May 2001
Intermediate to advanced
618 pages
20h 50m
English
Content preview from Java Security, 2nd EditionBecome an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
O’Reilly covers everything we've got, with content to help us build a world-class technology community, upgrade the capabilities and competencies of our teams, and improve overall team performance as well as their engagement.I wanted to learn C and C++, but it didn't click for me until I picked up an O'Reilly book. When I went on the O’Reilly platform, I was astonished to find all the books there, plus live events and sandboxes so you could play around with the technology.I’ve been on the O’Reilly platform for more than eight years. I use a couple of learning platforms, but I'm on O'Reilly more than anybody else. When you're there, you start learning. I'm never disappointed.I'm always learning. So when I got on to O'Reilly, I was like a kid in a candy store. There are playlists. There are answers. There's on-demand training. It's worth its weight in gold, in terms of what it allows me to do.
Debugging JSSE
Code that is involved in an SSL conversation can be tricky to debug because many of the details that you’d normally handle yourself (key exchange, certificate verification, and so on) are hidden from you. When these operations don’t work, it can be difficult to figure out what went wrong.
Complicating this is the fact that setting up an SSL connection is a
time-consuming operation. Both parties in the conversation must
create a secure random number (an instance of the
SecureRandom class if they are Java programs).
Then the peers must negotiate which key exchange algorithm to use and
actually perform the key exchange. Only then is the socket available
to send and receive data. So our first tip in working with SSL code
is to be patient when you start a program.
Several exceptions are thrown by the JSSE API. These are often
self-explanatory. For example, if you attempt to retrieve the
certificate chain of a peer from the SSLSession
object, you will get an
SSLPeerUnverifiedException
if the peer is not verified. However, you will get a
SocketException
with the somewhat cryptic detail
message of “No SSL Sockets” if you specify an incorrect
password for a keystore used by an SSL context or an SSL socket
factory.
Exceptions are not always thrown when you might expect, however. In
particular, an SSL socket will become connected at the socket level
even if the SSL protocol negotiation fails. For instance, when an SSL
client calls the createSocket( ) method, it will receive ...
Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.
Read now
Unlock full access
More than 5,000 organizations count on O’Reilly
O’Reilly covers everything we've got, with content to help us build a world-class technology community, upgrade the capabilities and competencies of our teams, and improve overall team performance as well as their engagement.Julian F.
I wanted to learn C and C++, but it didn't click for me until I picked up an O'Reilly book. When I went on the O’Reilly platform, I was astonished to find all the books there, plus live events and sandboxes so you could play around with the technology.Addison B.
I’ve been on the O’Reilly platform for more than eight years. I use a couple of learning platforms, but I'm on O'Reilly more than anybody else. When you're there, you start learning. I'm never disappointed.Amir M.
I'm always learning. So when I got on to O'Reilly, I was like a kid in a candy store. There are playlists. There are answers. There's on-demand training. It's worth its weight in gold, in terms of what it allows me to do.