|
SSL - Socket Communication
Part:
1
2
3
4
(Continued from previous part...)
Here is what I did on the server side:
>\jdk\bin\keytool -export -keystore herong.jks -alias my_home
-file my_home.crt
Enter keystore password: HerongJKS
Certificate stored in file <my_home.crt>
>"send my_home.crt to the client machine..."
Here is what I did on the client side:
>"receive my_home.crt from the server machine..."
>\jdk\bin\keytool -import -keystore public.jks -alias herong_home
-file my_home.crt
Enter keystore password: PublicJKS
Owner: CN=Herong Yang, OU=My unit, O=My home, L=My city, ST=My sta...
Issuer: CN=Herong Yang, OU=My unit, O=My home, L=My city, ST=My st...
Serial number: 42266fba
Valid from: Sat Jan 01 21:00:26 EST 2005 until: Tue May 31 22:00:2...
Certificate fingerprints:
MD5: 55:2C:5B:49:47:CB:61:40:FD:1A:3C:B7:16:6C:8E:7E
SHA1: EC:B6:77:A1:21:9F:7E:AE:AF:B0:7C:AC:C5:B7:24:B7:45:...
Trust this certificate? [no]: y
Certificate was added to keystore
Now run SslReverseEchoer.java again. Then run SslSocketClient with public.jks:
>\jdk\bin\java -cp . "-Djavax.net.ssl.trustStore=public.jks"
SslSocketClient
Socket class: class com.sun.net.ssl.internal.ssl.SSLSocketImpl
Remote address = localhost/127.0.0.1
Remote port = 8888
Local socket address = /127.0.0.1:2187
Local address = /127.0.0.1
Local port = 2187
Need client authentication = false
Cipher suite = TLS_DHE_DSS_WITH_AES_128_CBC_SHA
Protocol = TLSv1
Welcome to SSL Reverse Echo Server. Please type in some words.
Hello world!
!dlrow olleH
It works!
!skrow tI
.
Congratulations! We have successfully used JSSE to create a SSL socket
communication.
Note that:
- Even I specified SSL when constructing the SSLContext object, the
final protocol used in the communication is TLSv1. I don't know why.
- Client authentication is not used.
JSSE Debug Option
If you want to know what is really going on at the SSL layer, you could use the JSSE Debug options,
"-Djavax.net.debug=options". Here is how I used it on the client side:
>\jdk\bin\java -cp . "-Djavax.net.ssl.trustStore=public.jks"
"-Djavax.net.debug=help" SslSocketClient
all turn on all debugging
ssl turn on ssl debugging
The following can be used with ssl:
record enable per-record tracing
handshake print each handshake message
......
(Run SslReverseEchoer.java in another window)
>\jdk\bin\java -cp . "-Djavax.net.ssl.trustStore=public.jks"
"-Djavax.net.debug=ssl:record" SslSocketClient
setting up default SSLSocketFactory
......
init truststore
adding as trusted cert:
Subject: CN=Herong Yang, OU=My unit, O=My home, L=My ci
Issuer: CN=Herong Yang, OU=My unit, O=My home, L=My ci
Algorithm: DSA; Serial number: 0x42266fba
......
init context
trigger seeding of SecureRandom
......
%% No cached client session
*** ClientHello, TLSv1
RandomCookie: GMT: 1111734670 bytes = { 64, 255, 55, 15,
Session ID: {}
Cipher Suites: [SSL_RSA_WITH_RC4_128_MD5, SSL_RSA_WITH_RC
Compression Methods: { 0 }
***
main, WRITE: TLSv1 Handshake, length = 73
main, WRITE: SSLv2 client hello message, length = 98
main, READ: TLSv1 Handshake, length = 1187
*** ServerHello, TLSv1
RandomCookie: GMT: 1111734670 bytes = { 120, 194, 143, 2
Session ID: {66, 68, 186, 142, 195, 126, 97, 92, 127, 59
Cipher Suite: TLS_DHE_DSS_WITH_AES_128_CBC_SHA
Compression Method: 0
***
%% Created: [Session-1, TLS_DHE_DSS_WITH_AES_128_CBC_SHA
** TLS_DHE_DSS_WITH_AES_128_CBC_SHA
*** Certificate chain
chain [0] = [
[
Version: V1
Subject: CN=Herong Yang, OU=My unit, O=My home, L=My ci
Signature Algorithm: SHA1withDSA, OID = 1.2.840.10040.4
......
]
......
]
***
(Continued on next part...)
Part:
1
2
3
4
| 