SSL implementation for SocketChannel in java [closed]

Question

I am looking at classes of the package java.nio.channels but only finding plain socket implementations. I can use the SSLEngine to encrypt and decrypt traffic, but that would be quite a bit of handling. Anybody knows of a proper implementation/extension of SocketChannel that handles crypto internally?

Answer 1

The most simple implementation that I've see was alkarn SSL Engine Example. This is probably what you're looking for. This is an actual implementation of SSLEngine and only has 3 classes in total. You can just copy that and run.

I'll paste some of his doc page here for convenience:

Server:

NioSslServer server = new NioSslServer("TLSv1.2", "localhost", 9222);
server.start();

Client

NioSslClient client = new NioSslClient("TLSv1.2", "localhost", 9222);
client.connect(); 

You may wonder why there isn't something like this just built in. Well, I'm not super familiar with this specific area, but I know that the following is in the JSSE Reference Guide:

Newcomers to the API may wonder "Why not just have an SSLSocketChannel which extends java.nio.channels.SocketChannel?" There are two main reasons:

• There were a lot of very difficult questions about what a SSLSocketChannel should be, including its class hierarchy and how it should interoperate with Selectors and other types of SocketChannels. Each proposal brought up more questions than answers. It was noted that any new API abstraction extended to work with SSL/TLS would require the same significant analysis and could result in large and complex APIs.
• Any JSSE implementation of a new API would be free to choose the "best" I/O & compute strategy, but hiding any of these details is inappropriate for those applications needing full control. Any specific implementation would be inappropriate for some application segment.

See: JSSE Reference Guide

I believe that the goal here is to allow the developer full control of the implementation so as to not make the package unusable.

---

Alternative to SSLEngine

You can also use Jetty or something like it:

There used to be something called "SslSelectChannelConnector" which might work depending on what you have available in your environment. However, "SslSelectChannelConnector" has since been deprecated (I think since version 9)?

The replacement is org.eclipse.jetty.server.SslConnectionFactory

You can see the full docs here: Jetty Docs 9.4.7.v20170914

Here is an example of SslConnectionFactory being used: Eclipse Github Example

You may find this "Embedded Jetty" method interesting as well: Embedded Jetty Example