SSL : Java Glossary
home S words local find no local find frame, full screen Google search web for topic jump to footer translate with Babelfish by Roedy Green ©1996-2008 Canadian Mind Products
Go to : punctuation 0-9 A B C D E F G H I J K L M N O P Q R S T U V W X Y Z (all)
SSL
Secure Sockets Layer protocol used communicate over an encrypted connection, and to authenticate none, one or both of the participants. There are two versions SSL version 2 (SSL v2) and SSL version 3 (SSL v3). SSL v3 is more flexible and safer than SSL v2. It works by the website sending its X.509 v3 certificate containing its public key to your browser. That allows session keys to be exchanged to encrypt the following traffic.

The magic of SSL is that there need be no a priori secret password or private key shared between the two, though there optionall could be a login process. The two ends can set up a secure channel between themselves, even if they have never met before, even if there is someone snooping on the whole process!

The nice feature about SSL is that it can use different lengths of key for different purposes. This allows it to get around the foolish US laws that restrict long keys for privacy but allow them for identification and data integrity checking. SSL will still work even if the client does not have a certificate. SSL encryption software for export is limited by a U.S. law to 512-bit public keys and 40-bit private keys, even though the knowledge to build such software is freely available globally.

If you create an Applet and run it from within Netscape, you can successfully open a url connection with "https://www.charlie.com/…" . Netscape takes care all the SSL stuff for you. If you create an application client that runs outside of a browser, you will have to perform all the SSL yourself.

There is SSLithium, which is licensed for non-commercial use only; iSaSiLk which is commercially available, and was the basis for the international offering from Entrust; and JForge (which uses the www.aba.net.au JCE). In the US, and available on ftp.replay.com are a TLS (SSL3.1) implementation called pureTLS, and the early access Sun JSSE. Phaos makes SSLava.

With Java 1.4.1+ SSL is built-in via JSSE Java Secure Socket Extension. See the javax.net.ssl class.

The common name in the SQL certificate must be a fully-qualified domain name, or Java won’t recognize the match. If you have a website with many domains, you need a wildcard certificate to cover the related domains, or a separate cerficate for each domain.

Beware there are three SSL packages: javax.net.ssl, com.sun.net.ssl, com.sun.net.ssl.internal.www.protocol.https. Normally, you should not be messing with com.sun packages.

The software to handle SSL in Java is called JSSE, (Java Secure Socket Extension) and is not considered part of JCE.

SSL chews up huge amounts of the server’s CPU time. One solution is an SSL hardware box that acts as a proxy server.

To connect as a client in HTTPS, you connect just like a regular HTTP connection. However, you have to give the SSL library access to your collection of certificate authority certificates so your client can validate server certificates:

java -Djavax.net.ssl.trustStore=myCertStore.jks -Djavax.net.ssl.trustStorePassword=sesame -jar MyClient.jar
Sun’s Javadoc on the SSLSocket class : available:
Sun’s JDK Technote Guide on JSSE — Java Secure Socket Extension : available:


CMP_homejump to top
CMP logo
feedback Please email your feedback for publication, errors, omissions, broken/redirected link reports
and suggestions to improve this page to Roedy Green : feedback email
made with CSS
HTML Checked!
ICRA ratings logo
mindprod.com IP:[65.110.21.43]
Your face IP:[38.103.63.17] The information on this page is for non-military use only.
You are visitor number 16,834. Military use includes use by defence contractors.
You can get a fresh copy of this page from: or possibly from your local J: drive (Java virtual drive/Mindprod website mirror)
http://mindprod.com/jgloss/ssl.html J:\mindprod\jgloss\ssl.html