Miscellaneous SSL Issues
Finally, there are a number of miscellaneous SSL issues that the SSL socket API is designed to handle, including SSL proxies, client-side authentication, choosing a cipher suite, SSL handshaking, and JSSE permissions.
SSL Proxies
SSL clients often need to make connections through a proxy server;
this enables them to make requests through a firewall. If you need to
make a connection through a proxy server, use this method of the
SSLSocketFactory class:
- public abstract Socket createSocket(Socket s, String host, int port, boolean autoClose)
Create an SSL socket to the given host and port that uses the existing socket as its proxy. The existing socket is a standard (plain) socket that has been connected to the appropriate proxy host and proxy port. If
autoCloseistrue, the underlying socket will be closed when this socket is closed. If the socket cannot be created, anIOExceptionis thrown.
If you’re using your own protocol, it’s up to you to define what data should flow between your program and the proxy server before layering the sockets with this call. If you’re using HTTPS, you must send a connect string and read the headers from the proxy server on the underlying socket before you create the SSL socket. JSSE comes with a set of sample code that shows how this can be accomplished. However, if you’re using HTTPS as your protocol, it’s far easier to use the HTTPS protocol handler, which handles all these details for you (see Section 14.6 later in this chapter). ...
Get Java Security, 2nd Edition now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
