Newsletter sign-up
View all newsletters

Enterprise Java Newsletter
Stay up to date on the latest tutorials and Java community news posted on JavaWorld

Sponsored Links

Optimize with a SATA RAID Storage Solution
Range of capacities as low as $1250 per TB. Ideal if you currently rely on servers/disks/JBODs

JavaWorld.com > Java Development Tools >

Build secure network applications with SSL and the JSSE API

Get started with SSL and JSSE using these two simple apps

By Todd Sundsted, JavaWorld.com, 05/11/01

  • Print
  • Feedback
.

Page 2 of 6

Sun's JSSE reference implementation comes with all the technology necessary to add SSL to your applications. It includes RSA (Rivest-Shamir-Adleman) cryptography support -- the de facto standard for security on the Internet. It includes an implementation of SSL 3.0 -- the current SSL standard -- and TLS (Transport Layer Security) 1.0, the next generation of SSL. JSSE also provides a suite of APIs for creating and using secure sockets.

The JSSE API

The Java security architecture uses the Factory design pattern heavily. For the uninitiated, the Factory design pattern uses special factory objects to construct instances, rather than calling their constructors directly. (See Resources for the pros and cons of the factory class.)

In JSSE, everything begins with the factory; there's a factory for SSL sockets and a factory for SSL server sockets. Since generic sockets and server sockets are already quite fundamental to Java network programming, I'll assume that you're familiar with the two and you understand their roles and differences. If you are not, I recommend picking up a good book on Java network programming.

SSLSocketFactory

Methods in the javax.net.ssl.SSLSocketFactory class fall into three categories. The first consists of a single static method that retrieves the default SSL socket factory: static SocketFactory getDefault().

The second category consists of four methods inherited from javax.net.SocketFactory that mirror the four key constructors found on the java.net.Socket class, and one method that wraps an existing socket with an SSL socket. They each return an SSL socket:

  1. Socket createSocket(String host, int port)
  2. Socket createSocket(String host, int port, InetAddress clientHost, int clientPort)
  3. Socket createSocket(InetAddress host, int port)
  4. Socket createSocket(InetAddress host, int port, InetAddress clientHost, int clientPort)
  5. Socket createSocket(Socket socket, String host, int port, boolean autoClose)


The two methods in the third category return the list of SSL cipher suites that are enabled by default, and the complete list of supported SSL cipher suites:

  1. String [] getDefaultCipherSuites()
  2. String [] getSupportedCipherSuites()


A cipher suite is a combination of cryptographic algorithms that define a particular level of security for an SSL connection. A cipher suite defines whether the connection is encrypted, whether content integrity is verified, and how authentication occurs.

SSLServerSocketFactory

Methods on the javax.net.ssl.SSLServerSocketFactory class fall into the same three categories as SSLSocketFactory. First, there is the single static method that retrieves the default SSL server socket factory: static ServerSocketFactory getDefault().

The methods that return SSL server sockets mirror the constructors found in the java.net.ServerSocket class:

  1. ServerSocket createServerSocket(int port)
  2. ServerSocket createServerSocket(int port, int backlog)
  3. ServerSocket createServerSocket(int port, int backlog, InetAddress address)


Finally, the SSLServerSocketFactory features the two methods that return the list of ciphers enabled by default and the list of supported ciphers, respectively:

  • Print
  • Feedback

Resources