wood burning stoves 2.0*
The moose likes Sockets and Internet Protocols and the fly likes Adding SSL to an existing server/client Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login


Win a copy of Android Security Essentials Live Lessons this week in the Android forum!
JavaRanch » Java Forums » Java » Sockets and Internet Protocols
Bookmark "Adding SSL to an existing server/client" Watch "Adding SSL to an existing server/client" New topic
Author

Adding SSL to an existing server/client

Scott Harris
Greenhorn

Joined: Mar 18, 2009
Posts: 7
I've been working on a client/server for my company for the last month or so. Its pretty much done except for testing and some minor tweaks. My company writes IVR software and what I'm writing is basically an alert type system so that if something goes wrong, then the right people receive an alert (kinda like an IM) on top of receiving an email.

Right now I'm using the NIO channels and a selector with no sort of security. Which, really, isn't a big deal according to my boss because all the network data is going over the LAN, and its not like the server I wrote controls any of the IVR or can do anything to it. But, what me and my supervisor worry about is if one of the computers in the network becomes infected with a virus that sniffs network traffic, then someone could sniff out everyone's usernames/passwords for the IM system, and use some sort of exploit to gain access to the IVR. It's likely to never happen, but we're thinking of using SSL just in case.

The problem is, that we're being pressed for time and we need to get a beta version out soon. My supervisor has told me that if I can get it working in a day or two then go ahead, otherwise don't worry about it for now. One thing I was wondering is if anyone knows of a good guide or sample code I can look at to figure out what I should do.

From what I can read, it seems simple enough. You create an SSEEngine engine. I already have a ByteBuffer that holds incoming/outgoing data, and it seems like I need to create another one. Something like ByteBuffer cleartext and ByteBuffer crypText. I put the plain text in clearText, call engine.wrap(clearText, crypText). Then I just send crypText like I have been doing. When I receive data its the opposite transaction.

Is that really all there is to using SSLEngine? I read something about using Runnables and having delegate threads and stuff, but couldn't really figure out why its needed. I'm guessing there is more to it than what meets the eye, and thats what I need to find out.

 
I agree. Here's the link: http://aspose.com/file-tools
 
subject: Adding SSL to an existing server/client
 
Similar Threads
Port not being released
Encryption of client / server data
Frequency of used object in ArrayList
How should i encrypt my password?
Struts app on JRUN over HTTP/HTTPs in Apache