Creating Secure Server Sockets

Secure client sockets are only half of the equation. The other half is SSL-enabled server sockets. These are instances of the javax.net.SSLServerSocket class:

public abstract class SSLServerSocket extends ServerSocket

Like SSLSocket, all the constructors in this class are protected. Like SSLSocket, instances of SSLServerSocket are created by an abstract factory class, javax.net.SSLServerSocketFactory :

public abstract class SSLServerSocketFactory 
 extends ServerSocketFactory

Also like SSLSocketFactory, an instance of SSLServerSocketFactory is returned by a static SSLServerSocketFactory.getDefault( ) method:

public static ServerSocketFactory getDefault(  )

And like SSLSocketFactory, SSLServerSocketFactory has three overloaded createServerSocket( ) methods that return instances of SSLServerSocket and are easily understood by analogy with the java.net.ServerSocket constructors:

public abstract ServerSocket createServerSocket(int port) 
 throws IOException
public abstract ServerSocket createServerSocket(int port, 
 int queueLength) throws IOException
public abstract ServerSocket createServerSocket(int port, 
 int queueLength, InetAddress interface) throws IOException

If that were all there was to creating secure server sockets, then they would be quite straightforward and simple to use. Unfortunately, that’s not all there is to it. The factory that SSLServerSocketFactory.getDefault( ) returns generally supports only server authentication. It does not support encryption. ...

Get Java Network Programming, Second Edition now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.