Java Reference
In-Depth Information
• TLS_ECDH_anon_WITH_AES_128_CBC_SHA
• TLS_ECDH_anon_WITH_NULL_SHA
• TLS_ECDH_anon_WITH_RC4_128_SHA
These are not enabled by default because they're vulnerable to a man-in-the-middle
attack, but at least they allow you to write simple programs without paying money.
Configuring SSLServerSockets
Once you've successfully created and initialized an SSLServerSocket , there are a lot of
applications you can write using nothing more than the methods inherited from
java.net.ServerSocket . However, there are times when you need to adjust its behavior
a little. Like SSLSocket , SSLServerSocket provides methods to choose cipher suites,
manage sessions, and establish whether clients are required to authenticate themselves.
Most of these methods are similar to the methods of the same name in SSLSocket . The
difference is that they work on the server side and set the defaults for sockets accepted
by an SSLServerSocket . In some cases, once an SSLSocket has been accepted, you can
still use the methods of SSLSocket to configure that one socket rather than all sockets
accepted by this SSLServerSocket .
Choosing the Cipher Suites
The SSLServerSocket class has the same three methods for determining which cipher
suites are supported and enabled as SSLSocket does:
public abstract String [] getSupportedCipherSuites ()
public abstract String [] getEnabledCipherSuites ()
public abstract void setEnabledCipherSuites ( String [] suites )
These use the same suite names as the similarly named methods in SSLSocket . The
difference is that these methods apply to all sockets accepted by the SSLServerSocket
rather than to just one SSLSocket . For example, the following code fragment has the
effect of enabling anonymous, unauthenticated connections on the SSLServerSocket
server . It relies on the names of these suites containing the string anon . This is true for
Oracle's reference implementations, though there's no guarantee that other implement‐
ers will follow this convention:
String [] supported = server . getSupportedCipherSuites ();
String [] anonCipherSuitesSupported = new String [ supported . length ];
int numAnonCipherSuitesSupported = 0 ;
for ( int i = 0 ; i < supported . length ; i ++) {
if ( supported [ i ]. indexOf ( "_anon_" ) > 0 ) {
anonCipherSuitesSupported [ numAnonCipherSuitesSupported ++]
= supported [ i ];
}
Search WWH ::




Custom Search