This week's giveaway is in the Android forum.
We're giving away four copies of Android Security Essentials Live Lessons and have Godfrey Nolan on-line!
See this thread for details.
The moose likes Sockets and Internet Protocols and the fly likes This SSL code runs... but does it provide security? Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login


Win a copy of Android Security Essentials Live Lessons this week in the Android forum!
JavaRanch » Java Forums » Java » Sockets and Internet Protocols
Bookmark "This SSL code runs... but does it provide security?" Watch "This SSL code runs... but does it provide security?" New topic
Author

This SSL code runs... but does it provide security?

Ivan Jouikov
Ranch Hand

Joined: Jul 22, 2003
Posts: 269
Hi! I am working on creating a simple SSL server.
The goal is for client to connect to server and have a SECURE connection. I don't want any certificate crap - all I want is (like in https) the bullet-proof connection. That is, by default, every server trusts every client, and every client trusts every server.
I seem to have achieved it by creating my OWN trust manager that implements X509TrustManager, and not throwing exception from the authorization methods.
Before I show you the code, keep in mind that keystores used by server and client are generated using keytool. Each contain a single key pair for server and for client.
The programs run just fine, but I am conserned: is security still OK even after I did all that crap?
Here's what my server code looks like:

And here's my client code:
Ivan Jouikov
Ranch Hand

Joined: Jul 22, 2003
Posts: 269
All you "pros" out there... and nobody has an answer?
 
 
subject: This SSL code runs... but does it provide security?
 
Similar Threads
regarding https connectivity
How to attach a certificate to a socket and send a https POST request?
SSL - client side - trusting untrusted certificates?
JSSE Problem
SSL EXCEPTION!!!