Methods of the SSLSocket Class

Besides the methods we’ve already discussed and those it inherits from, the SSLSocket class has a number of methods for configuring exactly how much and what kind of authentication and encryption is performed. For instance, you can choose weaker or stronger algorithms, require clients to prove their identity, force reauthentication of both sides, and more.

Choosing the Cipher Suites

Different implementations of the JSSE support different combinations of authentication and encryption algorithms. For instance, although so far I’ve been talking about Sun’s reference implementation as though it were one thing, it’s actually two: one for domestic use within the U.S. and Canada that allows for encryption with key lengths up to 128 bits, and one for global use that allows only 40-bit encryption. The getSupportedCipherSuites( ) method tells you which combination of algorithms are available on a given socket:

public abstract String[] getSupportedCipherSuites(  )

However, not all cipher suites that are understood are necessarily allowed on the connection. Some may be too weak and consequently disabled. The get EnabledCipherSuites( ) method tells you which suites this socket is willing to use:

public abstract String[] getEnabledCipherSuites(  )

The actual suite used is negotiated between the client and server at connection time. It’s possible that the client and the server won’t agree on any suite. It’s also possible that although a suite is enabled ...

Get Java Network Programming, Second Edition now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.