOutgoingSpeedLimit($value);

Procedural Interface

secureblackbox_dtlsserver_get($res, 97 );


secureblackbox_dtlsserver_set($res, 97, $value );

Default Value

0

Remarks

The maximum number of bytes to write to the socket, per second.

Data Type

Integer

SocketTimeout Property (SecureBlackbox_DTLSServer Class)

The maximum period of waiting, in milliseconds, after which the socket operation is considered unsuccessful.

Object Oriented Interface

public function getSocketTimeout();


public function setSocketTimeout($value);

Procedural Interface

secureblackbox_dtlsserver_get($res, 98 );


secureblackbox_dtlsserver_set($res, 98, $value );

Default Value

60000

Remarks

The maximum period of waiting, in milliseconds, after which the socket operation is considered unsuccessful.

If Timeout is set to 0, a socket operation will expire after the system-default timeout (2 hrs 8 min for TCP stack).

Data Type

Integer

SocketUseIPv6 Property (SecureBlackbox_DTLSServer Class)

Enables or disables IP protocol version 6.

Object Oriented Interface

public function getSocketUseIPv6();


public function setSocketUseIPv6($value);

Procedural Interface

secureblackbox_dtlsserver_get($res, 99 );


secureblackbox_dtlsserver_set($res, 99, $value );

Default Value

false

Remarks

Enables or disables IP protocol version 6.

Data Type

Boolean

TLSServerCertCount Property (SecureBlackbox_DTLSServer Class)

The number of records in the TLSServerCert arrays.

Object Oriented Interface

public function getTLSServerCertCount();


public function setTLSServerCertCount($value);

Procedural Interface

secureblackbox_dtlsserver_get($res, 100 );


secureblackbox_dtlsserver_set($res, 100, $value );

Default Value

0

Remarks

This property controls the size of the following arrays:

• TLSServerCertBytes
• TLSServerCertHandle

The array indices start at 0 and end at TLSServerCertCount - 1.

This property is not available at design time.

Data Type

Integer

TLSServerCertBytes Property (SecureBlackbox_DTLSServer Class)

Returns the raw certificate data in DER format.

Object Oriented Interface

public function getTLSServerCertBytes($tlsservercertindex);

Procedural Interface

secureblackbox_dtlsserver_get($res, 101 , $tlsservercertindex);

Remarks

Returns the raw certificate data in DER format.

The $tlsservercertindex parameter specifies the index of the item in the array. The size of the array is controlled by the TLSServerCertCount property.

This property is read-only and not available at design time.

Data Type

Byte Array

TLSServerCertHandle Property (SecureBlackbox_DTLSServer Class)

Allows to get or set a 'handle', a unique identifier of the underlying property object.

Object Oriented Interface

public function getTLSServerCertHandle($tlsservercertindex);


public function setTLSServerCertHandle($tlsservercertindex, $value);

Procedural Interface

secureblackbox_dtlsserver_get($res, 109 , $tlsservercertindex);


secureblackbox_dtlsserver_set($res, 109, $value , $tlsservercertindex);

Default Value

0

Remarks

Allows to get or set a 'handle', a unique identifier of the underlying property object. Use this property to assign objects of the same type in a quicker manner, without copying them fieldwise.

When you pass a handle of one object to another, the source object is copied to the destination rather than assigned. It is safe to get rid of the original object after such operation. pdfSigner.setSigningCertHandle(certMgr.getCertHandle());

The $tlsservercertindex parameter specifies the index of the item in the array. The size of the array is controlled by the TLSServerCertCount property.

This property is not available at design time.

Data Type

Long64

TLSAutoValidateCertificates Property (SecureBlackbox_DTLSServer Class)

Specifies whether server-side TLS certificates should be validated automatically using internal validation rules.

Object Oriented Interface

public function getTLSAutoValidateCertificates();


public function setTLSAutoValidateCertificates($value);

Procedural Interface

secureblackbox_dtlsserver_get($res, 140 );


secureblackbox_dtlsserver_set($res, 140, $value );

Default Value

true

Remarks

Specifies whether server-side TLS certificates should be validated automatically using internal validation rules.

Data Type

Boolean

TLSBaseConfiguration Property (SecureBlackbox_DTLSServer Class)

Selects the base configuration for the TLS settings.

Object Oriented Interface

public function getTLSBaseConfiguration();


public function setTLSBaseConfiguration($value);

Procedural Interface

secureblackbox_dtlsserver_get($res, 141 );


secureblackbox_dtlsserver_set($res, 141, $value );

Default Value

0

Remarks

Selects the base configuration for the TLS settings. Several profiles are offered and tuned up for different purposes, such as high security or higher compatibility.

Data Type

Integer

TLSCiphersuites Property (SecureBlackbox_DTLSServer Class)

A list of ciphersuites separated with commas or semicolons.

Object Oriented Interface

public function getTLSCiphersuites();


public function setTLSCiphersuites($value);

Procedural Interface

secureblackbox_dtlsserver_get($res, 142 );


secureblackbox_dtlsserver_set($res, 142, $value );

Default Value

''

Remarks

A list of ciphersuites separated with commas or semicolons. Each ciphersuite in the list may be prefixed with a minus sign (-) to indicate that the ciphersuite should be disabled rather than enabled. Besides the specific ciphersuite modifiers, this property supports the all (and -all) aliases, allowing all ciphersuites to be blanketly enabled or disabled at once.

