jsse

How to enable client TLS session reuse in Java [duplicate]

梦想与她 提交于 2019-12-05 02:28:15
问题 This question already has an answer here : Java TLS Session Reuse after closed connection (1 answer) Closed 3 years ago . I have a Java client that may create many sessions to the same server. The TLS protocol has a facility to cache session keys and thus avoid the expensive PKI processing for each connection. But I cannot get it to actually work. openssl s_client -reconnect -state -prexit -connect localhost:1234 Reports that the server has "Reused, TLSv1/SSLv3, Cipher is ECDHE-RSA-AES256

Upgrading socket to SSLSocket with STARTTLS: recv failed

烈酒焚心 提交于 2019-12-05 01:01:04
问题 I am trying to upgrade a socket to an SSLSocket using STARTTLS. On InspIRCd's wiki this is how its supposed to work >> STARTTLS << :test2.chatspike.net 670 nickname :STARTTLS successful, go ahead with TLS handshake (SSL Handshake) So in my code I've written (slightly simplified) else if (code.equals("670")) { SSLSocketFactory sslSocketFactory = ((SSLSocketFactory) SSLSocketFactory.getDefault()); SSLSocket sslSocket = (SSLSocket) sslSocketFactory.createSocket( socket, socket.getInetAddress()

Getting SSLHandshakeException when using Dropbox Java SDK for API v2

♀尐吖头ヾ 提交于 2019-12-04 06:43:54
问题 In a XPages application I want to make use of the Dropbox Java SDK (2.1.2) for API v2 to get information about my Dropbox account. The following code is used to retrieve the corresponding account object: String atoken = "****"; DbxRequestConfig rc = new DbxRequestConfig("****"); DbxClientV2 client = new DbxClientV2(rc,atoken); DbxUserUsersRequests users = client.users(); FullAccount acc = users.getCurrentAccount(); // Exception raised here The last line raises the following exception: com

SSL Handshaking With Older Clients Using SSLEngine (JSSE)

一曲冷凌霜 提交于 2019-12-04 04:57:06
问题 This is a follow-up question to "SSL Handshaking Using Self-Signed Certs and SSLEngine (JSSE)". I have implemented a NIO Webserver that can process SSL and non-SSL messages on the same port. In order to distinguish between SSL and non-SSL messages, I check the first byte of the inbound request to see if it is a SSL/TLS message. Example: byte a = read(buf); if (totalBytesRead==1 && (a>19 && a<25)){ parseTLS(buf); } In the parseTLS() method I instantiate an SSLEngine, initiate the handshake,

jndi LDAPS custom HostnameVerifier and TrustManager

时光毁灭记忆、已成空白 提交于 2019-12-03 18:05:28
问题 We are writing an application that shall connect to different LDAP servers. For each server we may only accept a certain certificate. The hostname in that certificate shall not matter. This is easy, when we use LDAP and STARTTLS, because we can use StartTlsResponse.setHostnameVerifier(..-) and use StartTlsResponse.negotiate(...) with a matching SSLSocketFactory . However we also need to support LDAPS connections. Java supports this natively, but only if the server certificate is trusted by

How to enable client TLS session reuse in Java [duplicate]

二次信任 提交于 2019-12-03 17:32:21
This question already has an answer here : Closed 3 years ago . Java TLS Session Reuse after closed connection (1 answer) I have a Java client that may create many sessions to the same server. The TLS protocol has a facility to cache session keys and thus avoid the expensive PKI processing for each connection. But I cannot get it to actually work. openssl s_client -reconnect -state -prexit -connect localhost:1234 Reports that the server has "Reused, TLSv1/SSLv3, Cipher is ECDHE-RSA-AES256-SHA384", and same master keys. The data stream is binary, not HTTP encapsulated. The code that I use is

Upgrading socket to SSLSocket with STARTTLS: recv failed

一个人想着一个人 提交于 2019-12-03 17:06:26
I am trying to upgrade a socket to an SSLSocket using STARTTLS. On InspIRCd's wiki this is how its supposed to work >> STARTTLS << :test2.chatspike.net 670 nickname :STARTTLS successful, go ahead with TLS handshake (SSL Handshake) So in my code I've written (slightly simplified) else if (code.equals("670")) { SSLSocketFactory sslSocketFactory = ((SSLSocketFactory) SSLSocketFactory.getDefault()); SSLSocket sslSocket = (SSLSocket) sslSocketFactory.createSocket( socket, socket.getInetAddress().getHostAddress(), socket.getPort(), true); sslSocket.startHandshake(); bufferedReader = new

How to disable constraint check (Netscape cert type) in Java6?

偶尔善良 提交于 2019-12-03 14:41:29
问题 I am trying to build a custom HTTPS Server in Java (6) using the built in class com.sun.net.httpserver.HttpsServer. It works fine until I require client authentication. At that point it fails with the following exception in the SSL debug on the server. sun.security.validator.ValidatorException: Netscape cert type does not permit use for SSL client I am using certificates issued by our internal CA which is used for all applications internal to us. I checked the certificate details and found

Configure Oracle JDK to use IBM JCE/JSSE providers for FIPS compliance

我们两清 提交于 2019-12-03 13:53:11
问题 I would like to configure the Oracle JDK to use IBM's FIPS-compliant JCE/JSSE security providers. What JAR files do I need and where should they be installed? What should the provider list in the java.security file look like? 回答1: I'm using IBMJCE on sun jdk5 and it works fine. It may be similar to fips, I guess You need ibmjceprovider.jar, ibmpkcs.jar, ibmjcefips.jar You can find them in ibm jre The code like this static{ //install ibm's provider java.security.Security.addProvider(new IBMJCE

Configure Oracle JDK to use IBM JCE/JSSE providers for FIPS compliance

不羁的心 提交于 2019-12-03 04:53:17
I would like to configure the Oracle JDK to use IBM's FIPS-compliant JCE/JSSE security providers. What JAR files do I need and where should they be installed? What should the provider list in the java.security file look like? kyon I'm using IBMJCE on sun jdk5 and it works fine. It may be similar to fips, I guess You need ibmjceprovider.jar, ibmpkcs.jar, ibmjcefips.jar You can find them in ibm jre The code like this static{ //install ibm's provider java.security.Security.addProvider(new IBMJCE()); } public byte[] encrypt(byte[] input)throws SecurityException{ KeyGenerator kg = KeyGenerator
订阅 jsse