wood burning stoves*
The moose likes Sockets and Internet Protocols and the fly likes Convert SSLSocket back to decrypted Socket Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login

Win a copy of Android Security Essentials Live Lessons this week in the Android forum!
JavaRanch » Java Forums » Java » Sockets and Internet Protocols
Bookmark "Convert SSLSocket back to decrypted Socket" Watch "Convert SSLSocket back to decrypted Socket" New topic

Convert SSLSocket back to decrypted Socket

Ben Spink

Joined: Nov 12, 2008
Posts: 5
The goal is to take an existing SSL connection that has already passed sensitive information through encrypted, and switch back to using the socket decrypted. This is specifically important for FTP and NAT routers.

I am fairly sure this is possible...but I haven't figured out the trick to do so.

The socket was connected in the clear, no encryption. The command was sent to the server telling to switch to encryption. This is where SSLSocketFactory comes in and takes the socket and returns a SSLSocket. The issue is later we want to disable encryptions...but can't. I still have an original reference to the decrypted Socket...but its input/outputstreams have been taken over.

I even tried a proxy socket with two threads that were reading and writing data from the socket tot he proxy socket, but then the encryption didn't work I assume because I was a man int he middle.

How can you degrade a SSLSocket back to using no encryption...just the raw input/output streams?

(The reference for this in FTP is the command CCC.)

Ben Spink

Joined: Nov 12, 2008
Posts: 5
Code snippet of the socket proxy I attempted:

[ November 12, 2008: Message edited by: Ben Spink ]
Carey Evans
Ranch Hand

Joined: May 27, 2008
Posts: 225

It looks like you should be able to do this if you set autoClose to false when you call SSLSocketFactory.createSocket(...), and if both ends close their SSL sockets correctly. I haven't tried this myself, though.

If the standard SSLSocket code just doesn't work, you may be able to roll your own SSL sockets using SSLEngine. Because you maintain ownership of the underlying TCP sockets in this case, you can start sending unencrypted data once both ends have finished with SSL. This is a lot more complicated, though.
Ben Spink

Joined: Nov 12, 2008
Posts: 5
That was exactly it.

when generating the SSLSocket from the Socket in the call to SSLFactory.createSocket, setting the autoClose to false lets me close the SSL socket, and resume using the original socket once again.


I agree. Here's the link: http://aspose.com/file-tools
subject: Convert SSLSocket back to decrypted Socket
Similar Threads
each time encryption gives different result......??
Custom Proxy server handling both http and https?
FTP over SSL
FTP over Http Proxy
Secure FTP Data Channel