Note: the list of ciphersuites provided to this property alters the baseline list of ciphersuites as defined by TLSBaseConfiguration. Remember to start your ciphersuite string with -all; if you need to only enable a specific fixed set of ciphersuites. The list of supported ciphersuites is provided below:

• NULL_NULL_NULL
• RSA_NULL_MD5
• RSA_NULL_SHA
• RSA_RC4_MD5
• RSA_RC4_SHA
• RSA_RC2_MD5
• RSA_IDEA_MD5
• RSA_IDEA_SHA
• RSA_DES_MD5
• RSA_DES_SHA
• RSA_3DES_MD5
• RSA_3DES_SHA
• RSA_AES128_SHA
• RSA_AES256_SHA
• DH_DSS_DES_SHA
• DH_DSS_3DES_SHA
• DH_DSS_AES128_SHA
• DH_DSS_AES256_SHA
• DH_RSA_DES_SHA
• DH_RSA_3DES_SHA
• DH_RSA_AES128_SHA
• DH_RSA_AES256_SHA
• DHE_DSS_DES_SHA
• DHE_DSS_3DES_SHA
• DHE_DSS_AES128_SHA
• DHE_DSS_AES256_SHA
• DHE_RSA_DES_SHA
• DHE_RSA_3DES_SHA
• DHE_RSA_AES128_SHA
• DHE_RSA_AES256_SHA
• DH_ANON_RC4_MD5
• DH_ANON_DES_SHA
• DH_ANON_3DES_SHA
• DH_ANON_AES128_SHA
• DH_ANON_AES256_SHA
• RSA_RC2_MD5_EXPORT
• RSA_RC4_MD5_EXPORT
• RSA_DES_SHA_EXPORT
• DH_DSS_DES_SHA_EXPORT
• DH_RSA_DES_SHA_EXPORT
• DHE_DSS_DES_SHA_EXPORT
• DHE_RSA_DES_SHA_EXPORT
• DH_ANON_RC4_MD5_EXPORT
• DH_ANON_DES_SHA_EXPORT
• RSA_CAMELLIA128_SHA
• DH_DSS_CAMELLIA128_SHA
• DH_RSA_CAMELLIA128_SHA
• DHE_DSS_CAMELLIA128_SHA
• DHE_RSA_CAMELLIA128_SHA
• DH_ANON_CAMELLIA128_SHA
• RSA_CAMELLIA256_SHA
• DH_DSS_CAMELLIA256_SHA
• DH_RSA_CAMELLIA256_SHA
• DHE_DSS_CAMELLIA256_SHA
• DHE_RSA_CAMELLIA256_SHA
• DH_ANON_CAMELLIA256_SHA
• PSK_RC4_SHA
• PSK_3DES_SHA
• PSK_AES128_SHA
• PSK_AES256_SHA
• DHE_PSK_RC4_SHA
• DHE_PSK_3DES_SHA
• DHE_PSK_AES128_SHA
• DHE_PSK_AES256_SHA
• RSA_PSK_RC4_SHA
• RSA_PSK_3DES_SHA
• RSA_PSK_AES128_SHA
• RSA_PSK_AES256_SHA
• RSA_SEED_SHA
• DH_DSS_SEED_SHA
• DH_RSA_SEED_SHA
• DHE_DSS_SEED_SHA
• DHE_RSA_SEED_SHA
• DH_ANON_SEED_SHA
• SRP_SHA_3DES_SHA
• SRP_SHA_RSA_3DES_SHA
• SRP_SHA_DSS_3DES_SHA
• SRP_SHA_AES128_SHA
• SRP_SHA_RSA_AES128_SHA
• SRP_SHA_DSS_AES128_SHA
• SRP_SHA_AES256_SHA
• SRP_SHA_RSA_AES256_SHA
• SRP_SHA_DSS_AES256_SHA
• ECDH_ECDSA_NULL_SHA
• ECDH_ECDSA_RC4_SHA
• ECDH_ECDSA_3DES_SHA
• ECDH_ECDSA_AES128_SHA
• ECDH_ECDSA_AES256_SHA
• ECDHE_ECDSA_NULL_SHA
• ECDHE_ECDSA_RC4_SHA
• ECDHE_ECDSA_3DES_SHA
• ECDHE_ECDSA_AES128_SHA
• ECDHE_ECDSA_AES256_SHA
• ECDH_RSA_NULL_SHA
• ECDH_RSA_RC4_SHA
• ECDH_RSA_3DES_SHA
• ECDH_RSA_AES128_SHA
• ECDH_RSA_AES256_SHA
• ECDHE_RSA_NULL_SHA
• ECDHE_RSA_RC4_SHA
• ECDHE_RSA_3DES_SHA
• ECDHE_RSA_AES128_SHA
• ECDHE_RSA_AES256_SHA
• ECDH_ANON_NULL_SHA
• ECDH_ANON_RC4_SHA
• ECDH_ANON_3DES_SHA
• ECDH_ANON_AES128_SHA
• ECDH_ANON_AES256_SHA
• RSA_NULL_SHA256
• RSA_AES128_SHA256
• RSA_AES256_SHA256
• DH_DSS_AES128_SHA256
• DH_RSA_AES128_SHA256
• DHE_DSS_AES128_SHA256
• DHE_RSA_AES128_SHA256
• DH_DSS_AES256_SHA256
• DH_RSA_AES256_SHA256
• DHE_DSS_AES256_SHA256
• DHE_RSA_AES256_SHA256
• DH_ANON_AES128_SHA256
• DH_ANON_AES256_SHA256
• RSA_AES128_GCM_SHA256
• RSA_AES256_GCM_SHA384
• DHE_RSA_AES128_GCM_SHA256
• DHE_RSA_AES256_GCM_SHA384
• DH_RSA_AES128_GCM_SHA256
• DH_RSA_AES256_GCM_SHA384
• DHE_DSS_AES128_GCM_SHA256
• DHE_DSS_AES256_GCM_SHA384
• DH_DSS_AES128_GCM_SHA256
• DH_DSS_AES256_GCM_SHA384
• DH_ANON_AES128_GCM_SHA256
• DH_ANON_AES256_GCM_SHA384
