Java Reference
In-Depth Information
• TLS_ECDH_anon_WITH_AES_128_CBC_SHA
• TLS_ECDH_anon_WITH_NULL_SHA
• TLS_ECDH_anon_WITH_RC4_128_SHA
These are not enabled by default because they're vulnerable to a man-in-the-middle
attack, but at least they allow you to write simple programs without paying money.
Configuring SSLServerSockets
Once you've successfully created and initialized an
SSLServerSocket
, there are a lot of
applications you can write using nothing more than the methods inherited from
java.net.ServerSocket
. However, there are times when you need to adjust its behavior
a little. Like
SSLSocket
,
SSLServerSocket
provides methods to choose cipher suites,
manage sessions, and establish whether clients are required to authenticate themselves.
Most of these methods are similar to the methods of the same name in
SSLSocket
. The
difference is that they work on the server side and set the defaults for sockets accepted
by an
SSLServerSocket
. In some cases, once an
SSLSocket
has been accepted, you can
still use the methods of
SSLSocket
to configure that one socket rather than all sockets
accepted by this
SSLServerSocket
.
Choosing the Cipher Suites
The
SSLServerSocket
class has the same three methods for determining which cipher
suites are supported and enabled as
SSLSocket
does:
public
abstract
String
[]
getSupportedCipherSuites
()
public
abstract
String
[]
getEnabledCipherSuites
()
public
abstract
void
setEnabledCipherSuites
(
String
[]
suites
)
These use the same suite names as the similarly named methods in
SSLSocket
. The
difference is that these methods apply to all sockets accepted by the
SSLServerSocket
rather than to just one
SSLSocket
. For example, the following code fragment has the
effect of enabling anonymous, unauthenticated connections on the
SSLServerSocket
server
. It relies on the names of these suites containing the string
anon
. This is true for
Oracle's reference implementations, though there's no guarantee that other implement‐
ers will follow this convention:
String
[]
supported
=
server
.
getSupportedCipherSuites
();
String
[]
anonCipherSuitesSupported
=
new
String
[
supported
.
length
];
int
numAnonCipherSuitesSupported
=
0
;
for
(
int
i
=
0
;
i
<
supported
.
length
;
i
++)
{
if
(
supported
[
i
].
indexOf
(
"_anon_"
)
>
0
)
{
anonCipherSuitesSupported
[
numAnonCipherSuitesSupported
++]
=
supported
[
i
];
}