aspose file tools*
The moose likes Sockets and Internet Protocols and the fly likes This SSL code runs... but does it provide security? Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login
JavaRanch » Java Forums » Java » Sockets and Internet Protocols
Bookmark "This SSL code runs... but does it provide security?" Watch "This SSL code runs... but does it provide security?" New topic
Author

This SSL code runs... but does it provide security?

Ivan Jouikov
Ranch Hand

Joined: Jul 22, 2003
Posts: 269
Hi! I am working on creating a simple SSL server.
The goal is for client to connect to server and have a SECURE connection. I don't want any certificate crap - all I want is (like in https) the bullet-proof connection. That is, by default, every server trusts every client, and every client trusts every server.
I seem to have achieved it by creating my OWN trust manager that implements X509TrustManager, and not throwing exception from the authorization methods.
Before I show you the code, keep in mind that keystores used by server and client are generated using keytool. Each contain a single key pair for server and for client.
The programs run just fine, but I am conserned: is security still OK even after I did all that crap?
Here's what my server code looks like:

And here's my client code:
Ivan Jouikov
Ranch Hand

Joined: Jul 22, 2003
Posts: 269
All you "pros" out there... and nobody has an answer?
 
I agree. Here's the link: http://aspose.com/file-tools
 
subject: This SSL code runs... but does it provide security?