• ECDHE_ECDSA_AES128_SHA256
• ECDHE_ECDSA_AES256_SHA384
• ECDH_ECDSA_AES128_SHA256
• ECDH_ECDSA_AES256_SHA384
• ECDHE_RSA_AES128_SHA256
• ECDHE_RSA_AES256_SHA384
• ECDH_RSA_AES128_SHA256
• ECDH_RSA_AES256_SHA384
• ECDHE_ECDSA_AES128_GCM_SHA256
• ECDHE_ECDSA_AES256_GCM_SHA384
• ECDH_ECDSA_AES128_GCM_SHA256
• ECDH_ECDSA_AES256_GCM_SHA384
• ECDHE_RSA_AES128_GCM_SHA256
• ECDHE_RSA_AES256_GCM_SHA384
• ECDH_RSA_AES128_GCM_SHA256
• ECDH_RSA_AES256_GCM_SHA384
• PSK_AES128_GCM_SHA256
• PSK_AES256_GCM_SHA384
• DHE_PSK_AES128_GCM_SHA256
• DHE_PSK_AES256_GCM_SHA384
• RSA_PSK_AES128_GCM_SHA256
• RSA_PSK_AES256_GCM_SHA384
• PSK_AES128_SHA256
• PSK_AES256_SHA384
• PSK_NULL_SHA256
• PSK_NULL_SHA384
• DHE_PSK_AES128_SHA256
• DHE_PSK_AES256_SHA384
• DHE_PSK_NULL_SHA256
• DHE_PSK_NULL_SHA384
• RSA_PSK_AES128_SHA256
• RSA_PSK_AES256_SHA384
• RSA_PSK_NULL_SHA256
• RSA_PSK_NULL_SHA384
• RSA_CAMELLIA128_SHA256
• DH_DSS_CAMELLIA128_SHA256
• DH_RSA_CAMELLIA128_SHA256
• DHE_DSS_CAMELLIA128_SHA256
• DHE_RSA_CAMELLIA128_SHA256
• DH_ANON_CAMELLIA128_SHA256
• RSA_CAMELLIA256_SHA256
• DH_DSS_CAMELLIA256_SHA256
• DH_RSA_CAMELLIA256_SHA256
• DHE_DSS_CAMELLIA256_SHA256
• DHE_RSA_CAMELLIA256_SHA256
• DH_ANON_CAMELLIA256_SHA256
• ECDHE_ECDSA_CAMELLIA128_SHA256
• ECDHE_ECDSA_CAMELLIA256_SHA384
• ECDH_ECDSA_CAMELLIA128_SHA256
• ECDH_ECDSA_CAMELLIA256_SHA384
• ECDHE_RSA_CAMELLIA128_SHA256
• ECDHE_RSA_CAMELLIA256_SHA384
• ECDH_RSA_CAMELLIA128_SHA256
• ECDH_RSA_CAMELLIA256_SHA384
• RSA_CAMELLIA128_GCM_SHA256
• RSA_CAMELLIA256_GCM_SHA384
• DHE_RSA_CAMELLIA128_GCM_SHA256
• DHE_RSA_CAMELLIA256_GCM_SHA384
• DH_RSA_CAMELLIA128_GCM_SHA256
• DH_RSA_CAMELLIA256_GCM_SHA384
• DHE_DSS_CAMELLIA128_GCM_SHA256
• DHE_DSS_CAMELLIA256_GCM_SHA384
• DH_DSS_CAMELLIA128_GCM_SHA256
• DH_DSS_CAMELLIA256_GCM_SHA384
• DH_anon_CAMELLIA128_GCM_SHA256
• DH_anon_CAMELLIA256_GCM_SHA384
• ECDHE_ECDSA_CAMELLIA128_GCM_SHA256
• ECDHE_ECDSA_CAMELLIA256_GCM_SHA384
• ECDH_ECDSA_CAMELLIA128_GCM_SHA256
• ECDH_ECDSA_CAMELLIA256_GCM_SHA384
• ECDHE_RSA_CAMELLIA128_GCM_SHA256
• ECDHE_RSA_CAMELLIA256_GCM_SHA384
• ECDH_RSA_CAMELLIA128_GCM_SHA256
• ECDH_RSA_CAMELLIA256_GCM_SHA384
• PSK_CAMELLIA128_GCM_SHA256
• PSK_CAMELLIA256_GCM_SHA384
• DHE_PSK_CAMELLIA128_GCM_SHA256
• DHE_PSK_CAMELLIA256_GCM_SHA384
• RSA_PSK_CAMELLIA128_GCM_SHA256
• RSA_PSK_CAMELLIA256_GCM_SHA384
• PSK_CAMELLIA128_SHA256
• PSK_CAMELLIA256_SHA384
• DHE_PSK_CAMELLIA128_SHA256
• DHE_PSK_CAMELLIA256_SHA384
• RSA_PSK_CAMELLIA128_SHA256
• RSA_PSK_CAMELLIA256_SHA384
• ECDHE_PSK_CAMELLIA128_SHA256
• ECDHE_PSK_CAMELLIA256_SHA384
• ECDHE_PSK_RC4_SHA
• ECDHE_PSK_3DES_SHA
• ECDHE_PSK_AES128_SHA
• ECDHE_PSK_AES256_SHA
• ECDHE_PSK_AES128_SHA256
• ECDHE_PSK_AES256_SHA384
• ECDHE_PSK_NULL_SHA
• ECDHE_PSK_NULL_SHA256
• ECDHE_PSK_NULL_SHA384
• ECDHE_RSA_CHACHA20_POLY1305_SHA256
• ECDHE_ECDSA_CHACHA20_POLY1305_SHA256
• DHE_RSA_CHACHA20_POLY1305_SHA256
• PSK_CHACHA20_POLY1305_SHA256
• ECDHE_PSK_CHACHA20_POLY1305_SHA256
• DHE_PSK_CHACHA20_POLY1305_SHA256
• RSA_PSK_CHACHA20_POLY1305_SHA256
• AES128_GCM_SHA256
• AES256_GCM_SHA384
• CHACHA20_POLY1305_SHA256
• AES128_CCM_SHA256
• AES128_CCM8_SHA256

