File APIs for Java Developers
Manipulate DOC, XLS, PPT, PDF and many others from your application.
http://aspose.com/file-tools
The moose likes Sockets and Internet Protocols and the fly likes Need Advice on creating a server that uses SSL! Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login


Win a copy of Spring in Action this week in the Spring forum!
JavaRanch » Java Forums » Java » Sockets and Internet Protocols
Bookmark "Need Advice on creating a server that uses SSL!" Watch "Need Advice on creating a server that uses SSL!" New topic
Author

Need Advice on creating a server that uses SSL!

Ivan Jouikov
Ranch Hand

Joined: Jul 22, 2003
Posts: 269
Hi!
I am trying to make a MUD server, client, (and protocol) that use SSL for communication...
I've read some info on SSL and certificates and stuff, but I am still confused about the whole system...
What I want from SSL is: the name (adv. purposes), and the "secure connection" - so nobody can see what you send to server, or change it...
all the examples that I saw use some kind of trust store and key store for certificates, which I completely don't understand...
What I want is the web browser model - when a client connects to a server (as in https), they have a secure connection, and neither the client, nor the server need to do any certificate crap...
How would I achieve that?
__________
SO far, I've build a simple server and a client that use a "test" certificate... Here's the server code:


ANd here's the client code:

And here's what happens when I try to run server and then client:
SERVER OUTPUT:
Trying to create server socket...
Server socket has been initialized, waiting for clients...
Client connected from /127.0.0.1...
Server: Enter a message:
javax.net.ssl.SSLException: Connection has been shutdown: javax.net.ssl.SSLHandshakeException: Received fatal alert: certificate_unknown
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.d(DashoA6275)
at com.sun.net.ssl.internal.ssl.AppInputStream.read(DashoA6275)
at com.sun.net.ssl.internal.ssl.AppInputStream.read(DashoA6275)
at java.io.DataInputStream.readLine(DataInputStream.java:562)
at ivj.MUD.server.Daemon.main(Daemon.java:52)
Caused by: javax.net.ssl.SSLHandshakeException: Received fatal alert: certificate_unknown
at com.sun.net.ssl.internal.ssl.BaseSSLSocketImpl.a(DashoA6275)
at com.sun.net.ssl.internal.ssl.BaseSSLSocketImpl.b(DashoA6275)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.b(DashoA6275)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(DashoA6275)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.j(DashoA6275)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(DashoA6275)
at com.sun.net.ssl.internal.ssl.AppOutputStream.write(DashoA6275)
at java.io.PrintStream.write(PrintStream.java:258)
at sun.nio.cs.StreamEncoder$CharsetSE.writeBytes(StreamEncoder.java:336)
at sun.nio.cs.StreamEncoder$CharsetSE.implFlushBuffer(StreamEncoder.java:404)
at sun.nio.cs.StreamEncoder.flushBuffer(StreamEncoder.java:115)
at java.io.OutputStreamWriter.flushBuffer(OutputStreamWriter.java:169)
at java.io.PrintStream.write(PrintStream.java:305)
at java.io.PrintStream.print(PrintStream.java:448)
at java.io.PrintStream.println(PrintStream.java:585)
at ivj.MUD.server.Daemon.main(Daemon.java:51)
Exception in thread "DAEMON"

CLIENT OUTPUT:

Attempting to create socket on 127.0.0.1:1234...
Success!
javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: No trusted certificate found
at com.sun.net.ssl.internal.ssl.BaseSSLSocketImpl.a(DashoA6275)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(DashoA6275)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(DashoA6275)
at com.sun.net.ssl.internal.ssl.SunJSSE_az.a(DashoA6275)
at com.sun.net.ssl.internal.ssl.SunJSSE_az.a(DashoA6275)
at com.sun.net.ssl.internal.ssl.SunJSSE_ax.a(DashoA6275)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(DashoA6275)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.j(DashoA6275)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(DashoA6275)
at com.sun.net.ssl.internal.ssl.AppInputStream.read(DashoA6275)
at com.sun.net.ssl.internal.ssl.AppInputStream.read(DashoA6275)
at java.io.DataInputStream.readLine(DataInputStream.java:562)
at ivj.MUD.client.Test.main(Test.java:45)
Caused by: sun.security.validator.ValidatorException: No trusted certificate found
at sun.security.validator.SimpleValidator.buildTrustedChain(SimpleValidator.java:304)
at sun.security.validator.SimpleValidator.engineValidate(SimpleValidator.java:107)
at sun.security.validator.Validator.validate(Validator.java:202)
at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkServerTrusted(DashoA6275)
at com.sun.net.ssl.internal.ssl.JsseX509TrustManager.checkServerTrusted(DashoA6275)
... 10 more
Exception in thread "main"

So.. how would I go about making it the web-browser way?
Thank you in advance,
Ivan Jouikov
Ivan Jouikov
Ranch Hand

Joined: Jul 22, 2003
Posts: 269
Doesn't anybody here know how to avoid using certificates with SSL?
Torsten Schippel
Ranch Hand

Joined: May 09, 2003
Posts: 62
Hi Ivan,
by default the browser uses certificates. You need to install a certficate into the web server to enable SSL.
You need to send the symmetric session key securely to the other peer. The browser SSL uses RSA for that. So you need at least one certificate.
The SSL protocol also supports Diffie-Hellmann key agreement to exchange the key. But you have to enable this first.
server side add:
serversocket.setEnabledCipherSuites(serversocket.getSupportedCipherSuites());
before it accepts any connection.
client side add:
socket.setEnabledCipherSuites(socket.getSupportedCipherSuites());
before it send anything
This just enables all other cipher suites which are not enabled by default. Now remove all your certficate and keystore stuff. The systems should now use DH key agreement.
You may also set only one cipher suite e.g. SSL_DH_anon_WITH_RC4_128_MD5 to be sure it will used.

HTH
Torsten
 
I agree. Here's the link: http://aspose.com/file-tools
 
subject: Need Advice on creating a server that uses SSL!