Errata

In the description of getHost() method, it says that user info is included
in host part. But it is not the case in JDK 1.3 nor JDK1.1.X.

setUseClientMode() is said to determine whether a socket will need to use
authentication in its first handshake. This is only true in that when it
acts as a server, by passing this method false, it will follow the SSL
handshake protocol as a server, i.e., by doing a "server authentication".
When passed true, the SSLSocket plays the client part of the handshake,
regardless of whether the client is required to authenticate itself to the
server (it doesn't need to, but can).

setUseClientMode() has little to do with "client authentication" in the
sense of an SSL handshake. It only serves to determine which role of the
handshake it will be playing - client or server. In fact, if
getUseClientMode() is false, it is in server mode and cannot do client
authentication because it necessarily will authenticate itself as a server.
An SSLServerSocket's setNeedClientAuth(true) is necessary and sufficient for
requiring client authentication. It is up to the client to setup an
SSLContext in which it will be able to provide the information necessary to
complete a client authentication.

It should read:

The setUseClientMode() method determines whether this socket will act as a
server or a client in its first handshake. When acting as a server it
automatically performs a server authentication as required by the SSL
handshake protocol, but when acting as a client, it may or may not be
required to perform a client authentication. Client authentication is
performed when the SSLServerSocket's setNeedClientAuth() is passed true.
The client must ensure it is created in an SSLContext sufficient to handle a
client authentication.