Java Reference
In-Depth Information
When I didn't enable the supported cipher suites, I got an exception
that looked like the following:
javax.net.ssl.SSLException: No available certificate corresponds
to the SSL cipher suites which are enabled.
at
com.sun.net.ssl.internal.ssl.SSLServerSocketImpl.a(DashoA6275)
at
com.sun.net.ssl.internal.ssl.SSLServerSocketImpl.accept(DashoA6275)
at SSLServerDemo.main(SSLServerDemo.java:35)
■■
If you get this exception, try enabling at least one supported cipher
suite. In a real-world environment, you probably will not enable all
cipher suites as I did in the SSLServerDemo program, but instead you
will only enable those that are being used by the security mechanisms
of your platform.
■■
The program displays the supported protocols of this JSSE implementa-
tion, which are SSL version 3 and version 2Hello, and also TLS version 1.
■■
The program hangs because the server socket is waiting for a client con-
nection, which I will show you how to create next.
■■
Secure Client Socket
A client that wants to connect to an SSLServerSocket must use an SSLSocket
object, which is accomplished by performing the following steps:
1.
The client starts with an SSLSocketFactory object, which is not instanti-
ated using the new keyword, but instead is obtained by using the fol-
lowing static method found in the SSLSocketFactory class:
public static SocketFactory getDefault()
2.
Use the socket factory to create an SSLSocket object, which listens on a
specified port for client requests.
After a secure connection is made, the client and server have an SSLSocket
object to handle communication. The SSLSocket class extends java.net.Socket, so
the client and server can invoke the methods discussed earlier from the Socket
class, such as getOutputStream() and getInputStream(). There are also methods
in SSLSocket unique to secure socket connections, including the following:
public void startHandshake() throws IOException.
Starts an SSL hand-
shake for this connection, which establishes the security and protection
of the connection. Handshaking is successful only if both the client and
server have a common cipher suite. A handshake is started automati-
cally when an attempt is made to read or write from the socket, but you
can start the handshake explicitly with this method.