Data Type

String

TLSClientAuth Property (SecureBlackbox_DTLSServer Class)

Enables or disables certificate-based client authentication.

Object Oriented Interface

public function getTLSClientAuth();


public function setTLSClientAuth($value);

Procedural Interface

secureblackbox_dtlsserver_get($res, 143 );


secureblackbox_dtlsserver_set($res, 143, $value );

Default Value

0

Remarks

Enables or disables certificate-based client authentication.

Set this property to true to tune up the client authentication type:

Data Type

Integer

TLSECCurves Property (SecureBlackbox_DTLSServer Class)

Defines the elliptic curves to enable.

Object Oriented Interface

public function getTLSECCurves();


public function setTLSECCurves($value);

Procedural Interface

secureblackbox_dtlsserver_get($res, 144 );


secureblackbox_dtlsserver_set($res, 144, $value );

Default Value

''

Remarks

Defines the elliptic curves to enable.

Data Type

String

TLSExtensions Property (SecureBlackbox_DTLSServer Class)

Provides access to TLS extensions.

Object Oriented Interface

public function getTLSExtensions();


public function setTLSExtensions($value);

Procedural Interface

secureblackbox_dtlsserver_get($res, 145 );


secureblackbox_dtlsserver_set($res, 145, $value );

Default Value

''

Remarks

Provides access to TLS extensions.

Data Type

String

TLSForceResumeIfDestinationChanges Property (SecureBlackbox_DTLSServer Class)

Whether to force TLS session resumption when the destination address changes.

Object Oriented Interface

public function getTLSForceResumeIfDestinationChanges();


public function setTLSForceResumeIfDestinationChanges($value);

Procedural Interface

secureblackbox_dtlsserver_get($res, 146 );


secureblackbox_dtlsserver_set($res, 146, $value );

Default Value

false

Remarks

Whether to force TLS session resumption when the destination address changes.

Data Type

Boolean

TLSPreSharedIdentity Property (SecureBlackbox_DTLSServer Class)

Defines the identity used when the PSK (Pre-Shared Key) key-exchange mechanism is negotiated.

Object Oriented Interface

public function getTLSPreSharedIdentity();


public function setTLSPreSharedIdentity($value);

Procedural Interface

secureblackbox_dtlsserver_get($res, 147 );


secureblackbox_dtlsserver_set($res, 147, $value );

Default Value

''

Remarks

Defines the identity used when the PSK (Pre-Shared Key) key-exchange mechanism is negotiated.

This property is not available at design time.

Data Type

String

TLSPreSharedKey Property (SecureBlackbox_DTLSServer Class)

Contains the pre-shared key for the PSK (Pre-Shared Key) key-exchange mechanism, encoded with base16.

Object Oriented Interface

public function getTLSPreSharedKey();


public function setTLSPreSharedKey($value);

Procedural Interface

secureblackbox_dtlsserver_get($res, 148 );


secureblackbox_dtlsserver_set($res, 148, $value );

Default Value

''

Remarks

Contains the pre-shared key for the PSK (Pre-Shared Key) key-exchange mechanism, encoded with base16.

This property is not available at design time.

Data Type

String

TLSPreSharedKeyCiphersuite Property (SecureBlackbox_DTLSServer Class)

Defines the ciphersuite used for PSK (Pre-Shared Key) negotiation.

Object Oriented Interface

public function getTLSPreSharedKeyCiphersuite();


public function setTLSPreSharedKeyCiphersuite($value);

Procedural Interface

secureblackbox_dtlsserver_get($res, 149 );


secureblackbox_dtlsserver_set($res, 149, $value );

Default Value

''

Remarks

Defines the ciphersuite used for PSK (Pre-Shared Key) negotiation.

