• Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

Plain socket to SSL

 
Meet Gaurav
Ranch Hand
Posts: 492
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I have a socket code to receive message from plain socket. But now the clientsocket have been changed to SSL and the old java program is not receiving the messages. Please assist me how to change the plain socket communication to SSL.
 
Rob Spoor
Sheriff
Pie
Posts: 20744
68
Chrome Eclipse IDE Java Windows
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
SSLSocket extends Socket
SSLServerSocket extends ServerSocket

I don't think you need to change anything except the initialization of the ServerSocket and Socket instances; instead of using "new Socket(...)" and "new ServerSocket(...)" you use "new SSLSocket(...)" and "new SSLServerSocket(...)". You don't even need to change the declarations.
 
Meet Gaurav
Ranch Hand
Posts: 492
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Rob,

Thanks for your response.

ServerSocketFactory ssf = ServerSocketFactory.getDefault();
this.serverSocket = ssf.createServerSocket(port, back);
this.start();


getDefault is returning ServerSocketFactory only and not SSLServerSocketFactory. Can I use like this
SSLServerSocketFactory sfactory = (SSLServerSocketFactory)SSLServerSocketFactory.getDefault();

How about creatinf server socket and starting that. Could you please assist me.

 
Ulf Dittmer
Rancher
Posts: 42969
73
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Use SSLServerSocketFactory instead.
 
Rob Spoor
Sheriff
Pie
Posts: 20744
68
Chrome Eclipse IDE Java Windows
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Meet Gaurav wrote:Rob,

Thanks for your response.

ServerSocketFactory ssf = ServerSocketFactory.getDefault();
this.serverSocket = ssf.createServerSocket(port, back);
this.start();


getDefault is returning ServerSocketFactory only and not SSLServerSocketFactory. Can I use like this
SSLServerSocketFactory sfactory = (SSLServerSocketFactory)SSLServerSocketFactory.getDefault();

How about creatinf server socket and starting that. Could you please assist me.


Ah sorry, I thought you were using simple constructors.

The thing is, you shouldn't care about whether or not the server sockets are SSL server sockets except for way up in the chain. You should change as little code as possible. In your case, you only need to change one line of code:
and all other occurrences of ServerSocketFactory.getDefault()

Yes the ServerSocketFactory is in fact an SSLServerSocketFactory. The thing is, you don't need to know. You need to work with ServerSocketFactory and ServerSocket, and possibly SocketFactory and Socket. If you start using SSLServerSockets and SSLSockets because you change the factory creating method, the rest of the code shouldn't need to worry about that. That way it makes it easier to switch back to regular (server) sockets.
 
Meet Gaurav
Ranch Hand
Posts: 492
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
May I know the reason
Y not to use
SSLServerSocketFactory sfactory = (SSLServerSocketFactory)SSLServerSocketFactory.getDefault();

and to use

ServerSocketFactory sfactory = SSLServerSocketFactory.getDefault();



 
Meet Gaurav
Ranch Hand
Posts: 492
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
For SSL anything I need to change in the configuration level. I mean adding the public keystore or something else.

Because the current configuration supports plain socket only.
 
Rob Spoor
Sheriff
Pie
Posts: 20744
68
Chrome Eclipse IDE Java Windows
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Meet Gaurav wrote:May I know the reason
Y not to use
SSLServerSocketFactory sfactory = (SSLServerSocketFactory)SSLServerSocketFactory.getDefault();

and to use

ServerSocketFactory sfactory = SSLServerSocketFactory.getDefault();

1) You are then modifying your code at three locations instead of one. If you need to switch back that's three locations you need to change back.

2) SSLServerSocketFactory doesn't give you any extra methods except for getDefaultCipherSuites() and getSupportedCipherSuites(). The createServerSocket methods still return ServerSocket references (although the actual objects are SSLServerSocket instances).
 
Meet Gaurav
Ranch Hand
Posts: 492
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Rob,

Thanks for the reply

Please suggest me which is the best option to use.

SSLServerSocketFactory sfactory = (SSLServerSocketFactory)SSLServerSocketFactory.getDefault();

or

ServerSocketFactory sfactory = SSLServerSocketFactory.getDefault();
 
Rob Spoor
Sheriff
Pie
Posts: 20744
68
Chrome Eclipse IDE Java Windows
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Unless you need to call methods of SSLServerSocketFactory, I would use the second one. As I said before, that makes it easier to switch back to ServerSocketFactory if SSL is no longer needed. If you need to call methods of SSLServerSocketFactory or SSLServerSocket, only then would I cast.

Either case, if you create ServerSockets at multiple locations I would turn it into a utility method. For instance:
That way you only need to change that one method if you switch SSL on or off. You can even use a flag in that method and return either one:
Change that one static final boolean from true to false and you turn SSL off. Change it back to true, and SSL is turned back on. You can make your program even more configurable by making it a user setting, but let's keep it a bit simpler for now
 
Meet Gaurav
Ranch Hand
Posts: 492
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Wooo Great Rob.. Now am clear.

Could you please tell me

For SSL anything I need to change in the configuration level. I mean adding the public keystore or something else.

Because the current configuration supports plain socket only.
 
Rob Spoor
Sheriff
Pie
Posts: 20744
68
Chrome Eclipse IDE Java Windows
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I couldn't tell you. All I can tell you is that with my example code, you only need to add it in one place
 
Meet Gaurav
Ranch Hand
Posts: 492
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Rob,

Could you please tell me why the SSLSocket is an abstract class.

Socket rSocket = new Socket(IP, Port);

equal ?

SSLSocket rSocket = (SSLSocket)new Socket(IP, Port);

Correct me if am wrong
 
Rob Spoor
Sheriff
Pie
Posts: 20744
68
Chrome Eclipse IDE Java Windows
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I didn't even know that SSLSocket was abstract.

You can't cast a regular Socket to SSLSocket, as it simply isn't an SSLSocket. I guess you'll need to use SSLSocketFactory.createSocket, passing a regular Socket. Probably something like this:
(Disclaimer: not tested)
 
Meet Gaurav
Ranch Hand
Posts: 492
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
// Plain socket
Socket rSocket = new Socket(IP, Port);

both are same

// SSL
SSLSocketFactory ssf = (SSLSocketFactory)SSLSocketFactory.getDefault();
Socket socket = new Socket();
socket = ssf.createSocket(socket, host, port, true);
 
Rob Spoor
Sheriff
Pie
Posts: 20744
68
Chrome Eclipse IDE Java Windows
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Are you sure they are the same? What does "System.out.println(socket.getClass())" print out?

Try the following example:
Note that on line 10 the socket already needs to be connected, otherwise an exception is thrown.
 
Meet Gaurav
Ranch Hand
Posts: 492
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Rob,

Everything seems fine.. Now am getting below exception

Caused by: javax.net.ssl.SSLException: No available certificate or key corresponds to the SSL cipher suites which are enabled.
at com.sun.net.ssl.internal.ssl.SSLServerSocketImpl.checkEnabledSuites(SSLServerSocketImpl.java:303)
at com.sun.net.ssl.internal.ssl.SSLServerSocketImpl.accept(SSLServerSocketImpl.java:253)
at com.test.sw.server.SrtSetServer.run(SrtSetServer.java:106)

Even after adding keystore am getting this.. Please help
 
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic