javax.net.ssl
usefully - and by usefully I mean without requiring a pregenerated key
certificate, etc. After looking at SSLSocket.getSupportedCipherSuites() and
seeing DH_ prefixes on some of the supported ciphers but not on
the enabled-by-default ciphers, I looked into what the DH stood for. Turns out
it stands for Diffie-Hellman which I knew to be a secret key generation method:
My salvation was at hand. For those who are still in the dark, Diffie-Hellman
key exchange allows both parties (server and client) to negotiate a secret key
across the wire, cancelling my need for a stored, pregenerated key certificate.
Anyhoo, so the past few hours have been totally not awesome. Here's the fix to get SSLSockets to play kosher with eachother without the need for a certificate:
socket.setEnabledCipherSuites(socket.getSupportedCipherSuites());
Do this for both sockets (server AND client) and they will eventually negotiate upon the Diffie-Hellman key exchange, and you can go about your merry way on the happy SSLSocket-land.
I'm so tired :(
Want a good example? Here
The SSL Client
The SSL Server (multithreaded)