Data Type

String

TLSRenegotiationAttackPreventionMode Property (SecureBlackbox_DTLSServer Class)

Selects the renegotiation attack prevention mechanism.

Object Oriented Interface

public function getTLSRenegotiationAttackPreventionMode();


public function setTLSRenegotiationAttackPreventionMode($value);

Procedural Interface

secureblackbox_dtlsserver_get($res, 150 );


secureblackbox_dtlsserver_set($res, 150, $value );

Default Value

2

Remarks

Selects the renegotiation attack prevention mechanism.

The following options are available:

Data Type

Integer

TLSRevocationCheck Property (SecureBlackbox_DTLSServer Class)

Specifies the kind(s) of revocation check to perform.

Object Oriented Interface

public function getTLSRevocationCheck();


public function setTLSRevocationCheck($value);

Procedural Interface

secureblackbox_dtlsserver_get($res, 151 );


secureblackbox_dtlsserver_set($res, 151, $value );

Default Value

1

Remarks

Specifies the kind(s) of revocation check to perform.

Revocation checking is necessary to ensure the integrity of the chain and obtain up-to-date certificate validity and trustworthiness information.

This setting controls the way the revocation checks are performed for every certificate in the chain. Typically certificates come with two types of revocation information sources: CRL (certificate revocation lists) and OCSP responders. CRLs are static objects periodically published by the CA at some online location. OCSP responders are active online services maintained by the CA that can provide up-to-date information on certificate statuses in near real time.

There are some conceptual differences between the two. CRLs are normally larger in size. Their use involves some latency because there is normally some delay between the time when a certificate was revoked and the time the subsequent CRL mentioning that is published. The benefits of CRL is that the same object can provide statuses for all certificates issued by a particular CA, and that the whole technology is much simpler than OCSP (and thus is supported by more CAs).

This setting lets you adjust the validation course by including or excluding certain types of revocation sources from the validation process. The crcAnyOCSPOrCRL setting (give preference to the faster OCSP route and only demand one source to succeed) is a good choice for most typical validation environments. The "crcAll*" modes are much stricter, and may be used in scenarios where bulletproof validity information is essential.

Note: If no CRL or OCSP endpoints are provided by the CA, the revocation check will be considered successful. This is because the CA chose not to supply revocation information for its certificates, meaning they are considered irrevocable.

Note: Within each of the above settings, if any retrieved CRL or OCSP response indicates that the certificate has been revoked, the revocation check fails.

This property is not available at design time.

Data Type

Integer

TLSSSLOptions Property (SecureBlackbox_DTLSServer Class)

Various SSL (TLS) protocol options, set of cssloExpectShutdownMessage 0x001 Wait for the close-notify message when shutting down the connection cssloOpenSSLDTLSWorkaround 0x002 (DEPRECATED) Use a DTLS version workaround when talking to very old OpenSSL versions cssloDisableKexLengthAlignment 0x004 Do not align the client-side PMS by the RSA modulus size.

Object Oriented Interface

public function getTLSSSLOptions();


public function setTLSSSLOptions($value);

Procedural Interface

secureblackbox_dtlsserver_get($res, 152 );


secureblackbox_dtlsserver_set($res, 152, $value );

Default Value

16

Remarks

Various SSL (TLS) protocol options, set of

Data Type

Integer

TLSTLSMode Property (SecureBlackbox_DTLSServer Class)

Specifies the TLS mode to use.

Object Oriented Interface

public function getTLSTLSMode();


public function setTLSTLSMode($value);

Procedural Interface

secureblackbox_dtlsserver_get($res, 153 );


secureblackbox_dtlsserver_set($res, 153, $value );

Default Value

0

Remarks

Specifies the TLS mode to use.

Data Type

Integer

TLSUseExtendedMasterSecret Property (SecureBlackbox_DTLSServer Class)

Enables the Extended Master Secret Extension, as defined in RFC 7627.

Object Oriented Interface

public function getTLSUseExtendedMasterSecret();


public function setTLSUseExtendedMasterSecret($value);

Procedural Interface

secureblackbox_dtlsserver_get($res, 154 );


secureblackbox_dtlsserver_set($res, 154, $value );

Default Value

false

Remarks

Enables the Extended Master Secret Extension, as defined in RFC 7627.

Data Type

Boolean

TLSUseSessionResumption Property (SecureBlackbox_DTLSServer Class)

Enables or disables the TLS session resumption capability.

Object Oriented Interface

public function getTLSUseSessionResumption();


public function setTLSUseSessionResumption($value);

Procedural Interface

secureblackbox_dtlsserver_get($res, 155 );


secureblackbox_dtlsserver_set($res, 155, $value );

Default Value

false

Remarks

Enables or disables the TLS session resumption capability.

Data Type

Boolean

TLSVersions Property (SecureBlackbox_DTLSServer Class)

The SSL/TLS versions to enable by default.

Object Oriented Interface

public function getTLSVersions();


public function setTLSVersions($value);

Procedural Interface

secureblackbox_dtlsserver_get($res, 156 );


secureblackbox_dtlsserver_set($res, 156, $value );

Default Value

16

Remarks

The SSL/TLS versions to enable by default.

Data Type

Integer

WebsiteName Property (SecureBlackbox_DTLSServer Class)

Specifies the web site name to use in the certificate.

