JDK Tutorials - Herong's Tutorial Examples - v6.32, by Herong Yang
SSL Specification Overview
This section provides a quick overview of the SSL (Secure Socket Layer) protocol. There are 4 sub-protocols in SSL: Record Protocol, Handshake Protocol, Change Cipher Spec Protocol, and Alert Protocol.
SSL protocol operates between the TCP/IP layer and the application layer in the communication layer model. See the following diagram:
Client Server Application Application SSL SSL TCP/IP TCP/IP | | |-----------------|
The objective of SSL protocol is to offer to the application the following security properties:
SSL protocol is actually composed of 4 sub-protocols:
SSL's sub-protocols work together with application protocols as shown in the following diagram:
--> Time |----------------------------------------------------------------| | SSL Handshake | SSL Change Cipher Spec | Application/SSL Alert | | Protocol | Protocol | Protocol | |----------------------------------------------------------------| | SSL Record Protocol | |----------------------------------------------------------------| | TCP/IP Protocol | |----------------------------------------------------------------|
As you can see, the handshake protocol is very important for establishing the SSL. The following diagram shows you what are the messages used in the handshake protocol and in what sequence they are used:
Client Server Client Hello --> <-- Server Hello <-- Server Certificate (optional) <-- Server Key Exchange (optional) <-- Certificate Request (optional) Certificate --> Client Key Exchange --> Certificate Verify --> Change Cipher Spec --> Finished --> <-- Change Cipher Spec <-- Finished
For details of the SSL specifications, see "The SSL Protocol, Version 3.0" at http://wp.netscape.com/eng/ssl3/draft302.txt.
How can SSL ensure privacy? SSL allows the server and the client to gain privacy with the following approach:
Table of Contents
Date, Time and Calendar Classes
Date and Time Object and String Conversion
Number Object and Numeric String Conversion
Locales, Localization Methods and Resource Bundles
Calling and Importing Classes Defined in Unnamed Packages
HashSet, Vector, HashMap and Collection Classes
Character Set Encoding Classes and Methods
Encoding Conversion Programs for Encoded Text Files
Datagram Network Communication
DOM (Document Object Model) - API for XML Files
DTD (Document Type Definition) - XML Validation
XSD (XML Schema Definition) - XML Validation
XSL (Extensible Stylesheet Language)
Message Digest Algorithm Implementations in JDK
Private key and Public Key Pair Generation
PKCS#8/X.509 Private/Public Encoding Standards
Digital Signature Algorithm and Sample Program
"keytool" Commands and "keystore" Files
KeyStore and Certificate Classes
Secret Key Generation and Management
Cipher - Encryption and Decryption
►The SSL (Secure Socket Layer) Protocol
What Is SSL (Secure Socket Layer)?
JSSE - Java Implementation of SSL and TLS
SslSocketTest.java - Default SSL Socket Factory Test
SslContextTest.java - javax.net.ssl.SSLContext Class Test
Initializing SSLContext with PKCS12 File
SSL Socket Communication Testing Programs