JDK Tutorials - Herong's Tutorial Notes
Dr. Herong Yang, Version 4.32, 2006

SSL (Secure Socket Layer)

Part:   1  2   3 

JDK Tutorials - Herong's Tutorial Notes © Dr. Herong Yang

Internationalization

Character Set and Encoding

Socket Communication

Document Object Model (DOM)

XSD Validation in Java

XSL - Transformer in Java

JCA - Private and Public Key Pairs

JCE - Secret Key

SSL (Secure Socket Layer)

SSL - Client Authentication

... Table of Contents

(Continued from previous part...)

How Can SSL Ensure Privacy?

SSL allows the server and the client to gain privacy with the following approach:

  • During the handshake process, the server sends its public key to the client.
  • The client then selects a secret key, encrypts it with server's public key, and sends it to the server.
  • The server decrypts the secret key with its private key. Both ends are now ready to use the secret key.
  • When application data is transmitted, both ends will encrypt data with the secret key.

JSSE - Java Implementation of SSL and TLS

JSSE (Java Secure Socket Extension) provides a Java implementation of SSL and TLS protocols through the following major classes and interfaces:

  • javax.net.ssl.SSLServerSocket - Representing the server end of a secure communication.
  • javax.net.ssl.SSLSocket - Representing the client end of a secure communication.
  • javax.net.ssl.SSLServerSocketFactory - Used to create SSLServerSocket objects.
  • javax.net.ssl.SSLSocketFactory - Used to create SSLSocket objects.
  • javax.net.ssl.SSLContext - Representing a secure communication context. Once initialized, it can be used as a factory to create SSLServerSocketFactory objects and SSLSocketFactory objects.
  • javax.net.ssl.KeyManager - Responsible for managing the key material used to authenticate the local SSLSocket.
  • javax.net.ssl.KeyManagerFactory - Used to create KeyManager objects based on keys from a given KeyStore object.

Default SSL Socket Factories - SslSocketTest.java

The following sample program shows you how to create default SSL socket factories: 

/**
 * SslSocketTest.java
 * Copyright (c) 2005 by Dr. Herong Yang
 */
import java.io.*;
import java.net.*;
import java.security.*;
import javax.net.*;
import javax.net.ssl.*;
public class SslSocketTest {
   public static void main(String[] args) {
      PrintStream out = System.out;
      out.println("\nDefault SSL socket factory:");
      try {
         // Generating the default SSLServerSocketFactory
         SSLServerSocketFactory ssf = (SSLServerSocketFactory)
            SSLServerSocketFactory.getDefault();
         System.out.println("\nSSLServerSocketFactory class: "
            +ssf.getClass());
         String[] dcsList = ssf.getDefaultCipherSuites();
         out.println("   Default cipher suites:");
         for (int i=0; i<dcsList.length; i++) {
            out.println("      "+dcsList[i]);
         }

         // Genearting SSLServerSocket
         SSLServerSocket ss
            = (SSLServerSocket) ssf.createServerSocket();
         System.out.println("\nSSLServerSocket class: "
            +ss.getClass());
         System.out.println("   String: "+ss.toString());

         // Generating the default SSLSocketFactory
         SSLSocketFactory sf = 
            (SSLSocketFactory) SSLSocketFactory.getDefault();
         out.println("\nSSLSocketFactory class: "
            +sf.getClass());
         dcsList = sf.getDefaultCipherSuites();
         out.println("   Default cipher suites:");
         for (int i=0; i<dcsList.length; i++) {
            out.println("      "+dcsList[i]);
         }

         // Genearting SSLSocket
         SSLSocket s
            = (SSLSocket) sf.createSocket();
         System.out.println("\nSSLSocket class: "+s.getClass());
         System.out.println("   String: "+s.toString());
      } catch (Exception e) {
         System.err.println(e.toString());
      }
   }
}

If you run this program with JDK 1.5.0, you will get: 

Default SSL socket factory:

SSLServerSocketFactory class: 
   class com.sun.net.ssl.internal.ssl.SSLServerSocketFactoryImpl
   Default cipher suites:
      SSL_RSA_WITH_RC4_128_MD5
      SSL_RSA_WITH_RC4_128_SHA
      TLS_RSA_WITH_AES_128_CBC_SHA
      TLS_DHE_RSA_WITH_AES_128_CBC_SHA
      TLS_DHE_DSS_WITH_AES_128_CBC_SHA
      SSL_RSA_WITH_3DES_EDE_CBC_SHA
      SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA
      SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA
      SSL_RSA_WITH_DES_CBC_SHA
      SSL_DHE_RSA_WITH_DES_CBC_SHA
      SSL_DHE_DSS_WITH_DES_CBC_SHA
      SSL_RSA_EXPORT_WITH_RC4_40_MD5
      SSL_RSA_EXPORT_WITH_DES40_CBC_SHA
      SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA
      SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA

SSLServerSocket class: 
   class com.sun.net.ssl.internal.ssl.SSLServerSocketImpl
   String: [SSL: ServerSocket[unbound]]

SSLSocketFactory class: 
   class com.sun.net.ssl.internal.ssl.SSLSocketFactoryImpl
   Default cipher suites:
      SSL_RSA_WITH_RC4_128_MD5
      SSL_RSA_WITH_RC4_128_SHA
      TLS_RSA_WITH_AES_128_CBC_SHA
      TLS_DHE_RSA_WITH_AES_128_CBC_SHA
      TLS_DHE_DSS_WITH_AES_128_CBC_SHA
      SSL_RSA_WITH_3DES_EDE_CBC_SHA
      SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA
      SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA
      SSL_RSA_WITH_DES_CBC_SHA
      SSL_DHE_RSA_WITH_DES_CBC_SHA
      SSL_DHE_DSS_WITH_DES_CBC_SHA
      SSL_RSA_EXPORT_WITH_RC4_40_MD5
      SSL_RSA_EXPORT_WITH_DES40_CBC_SHA
      SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA
      SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA

SSLSocket class: class com.sun.net.ssl.internal.ssl.SSLSocketImpl
   String: a3bcc1[SSL_NULL_WITH_NULL_NULL: Socket[unconnected]]

Note that JSSE does support a number of cipher suites for the SSL record protocol.

(Continued on next part...)

Part:   1  2   3 

Dr. Herong Yang, updated in 2006
JDK Tutorials - Herong's Tutorial Notes - SSL (Secure Socket Layer)