Object Oriented Interface

public function getWebsiteName();


public function setWebsiteName($value);

Procedural Interface

secureblackbox_dtlsserver_get($res, 157 );


secureblackbox_dtlsserver_set($res, 157, $value );

Default Value

'secureblackbox'

Remarks

If using an internally-generated certificate, use this property to specify the web site name to be included as a common name. A typical common name consists of the host name, such as '192.168.10.10' or 'domain.com'.

Data Type

String

BroadcastData Method (SecureBlackbox_DTLSServer Class)

Broadcasts data to all connections.

Object Oriented Interface

public function doBroadcastData($connectionid, $data);

Procedural Interface

secureblackbox_dtlsserver_do_broadcastdata($res, $connectionid, $data);

Remarks

Call this method to send Data to all active client connections except for ConnectionID. Set ConnectionID to -1 to broadcast to all connections.

BroadcastText Method (SecureBlackbox_DTLSServer Class)

Broadcasts a text string to all connections.

Object Oriented Interface

public function doBroadcastText($connectionid, $text);

Procedural Interface

secureblackbox_dtlsserver_do_broadcasttext($res, $connectionid, $text);

Remarks

Call this method to send Text to all active client connections except for ConnectionID. Set ConnectionID to -1 to broadcast to all connections without exceptions.

Cleanup Method (SecureBlackbox_DTLSServer Class)

Cleans up the server environment by purging expired sessions and cleaning caches.

Object Oriented Interface

public function doCleanup();

Procedural Interface

secureblackbox_dtlsserver_do_cleanup($res);

Remarks

Call this method while the server is active to clean up the environment allocated for the server by releasing unused resources and cleaning caches.

Config Method (SecureBlackbox_DTLSServer Class)

Sets or retrieves a configuration setting.

Object Oriented Interface

public function doConfig($configurationstring);

Procedural Interface

secureblackbox_dtlsserver_do_config($res, $configurationstring);

Remarks

Config is a generic method available in every class. It is used to set and retrieve configuration settings for the class.

These settings are similar in functionality to properties, but they are rarely used. In order to avoid "polluting" the property namespace of the class, access to these internal properties is provided through the Config method.

To set a configuration setting named PROPERTY, you must call Config("PROPERTY=VALUE"), where VALUE is the value of the setting expressed as a string. For boolean values, use the strings "True", "False", "0", "1", "Yes", or "No" (case does not matter).

To read (query) the value of a configuration setting, you must call Config("PROPERTY"). The value will be returned as a string.

DoAction Method (SecureBlackbox_DTLSServer Class)

Performs an additional action.

Object Oriented Interface

public function doDoAction($actionid, $actionparams);

Procedural Interface

secureblackbox_dtlsserver_do_doaction($res, $actionid, $actionparams);

Remarks

DoAction is a generic method available in every class. It is used to perform an additional action introduced after the product major release. The list of actions is not fixed, and may be flexibly extended over time.

The unique identifier (case insensitive) of the action is provided in the ActionID parameter.

ActionParams contains the value of a single parameter, or a list of multiple parameters for the action in the form of PARAM1=VALUE1;PARAM2=VALUE2;....

DropClient Method (SecureBlackbox_DTLSServer Class)

Terminates a client connection.

Object Oriented Interface

public function doDropClient($connectionid, $forced);

Procedural Interface

secureblackbox_dtlsserver_do_dropclient($res, $connectionid, $forced);

Remarks

Call this method to shut down a connected client. Forced indicates whether the connection should be closed in a graceful manner.

ExportKeyMaterial Method (SecureBlackbox_DTLSServer Class)

Derives key material from the session's master key using the TLS exporters scheme.

Object Oriented Interface

public function doExportKeyMaterial($connectionid, $lbl, $context, $len);

Procedural Interface

secureblackbox_dtlsserver_do_exportkeymaterial($res, $connectionid, $lbl, $context, $len);

Remarks

Some protocols - for example, SRTP - use the TLS exporters scheme to derive their own session keys from the TLS master key. This method lets you employ exporters to obtain such keys, or to generate secure keys for your own needs from an active TLS session.

The exported keys depend on the master key, and are different for every TLS session. However, a client and server sharing a session will always end up with the same key material, as long as they use the same values of Lbl, Context, and Len.

Use the ConnectionID parameter to specify the session that you would like to derive key material from.

ListClients Method (SecureBlackbox_DTLSServer Class)

Enumerates the connected clients.

Object Oriented Interface

public function doListClients();

Procedural Interface

secureblackbox_dtlsserver_do_listclients($res);

Remarks

This method enumerates the connected clients. It returns a list of strings, with each string being of 'ConnectionID|Address|Port' format, and representing a single connection.

PinClient Method (SecureBlackbox_DTLSServer Class)

Takes a snapshot of the connection's properties.

Object Oriented Interface

public function doPinClient($connectionid);

Procedural Interface

secureblackbox_dtlsserver_do_pinclient($res, $connectionid);

Remarks

Use this method to take a snapshot of a connected client. The captured properties are populated in PinnedClient and PinnedClientChain properties.

ProcessPlainData Method (SecureBlackbox_DTLSServer Class)

Process a plain data buffer to a connection client.

Object Oriented Interface

public function doProcessPlainData($connectionid, $buffer);

Procedural Interface

secureblackbox_dtlsserver_do_processplaindata($res, $connectionid, $buffer);

Remarks

Use this method to process a plain data buffer to a connected client. Use ConnectionID to specify the client.

