Search this site


Metadata

Articles

Projects

Presentations

Java JSSE SSLSocket/SSLServerSocket

Holy christ... I've never had so much trouble getting something to work in my life. For the past several hours of scouring google and online book resources I was left without any working means by which to use javax.net.ssl usefully - and by usefully I mean without requiring a pregenerated key certificate, etc. After looking at SSLSocket.getSupportedCipherSuites() and seeing DH_ prefixes on some of the supported ciphers but not on the enabled-by-default ciphers, I looked into what the DH stood for. Turns out it stands for Diffie-Hellman which I knew to be a secret key generation method: My salvation was at hand. For those who are still in the dark, Diffie-Hellman key exchange allows both parties (server and client) to negotiate a secret key across the wire, cancelling my need for a stored, pregenerated key certificate.

Anyhoo, so the past few hours have been totally not awesome. Here's the fix to get SSLSockets to play kosher with eachother without the need for a certificate:

socket.setEnabledCipherSuites(socket.getSupportedCipherSuites());

Do this for both sockets (server AND client) and they will eventually negotiate upon the Diffie-Hellman key exchange, and you can go about your merry way on the happy SSLSocket-land.

I'm so tired :( Want a good example? Here
The SSL Client
The SSL Server (multithreaded)