File APIs for Java Developers
Manipulate DOC, XLS, PPT, PDF and many others from your application.
The moose likes Architect Certification (SCEA/OCMJEA) and the fly likes Ian's mock exam. Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login

Win a copy of Java Interview Guide this week in the Jobs Discussion forum!
JavaRanch » Java Forums » Certification » Architect Certification (SCEA/OCMJEA)
Bookmark "Ian Watch "Ian New topic

Ian's mock exam.

Nigel Browne
Ranch Hand

Joined: May 15, 2001
Posts: 673
On question 1d-se003. The answer is stated as a,b,c,d.
I wonder if answer c is correct. How does SSL have the ability to hold state?
I understand SSL supports the detection of any data that is tampered with in transit between client and server and rejects falsely inserted data. However I do understand how SSL holds state if its main purpose is to provide secure TCP services to higher-level protocols.
Sanjay Raghavan
Ranch Hand

Joined: May 14, 2002
Posts: 148
Before we get into state, an important thing to know about SSL is that it uses Asymmetric Cryptography only to establish the SSL handshake. After that is done, the client and the server communicate using identical symmetric keys.
This means that every request the client sends is going to be encrypted with a symmetric key specifically generated by the client and server (using random data and only for that session.)
Hence state is an important part of the whole equation. The server has to know who the client is in order to apply the right symmetric key. Hence SSL is a stateful protocol.
Other points...HTTP is stateless (though it is based on a TCP connection), so it does not matter what server serves the next request from the same client. Hence load balancing and DNS Round Robin e.t.c work with successive requests from the same client session.
HTTPS, on the other hand is stateful. So the same server serves successive requests from the same client session.

Sanjay Raghavan<br />SCJP2, SCEA-J2EE<br />Moderator - <a href="" target="_blank" rel="nofollow">SCEA PREP</a><br />Co-Author - <a href="" target="_blank" rel="nofollow">SCEA@Whiz</a><br /><i>Where did you sip your Java Today?</i>
I agree. Here's the link:
subject: Ian's mock exam.
It's not a secret anymore!