Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

SSL Socket connection

How can I create a SSL Socket connection?

I realy need to create a keystore? This keystore should be shared with all my client applications?

I have create a server with the following code:

SSLServerSocketFactory sslserversocketfactory = (SSLServerSocketFactory) SSLServerSocketFactory
                    .getDefault();
SSLServerSocket sslserversocket = (SSLServerSocket) sslserversocketfactory
                    .createServerSocket(ServerProperties.getInstance()
                            .getVSSPAuthenticationPort());

I have create a client on android with the following code:

SSLSocketFactory sslsocketfactory = (SSLSocketFactory) SSLSocketFactory
                .getDefault();
SSLSocket sslsocket = (SSLSocket) sslsocketfactory.createSocket(
                host, authPort);

sslsocket.startHandshake();

BufferedWriter writer = new BufferedWriter(new OutputStreamWriter(
                sslsocket.getOutputStream()));
BufferedReader reader = new BufferedReader(new InputStreamReader(
                sslsocket.getInputStream()));

But when I try to connect, the following error is throwed:

javax.net.ssl.SSLHandshakeException: no cipher suites in common
    at sun.security.ssl.Alerts.getSSLException(Alerts.java:192)
    at sun.security.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1886)
    at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:276)
    at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:266)
    at sun.security.ssl.ServerHandshaker.chooseCipherSuite(ServerHandshaker.java:894)
    at sun.security.ssl.ServerHandshaker.clientHello(ServerHandshaker.java:622)
    at sun.security.ssl.ServerHandshaker.processMessage(ServerHandshaker.java:167)
    at sun.security.ssl.Handshaker.processLoop(Handshaker.java:868)
    at sun.security.ssl.Handshaker.process_record(Handshaker.java:804)
    at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1016)
    at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1312)
    at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1339)
    at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1323)
like image 408
Victor Avatar asked Sep 13 '13 13:09

Victor


People also ask

What is a socket in SSL?

What is a secure sockets layer? Secure sockets layer (SSL) is a networking protocol designed for securing connections between web clients and web servers over an insecure network, such as the internet.

What is SSL connection in Java?

Secure Socket Layer (SSL) technology is security that is implemented at the transport layer (see Transport-Layer Security, for more information about transport layer security). SSL allows web browsers and web servers to communicate over a secure connection.


1 Answers

You need a certificate to establish an ssl connection, you can load the certificate inside a keystore or you can load the certificate itself. I will show some examples for the keystore option.

Your code needs some parameters to run :

java -Djavax.net.ssl.keyStore=keyStoreFile -Djavax.net.ssl.keyStorePassword=keystorePassword Server

You can also load the keystore with java code , the simplest solution for this is to set the system properties:

System.setProperty("javax.net.ssl.keyStore", 'keystoreFile');
System.setProperty("javax.net.ssl.keyStorePassword", 'keystorePassword ');

Also you can load the keystore with a different way, its more complicated but you have the ability to do more complex things :

KeyStore ks = KeyStore.getInstance("JKS");
ks.load(new FileInputStream("keystoreFile"), "keystorePassword".toCharArray());

KeyManagerFactory kmf = KeyManagerFactory.getInstance("X509");
kmf.init(ks, "keystorePassword".toCharArray());

TrustManagerFactory tmf = TrustManagerFactory.getInstance("X509"); 
tmf.init(ks);

SSLContext sc = SSLContext.getInstance("TLS"); 
TrustManager[] trustManagers = tmf.getTrustManagers(); 
sc.init(kmf.getKeyManagers(), trustManagers, null); 

SSLServerSocketFactory ssf = sc.getServerSocketFactory(); 
SSLServerSocket s = (SSLServerSocket) ssf.createServerSocket(serverport);
SSLSocket c = (SSLSocket) s.accept();

For the clients there are a few changes in the code last lines, the 3 last lines will be replaced with these :

SSLSocketFactory ssf = sc.getSocketFactory(); 
SSLSocket s = (SSLSocket) ssf.createSocket(serverip, serverport);
s.startHandshake();

If you want to load a keystore for android the type will have to be "BKS" and not "JKS". You can find easily resources for creating a keystore.

like image 72
VGe0rge Avatar answered Oct 09 '22 00:10

VGe0rge