The goal is to take an existing SSL connection that has already passed sensitive information through encrypted, and switch back to using the socket decrypted. This is specifically important for FTP and NAT routers.
I am fairly sure this is possible...but I haven't figured out the trick to do so.
The socket was connected in the clear, no encryption. The command was sent to the server telling to switch to encryption. This is where SSLSocketFactory comes in and takes the socket and returns a SSLSocket. The issue is later we want to disable encryptions...but can't. I still have an original reference to the decrypted Socket...but its input/outputstreams have been taken over.
I even tried a proxy socket with two threads that were reading and writing data from the socket tot he proxy socket, but then the encryption didn't work I assume because I was a man int he middle.
How can you degrade a SSLSocket back to using no encryption...just the raw input/output streams?
(The reference for this in FTP is the command CCC.)
Joined: Nov 12, 2008
Code snippet of the socket proxy I attempted:
[ November 12, 2008: Message edited by: Ben Spink ]
It looks like you should be able to do this if you set autoClose to false when you call SSLSocketFactory.createSocket(...), and if both ends close their SSL sockets correctly. I haven't tried this myself, though.
If the standard SSLSocket code just doesn't work, you may be able to roll your own SSL sockets using SSLEngine. Because you maintain ownership of the underlying TCP sockets in this case, you can start sending unencrypted data once both ends have finished with SSL. This is a lot more complicated, though.
Joined: Nov 12, 2008
That was exactly it.
when generating the SSLSocket from the Socket in the call to SSLFactory.createSocket, setting the autoClose to false lets me close the SSL socket, and resume using the original socket once again.
I’ve looked at a lot of different solutions, and in my humble opinion Aspose is the way to go. Here’s the link: http://aspose.com
subject: Convert SSLSocket back to decrypted Socket