tags:

views:

52

answers:

3
Q: 

How is SSLSocket created?

In JSSE docs, it just says the sslsocket can be created by the SSLSocketFactory through a call of createSocket. But it does not describe how the ssl handshake is call, how the key material is passed in and how and which credential is chosen to authenticate the server or the client.

Anybody knows the detailed procedure of the creation of sslsocket?

thanks

A: 

An algorithm like Diffie-Hellman can be used to establish secure communications between two parties across an unsecure network.

http://en.wikipedia.org/wiki/Diffie%E2%80%93Hellman_key_exchange

btreat  2010-07-20 00:03:14
+1  A: 

There's a pretty thorough overview at http://download.oracle.com/docs/cd/E17409_01/javase/6/docs/technotes/guides/security/jsse/JSSERefGuide.html

nos  2010-07-20 00:09:33
yes, it is a good docs. But do you know how the certificates is chosen to authenticate your self. Like, in mutual authentication scenario, the server will require client's certificate, but in client's KeyStore, there maybe multiple key-certificates, which one is chosen?
Guoqin  2010-07-23 07:33:07
+1  A: 

All JSSE does is implement what it says in RFC 2246. No need to say it all again in the Javadoc.

EJP  2010-07-20 10:13:14
In the mutal authentication, if you the client has multiple certificates, which one is chosen?
Guoqin  2010-07-23 07:34:10
A certificate that matches the trusted CAs sent by the server. This also is in the RFC.
EJP  2010-07-23 10:22:20
The certificate request has two lists of certificate_types and certificate_authorities, which one higher preference? for example, if the certificate request is something like: { certificate_types = (rsa_sign, dss_sign) certificate_authorities = ("verisign", "CyberTrust") } However, the client has two certificates like: certificate1 = (rsa_sign, "CyberTrust") ; certificate2 = (dss_sign, "verisign") which one shall the client take? Thanks!
Guoqin  2010-07-23 22:54:52
The chosen certificate has to comply with both. Probably the first certain that dowse so is chosen, but I'm not aware of any specification that says anything about it.
EJP  2010-07-24 08:37:04

related questions

Java Time Zone is messed up
Eclipse on win64
Automate builds for Java RCP for deployment with JNLP
Why are professors or schools picking Java over C++ to teach to students?
Is there a real benefit of using J#?
Public/Popular Websites using JavaServer Faces
Why can't I use a try block around my super() call?
Accessing post variables using Java Servlets
Personal Linux web server
Is this really widening vs autoboxing?
How can I Java webstart multiple, dependent, native libraries?
Why can't I call toString() on a Java primitive?
How do I use Java to read from a file that is actively being written?
What code analysis tools do you use for your Java projects?
IllegalArgumentException or NullPointerException for a null parameter?
How do I configure and communicate with a serial port?
What is the best way to parse strings in Java
Getting started with a custom JXTA PeerGroup
Creating a custom button in Java
How to get started "writing" a code coverage tool?
Which Build-/Configuration Management Tool?
What is the difference between an int and an Integer in Java/C#?
What is the meaning of the type safety warning in certain Java generics casts?
How would you access Object properties from within an object method?
Converting CSV File to XML in Java