Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Java.nio Channels and TLS

Tags:

java

ssl

nio

socketchannel

How do I secure a Java SocketChannel, ServerSocketChannel or, perhaps even, a DatagramChannel with TLS?

I know that there are some frameworks (#1 #2) that advertise to be able, but I want to know if it is possible to achieve this with the pure Java standard library alone.

like image 334
XZS Avatar asked Feb 02 '12 19:02

XZS

People also ask

What is Java NIO channel?

In Java NIO, the channel is a medium used to transports the data efficiently between the entity and byte buffers. It reads the data from an entity and places it inside buffer blocks for consumption. Channels act as gateway provided by java NIO to access the I/O mechanism.

What is Java NIO Selector?

The Java NIO Selector is a component which can examine one or more Java NIO Channel instances, and determine which channels are ready for e.g. reading or writing. This way a single thread can manage multiple channels, and thus multiple network connections.

What is an SSL engine?

public abstract class SSLEngine extends Object. A class which enables secure communications using protocols such as the Secure Sockets Layer (SSL) or IETF RFC 2246 "Transport Layer Security" (TLS) protocols, but is transport independent. The secure communications modes include: Integrity Protection.

2 Answers

You need to use the SSLEngine, as documented in Non-blocking I/O with SSLEngine. The libraries you mention use it or use libraries that use it.

(Note that this is notoriously difficult to use.)

You may find these links interesting:

  • This answer (which also contains a link to a book chapter).
  • Notes from Jean-François Arcand who implemented it in Grizzly.
  • An example of the type of problems you can get with asynchronous SSL/TLS.
  • Getting familiar with the problems mentioned in these this question should also be relevant (in particular, how to deal with them in async mode).
  • The Simple Framework also has support for async SSL/TLS.

For Datagrams, you should look into using DTLS instead of TLS. I'm not sure of its implementation status in Java, but you could dig through the archives of the java.openjdk.security.devel mailing list.

like image 187
Bruno Avatar answered Oct 17 '22 08:10

Bruno

You need to use SSLEngine and do the handshake manually using that state machine. SSL/TLS is implemented on top of TCP so you can not use it directly on top of a DatagramChannel.

The article Non-blocking I/O with SSLEngine may be helpful.

like image 30
Jonas Avatar answered Oct 17 '22 07:10

Jonas
Sign in to Comment

Related questions

GSON - Deserialize case insensitive field name (no definite case pattern)
How to use RxJava combineLatest operator with more than 9 observables
Add opaque "shadow" (outline) to Android TextView
How to download a file from s3 using provided url?
Type promotion in Java [duplicate]
Which Rich Client Platform to use
What is the definition of "accessor method"?
Efficient comparison of 100.000 vectors
Making a JPanel manually resizable
Getting all Classes from a Package
How do I get the last modification time of a Java resource?
SSL HandShake exception
spring 3.0.5 library jars
unchecked cast warning - how to avoid this? [duplicate]
How do I sort list with criteria in hibernate
Easy Java ORM for small projects
What does it mean to have a final input parameter in method signature?
Remove trailing decimal point & zeroes with Regex
Eclipse Debug: Source Not Found while remote debugging
Java: how to transform from List<T> to Map<f1(T), List(f2(T))> without iterating

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!