Methods of the SSLSocket Class
Besides the methods we’ve already
discussed and those it inherits from
java.net.Socket, the SSLSocket
class has a number of methods for configuring exactly how much and
what kind of authentication and encryption is performed. For
instance, you can choose weaker or stronger algorithms, require
clients to prove their identity, force reauthentication of both
sides, and more.
Choosing the Cipher Suites
Different implementations of the JSSE support different combinations
of authentication and encryption algorithms. For instance, although
so far I’ve been talking about Sun’s reference
implementation as though it were one thing, it’s actually two:
one for domestic use within the U.S. and Canada that allows for
encryption with key lengths up to 128 bits, and one for global use
that allows only 40-bit encryption. The
getSupportedCipherSuites( )
method tells you which combination of algorithms are available on a
given socket:
public abstract String[] getSupportedCipherSuites( )
However, not all cipher suites that are understood are necessarily
allowed on the connection. Some may be too weak and consequently
disabled. The get EnabledCipherSuites( )
method tells you which suites this
socket is willing to use:
public abstract String[] getEnabledCipherSuites( )
The actual suite used is negotiated between the client and server at connection time. It’s possible that the client and the server won’t agree on any suite. It’s also possible that although a suite is enabled ...
Get Java Network Programming, Second Edition now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
