punctuation 0-9 A B C D E F G H I J K L M N O P Q R S T U V W X Y Z (all)
©1996-2009 2008-07-03 Roedy Green, Canadian Mind Products
The magic of SSL is that there need be no a priori secret password or private key shared between the two, though there optionally could be a login process. The two ends can set up a secure channel between themselves, even if they have never met before, even if there is someone snooping on the whole process! SSL uses ponderous public/private key techniques to exchange high speed symmetric keys for encrypting the bulk of the traffic.
The nice feature about SSL is that it can use different lengths of key for different purposes. This allows it to get around the foolish US laws that restrict long keys for privacy but allow them for identification and data integrity checking. SSL will still work even if the client does not have a certificate. SSL encryption software for export is limited by a U.S. law to 512-bit public keys and 40-bit private keys, even though the knowledge to build such software is freely available globally.
If you create an Applet and run it from within Netscape, you can successfully open a url connection with "https://www.charlie.com/…" . Netscape takes care all the SSL stuff for you. If you create an application client that runs outside of a browser, you will have to perform all the SSL yourself.
There is SSLithium, which is licensed for non-commercial use only; iSaSiLk which is commercially available, and was the basis for the international offering from Entrust; and JForge (which uses the www.aba.net.au JCE). In the US, and available on ftp.replay.com are a TLS (SSL3.1) implementation called pureTLS, and the early access Sun JSSE. Phaos makes SSLava.
With Java 1.4.1+ SSL is built-in via JSSE Java Secure Socket Extension. See the javax.net.ssl class.
The common name in the SQL certificate must be a fully-qualified domain name, or Java won’t recognize the match. If you have a website with many domains, you need a wildcard certificate to cover the related domains, or a separate cerficate for each domain.
Beware there are three SSL packages: javax.net.ssl, com.sun.net.ssl, com.sun.net.ssl.internal.www.protocol.https. Normally, you should not be messing with com.sun packages.The software to handle SSL in Java is called JSSE, (Java Secure Socket Extension) and is not considered part of JCE.
SSL chews up huge amounts of the server’s CPU time. One solution is an SSL hardware box that acts as a proxy server.
To connect as a client in HTTPS, you connect just like a regular HTTP connection. However, you have to give the SSL library access to your collection of certificate authority certificates so your client can validate server certificates:
IETF manages SSL, and has renamed it TLS Transport Layer Security. People still usually refer to it as SSL. Properly TLS refers to the newer versions of the protocol and SSL to the older.
 |
You can get the freshest copy of this page from: | or possibly from your local J: drive (Java virtual drive/mindprod.com website mirror) |
| http://mindprod.com/jgloss/ssl.html | J:\mindprod\jgloss\ssl.html | |
 |  Please email your feedback for publication, errors, omissions, typos, formatting errors, ambiguities, unclear wording, broken/redirected link reports, suggestions to improve this page or comments to
Roedy Green :
 | |
| Canadian Mind Products | ||
| mindprod.com IP:[65.110.21.43] | ||
| view Blog | Your face IP:[38.107.191.107] | |
| Feedback | You are visitor number 22,624. | |