ansaurus

Question

Answer 1

+1 A:

In SSL, the first message to be sent is always by the client: a ClientHello. The server should response with a ServerHello message, so that'll be when you know it supports SSL. You can close the connection (by sending a close_notify alert) at any point. You do not need to complete the handshake.

Iit is quite common for peers to terminate mid-handshake if the session parameters do not allow a trusted session be established.

In Java, the SSLEngine class gives you the sort of control you desire over the SSL handshake, but it is quite a complex state machine requiring in-depth knowledge of SSL.

David Grant 2010-02-16 15:46:36

Good to know that there's a solution, at least in theory.I just need to find out how to implement that in Java.

G B 2010-02-16 16:08:39

Create an SSLSocket and either call startHandshake() or send some data. If you don't do either of those things the handshake doesn't start. Set a socket timeout as well just to be sure.

EJP 2010-02-16 23:14:20

@EJP: Good to see you on here. I enjoyed your networking book. :)

David Grant 2010-02-17 08:36:35

Thanks David ;-)

EJP 2010-02-17 11:35:04

Answer 2

+2 A:

try {
    SSLContext ctx = SSLContext.getDefault();
    ctx.getClientSessionContext().setSessionTimeout(5); // in seconds
    SSLSocket socket = (SSLSocket) 
         ctx.getSocketFactory().createSocket("host.com", 443);

    socket.setSoTimeout(5000); // in millis
    socket.startHandshake();
} catch (IOException ex) {
    sslAvailable = false;
}

As per your comment the socket.setSoTimeout(5000) did the trick.

If that doesn't work, then:

URLConnection urlConn = // obtain connection
urlConn.setConnectTimeout(5000); // in millis

Bozho 2010-02-16 15:48:22

Uhm, works, but it seems to do exactly the opposite of what I'm trying to do:- If the host doesn't answer at all, startHandshake() waits forever. I could wrap that in a thread and close the socket after a given timeout.- If the host supports SSL, I get a javax.net.ssl.SSLHandshakeException: Remote host closed connection during handshakeIt could work, but I don't know if it's the right solution.

G B 2010-02-16 16:05:39

@G B see my update about the timeout.

Bozho 2010-02-16 16:12:57

Same problem. Session timeout is something different.

G B 2010-02-16 16:26:10

Found the solution: it's not "setSessionTimeout" on the context, it's "setSoTimeout" on the socket.

G B 2010-02-17 09:37:39

good. I'll include it in the answer above so that it's more visible to others with the same problem

Bozho 2010-02-17 09:41:49

Answer 3

A:

The problem is, when the server is online, accepts connection on the configured TCP port, but then doesn't answer to SSL handshake, our application waits indefinitely for an answer.

As general purpose solution why not put the connect code into a thread and waiting for the thread until a timeout is reached.

PeterMmm 2010-02-16 15:50:34

Yes, we did: the connection hangs and can't be closed.The problem is the IBM Host Access Library.

G B 2010-02-16 15:59:49

ansaurus

tags:

views:

answers:

How do I know if a server supports SSL?

related questions