Reset Method (SecureBlackbox_DTLSServer Class)

Resets the class settings.

Object Oriented Interface

public function doReset();

Procedural Interface

secureblackbox_dtlsserver_do_reset($res);

Remarks

Reset is a generic method available in every class.

SendData Method (SecureBlackbox_DTLSServer Class)

Sends a data buffer to a connection client.

Object Oriented Interface

public function doSendData($connectionid, $buffer);

Procedural Interface

secureblackbox_dtlsserver_do_senddata($res, $connectionid, $buffer);

Remarks

Use this method to send a data buffer to a connected client. Use ConnectionID to specify the client.

SendKeepAlive Method (SecureBlackbox_DTLSServer Class)

Sends a keep-alive packet.

Object Oriented Interface

public function doSendKeepAlive($connectionid);

Procedural Interface

secureblackbox_dtlsserver_do_sendkeepalive($res, $connectionid);

Remarks

Use this method to send a keep-alive packet to a client. Keep alive is an empty packet; keep-alive signals sent occasionally can be used to keep connection up.

SendPlainData Method (SecureBlackbox_DTLSServer Class)

Sends a data buffer to a connection client.

Object Oriented Interface

public function doSendPlainData($connectionid, $buffer);

Procedural Interface

secureblackbox_dtlsserver_do_sendplaindata($res, $connectionid, $buffer);

Remarks

Use this method to send a data buffer to a connected client. Use ConnectionID to specify the client.

SendText Method (SecureBlackbox_DTLSServer Class)

Sends a text string to a client.

Object Oriented Interface

public function doSendText($connectionid, $text);

Procedural Interface

secureblackbox_dtlsserver_do_sendtext($res, $connectionid, $text);

Remarks

Use this method to send a text string to a connected client.

Start Method (SecureBlackbox_DTLSServer Class)

Starts the DTLS server.

Object Oriented Interface

public function doStart();

Procedural Interface

secureblackbox_dtlsserver_do_start($res);

Remarks

Use this method to start listening for incoming data.

Stop Method (SecureBlackbox_DTLSServer Class)

Stops the DTLS server.

Object Oriented Interface

public function doStop();

Procedural Interface

secureblackbox_dtlsserver_do_stop($res);

Remarks

Call this method to stop listening for incoming data.

Accept Event (SecureBlackbox_DTLSServer Class)

Reports an incoming connection.

Object Oriented Interface

public function fireAccept($param);

Procedural Interface

secureblackbox_dtlsserver_register_callback($res, 1, array($this, 'fireAccept'));

Parameter List

 'remoteaddress'
 'remoteport'
 'accept'

Remarks

This event is fired when a new connection from RemoteAddress:RemotePort is ready to be accepted. Use the Accept parameter to accept or decline it.

Subscribe to Connect event to be notified of every connection that has been set up.

Connect Event (SecureBlackbox_DTLSServer Class)

Reports a new 'connection'.

Object Oriented Interface

public function fireConnect($param);

Procedural Interface

secureblackbox_dtlsserver_register_callback($res, 2, array($this, 'fireConnect'));

Parameter List

 'connectionid'
 'remoteaddress'
 'remoteport'

Remarks

The class fires this event to report that a datagram from a new source has been received. When using DTLS, this may typically be thought of as a request for a new datagram-driven secure channel.

ConnectionId indicates the unique ID assigned to this connection. The same ID will be supplied to any other events related to this connection, such as TLSHandshake or Data.

Data Event (SecureBlackbox_DTLSServer Class)

Supplies a data chunk received from a client.

Object Oriented Interface

public function fireData($param);

Procedural Interface

secureblackbox_dtlsserver_register_callback($res, 3, array($this, 'fireData'));

Parameter List

 'connectionid'
 'buffer'

Remarks

This event is fired to supply another piece of data received from a client. This event may fire multiple times.

Disconnect Event (SecureBlackbox_DTLSServer Class)

Fires to report a disconnected client.

Object Oriented Interface

public function fireDisconnect($param);

Procedural Interface

secureblackbox_dtlsserver_register_callback($res, 4, array($this, 'fireDisconnect'));

Parameter List

 'connectionid'

Remarks

The class fires this event when a virtual secure channel is closed.

Error Event (SecureBlackbox_DTLSServer Class)

Information about errors during data delivery.

Object Oriented Interface

public function fireError($param);

Procedural Interface

secureblackbox_dtlsserver_register_callback($res, 5, array($this, 'fireError'));

Parameter List

 'connectionid'
 'errorcode'
 'fatal'
 'remote'
 'description'

Remarks

The event is fired in case of exceptional conditions during message processing.

ErrorCode contains an error code and Description contains a textual description of the error. For a list of valid error codes and their descriptions, please refer to the HTTPS section.

ExternalSign Event (SecureBlackbox_DTLSServer Class)

Handles remote or external signing initiated by the server protocol.

Object Oriented Interface

public function fireExternalSign($param);

Procedural Interface

secureblackbox_dtlsserver_register_callback($res, 6, array($this, 'fireExternalSign'));

Parameter List

 'connectionid'
 'operationid'
 'hashalgorithm'
 'pars'
 'data'
 'signeddata'

Remarks

Assign a handler to this event if you need to delegate a low-level signing operation to an external, remote, or custom signing engine. Depending on the settings, the handler will receive a hashed or unhashed value to be signed.

