Java Glossary : SSL

CMP home Java glossary home Menu no menu Last updated 2004-06-30 by Roedy Green ©1996-2004 Canadian Mind Products

Java definitions: 0-9 A B C D E F G H I J K L M N O P Q R S T U V W X Y Z

You are here : home : Java Glossary : S words : SSL.

SSL
Secure Sockets Layer protocol used communicate over an encrypted connection, and to authenticate none, one or both of the participants. There are two versions SSL version 2 (SSL v2) and SSL version 3 (SSL v3). SSL v3 is more flexible and safer than SSL v2. It works by the website sending its X.509 v3 certificate containing its public key to your browser. That allows session keys to be exchanged to encrypt the following traffic.

The magic of SSL is that there need be no a priori secret password or private key shared between the two, though there optionall could be a login process. The two ends can set up a secure channel between themselves, even if they have never met before, even if there is someone snooping on the whole process!

The nice feature about SSL is that it can use different lengths of key for different purposes. This allows it to get around the foolish US laws that restrict long keys for privacy but allow them for identification and data integrity checking. SSL will still work even if the client does not have a certificate. SSL encryption software for export is limited by a U.S. law to 512-bit public keys and 40-bit private keys, even though the knowledge to build such software is freely available globally.

If you create an Applet and run it from within Netscape, you can successfully open a url connection with "https://www.charlie.com/..." . Netscape takes care all the SSL stuff for you. If you create an application client that runs outside of a browser, you will have to perform all the SSL yourself.

To learn more try the O'Reilly site.

There is SSLithium, which is licensed for non-commercial use only; iSaSiLk which is commercially available, and was the basis for the international offering from Entrust; and JForge (which uses the www.aba.net.au JCE). In the US, and available on ftp.replay.com are a TLS (SSL3.1) implementation called pureTLS, and the early access Sun JSSE. Phaos makes SSLava.

With Java 1.4.1+ SSL is builtin via JSSE Java Secure Socket Extension. See the javax.net.ssl class.

The common name in the SQL certificate must be a fully-qualified domain name, or Java won't recognize the match. If you have a website with many domains, you need a wildcard certificate to cover the related domains, or a separate cerficate for each domain. 

// Create an SSL socket from an ordinary one, to let you talk to a secure server using raw sockets.
// TLS works similarly.
javax.net.ssl.SSLSocketFactory.createSocket( Socket , String, int, boolean );

HTTPS ¤ J_SSL ¤ SSL certificates ¤ TLS

CMP logo
CMP_home
home		 Canadian Mind Products CSS
HTML Checked!
ICRA ratings logo
mindprod.com IP:[24.87.56.253]
Your IP:[80.134.30.163]
You are visitor number 1450.
Please send errors, omissions and suggestions
to improve this page to Roedy Green.
You can get a fresh copy of this page from: or possibly from your local J: drive mirror:
http://mindprod.com/jgloss/ssl.html J:\mindprod\jgloss\ssl.html