This week's book giveaway is in the Servlets forum.
We're giving away four copies of Murach's Java Servlets and JSP and have Joel Murach on-line!
See this thread for details.
The moose likes Architect Certification (SCEA/OCMJEA) and the fly likes Ian's mock exam. Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login


Win a copy of Murach's Java Servlets and JSP this week in the Servlets forum!
JavaRanch » Java Forums » Certification » Architect Certification (SCEA/OCMJEA)
Bookmark "Ian Watch "Ian New topic
Author

Ian's mock exam.

Nigel Browne
Ranch Hand

Joined: May 15, 2001
Posts: 673
On question 1d-se003. The answer is stated as a,b,c,d.
I wonder if answer c is correct. How does SSL have the ability to hold state?
I understand SSL supports the detection of any data that is tampered with in transit between client and server and rejects falsely inserted data. However I do understand how SSL holds state if its main purpose is to provide secure TCP services to higher-level protocols.
Sanjay Raghavan
Ranch Hand

Joined: May 14, 2002
Posts: 148
Hi,
Before we get into state, an important thing to know about SSL is that it uses Asymmetric Cryptography only to establish the SSL handshake. After that is done, the client and the server communicate using identical symmetric keys.
This means that every request the client sends is going to be encrypted with a symmetric key specifically generated by the client and server (using random data and only for that session.)
Hence state is an important part of the whole equation. The server has to know who the client is in order to apply the right symmetric key. Hence SSL is a stateful protocol.
Other points...HTTP is stateless (though it is based on a TCP connection), so it does not matter what server serves the next request from the same client. Hence load balancing and DNS Round Robin e.t.c work with successive requests from the same client session.
HTTPS, on the other hand is stateful. So the same server serves successive requests from the same client session.
HTH.


Sanjay Raghavan<br />SCJP2, SCEA-J2EE<br />Moderator - <a href="http://groups.yahoo.com/group/scea_prep" target="_blank" rel="nofollow">SCEA PREP</a><br />Co-Author - <a href="http://www.whizlabs.com/scea/scea.html" target="_blank" rel="nofollow">SCEA@Whiz</a><br /><i>Where did you sip your Java Today?</i>
 
It is sorta covered in the JavaRanch Style Guide.
 
subject: Ian's mock exam.
 
Similar Threads
basic doubts
moving state of object instead of behavior?
stateless webservers and security
mock question
Remove() method call on Entity bean