The event handler must pass the value of Data to the signer, obtain the signature, and pass it back to the class via the SignedData parameter.

OperationId provides a comment about the operation and its origin. It depends on the exact class being used, and may be empty. HashAlgorithm specifies the hash algorithm being used for the operation, and Pars contains algorithm-dependent parameters.

The class uses base16 (hex) encoding for the Data, SignedData, and Pars parameters. If your signing engine uses a different input and output encoding, you may need to decode and/or encode the data before and/or after the signing.

A sample MD5 hash encoded in base16: a0dee2a0382afbb09120ffa7ccd8a152 - lower case base16 A0DEE2A0382AFBB09120FFA7CCD8A152 - upper case base16

A sample event handler that uses the .NET RSACryptoServiceProvider class may look like the following: signer.OnExternalSign += (s, e) => { var cert = new X509Certificate2("cert.pfx", "", X509KeyStorageFlags.Exportable); var key = (RSACryptoServiceProvider)cert.PrivateKey; var dataToSign = e.Data.FromBase16String(); var signedData = key.SignHash(dataToSign, "2.16.840.1.101.3.4.2.1"); e.SignedData = signedData.ToBase16String(); };

Notification Event (SecureBlackbox_DTLSServer Class)

This event notifies the application about an underlying control flow event.

Object Oriented Interface

public function fireNotification($param);

Procedural Interface

secureblackbox_dtlsserver_register_callback($res, 7, array($this, 'fireNotification'));

Parameter List

 'eventid'
 'eventparam'

Remarks

The class fires this event to let the application know about some event, occurrence, or milestone in the class. For example, it may fire to report completion of the document processing. The list of events being reported is not fixed, and may be flexibly extended over time.

The unique identifier of the event is provided in the EventID parameter. EventParam contains any parameters accompanying the occurrence. Depending on the type of the class, the exact action it is performing, or the document being processed, one or both may be omitted.

This class can fire this event with the following EventID values:

PlainData Event (SecureBlackbox_DTLSServer Class)

Supplies a plain data chunk received from a client.

Object Oriented Interface

public function firePlainData($param);

Procedural Interface

secureblackbox_dtlsserver_register_callback($res, 8, array($this, 'firePlainData'));

Parameter List

 'connectionid'
 'buffer'

Remarks

This event is fired to supply another piece of plain data received from a client. This event may fire multiple times.

TLSCertValidate Event (SecureBlackbox_DTLSServer Class)

Fires when a client certificate needs to be validated.

Object Oriented Interface

public function fireTLSCertValidate($param);

Procedural Interface

secureblackbox_dtlsserver_register_callback($res, 9, array($this, 'fireTLSCertValidate'));

Parameter List

 'connectionid'
 'accept'

Remarks

The class fires this event to notify the application of an authenticating client. Use the event handler to validate the certificate and pass your decision back to the server component via the Accept parameter.

TLSEstablished Event (SecureBlackbox_DTLSServer Class)

Reports the setup of a TLS session.

Object Oriented Interface

public function fireTLSEstablished($param);

Procedural Interface

secureblackbox_dtlsserver_register_callback($res, 10, array($this, 'fireTLSEstablished'));

Parameter List

 'connectionid'

Remarks

Subscribe to this event to be notified about the setup of a TLS connection by a connected client.

TLSHandshake Event (SecureBlackbox_DTLSServer Class)

Fires when a newly established client connection initiates a TLS handshake.

Object Oriented Interface

public function fireTLSHandshake($param);

Procedural Interface

secureblackbox_dtlsserver_register_callback($res, 11, array($this, 'fireTLSHandshake'));

Parameter List

 'connectionid'
 'servername'
 'abort'

Remarks

Use this event to get notified about the initiation of the TLS handshake by the remote client. The ServerName parameter specifies the requested host from the client hello message.

TLSPSK Event (SecureBlackbox_DTLSServer Class)

Requests a pre-shared key for TLS-PSK.

Object Oriented Interface

public function fireTLSPSK($param);

Procedural Interface

secureblackbox_dtlsserver_register_callback($res, 12, array($this, 'fireTLSPSK'));

Parameter List

 'connectionid'
 'identity'
 'psk'
 'ciphersuite'

Remarks

The class fires this event to report that a client has requested a TLS-PSK negotiation. ConnectionId indicates the unique connection ID that requested the PSK handshake.

Use Identity to look up for the corresponding pre-shared key in the server's database, then assign the key to the PSK parameter. If TLS 1.3 PSK is used, you will also need to assign the Ciphersuite parameter with the cipher suite associated with that identity and their key.

TLSShutdown Event (SecureBlackbox_DTLSServer Class)

Reports closure of a TLS session.

Object Oriented Interface

public function fireTLSShutdown($param);

Procedural Interface

secureblackbox_dtlsserver_register_callback($res, 13, array($this, 'fireTLSShutdown'));

Parameter List

 'connectionid'

Remarks

The class fires this event when a connected client closes their TLS session gracefully. This event is typically followed by a Disconnect, which marks the closure of the underlying TCP session.

Config Settings (DTLSServer Class)

The class accepts one or more of the following configuration settings. Configuration settings are similar in functionality to properties, but they are rarely used. In order to avoid "polluting" the property namespace of the class, access to these internal properties is provided through the Config method.

DTLSServer Config Settings

Base Config Settings

Trappable Errors (DTLSServer Class)

DTLSServer Errors