Java JSSE SSLSocket/SSLServerSocket
Posted Mon, 16 Feb 2004
Holy christ... I've never had so much trouble getting something to work in my
life. For the past several hours of scouring google and online book resources I
was left without any working means by which to use
Do this for both sockets (server AND client) and they will eventually negotiate upon the Diffie-Hellman key exchange, and you can go about your merry way on the happy SSLSocket-land.
javax.net.ssl
usefully - and by usefully I mean without requiring a pregenerated key
certificate, etc. After looking at SSLSocket.getSupportedCipherSuites() and
seeing DH_ prefixes on some of the supported ciphers but not on
the enabled-by-default ciphers, I looked into what the DH stood for. Turns out
it stands for Diffie-Hellman which I knew to be a secret key generation method:
My salvation was at hand. For those who are still in the dark, Diffie-Hellman
key exchange allows both parties (server and client) to negotiate a secret key
across the wire, cancelling my need for a stored, pregenerated key certificate.
Anyhoo, so the past few hours have been totally not awesome. Here's the fix to get SSLSockets to play kosher with eachother without the need for a certificate:
socket.setEnabledCipherSuites(socket.getSupportedCipherSuites());
Do this for both sockets (server AND client) and they will eventually negotiate upon the Diffie-Hellman key exchange, and you can go about your merry way on the happy SSLSocket-land.
I'm so tired :(
Want a good example? Here
The SSL Client
The SSL Server (multithreaded)