• Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

This SSL code runs... but does it provide security?

 
Ivan Jouikov
Ranch Hand
Posts: 269
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi! I am working on creating a simple SSL server.
The goal is for client to connect to server and have a SECURE connection. I don't want any certificate crap - all I want is (like in https) the bullet-proof connection. That is, by default, every server trusts every client, and every client trusts every server.
I seem to have achieved it by creating my OWN trust manager that implements X509TrustManager, and not throwing exception from the authorization methods.
Before I show you the code, keep in mind that keystores used by server and client are generated using keytool. Each contain a single key pair for server and for client.
The programs run just fine, but I am conserned: is security still OK even after I did all that crap?
Here's what my server code looks like:

And here's my client code:
 
Ivan Jouikov
Ranch Hand
Posts: 269
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
All you "pros" out there... and nobody has an answer?
 
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic