Stack Overflow
Stack Overflow

Questions tagged [jsse]

JSSE is a Java implementation of Secure Sockets Layer (SSL) and Transport Layer Security (TLS) protocols. Its functionality includes data encryption, server authentication, message integrity, and optional client authentication.

JSSE stands for Java Secure Socket Extension. It is a Java implementation of Secure Sockets Layer (SSL) and Transport Layer Security (TLS) protocols. Its functionality includes data encryption, server authentication, message integrity, and optional client authentication.

It is so named because originally it was shipped as a separate extension to Java 1.2 and 1.3. Since Java 1.4 it has been part of the standard Java API.

This tag should be used for questions about TLS or SSL programming in Java.

295 questions
23
votes
2 answers

Why does Java's SSLSocket send a version 2 client hello?

The SSLSocket.getEnabledProtocols() method returns the following: [SSLv2Hello, SSLv3, TLSv1]. And indeed, when I call connect() and I have SSL debugging turned on, I see that a v2 client hello is used: main, WRITE: TLSv1 Handshake, length =…
Matt Solnit
  • 32,152
  • 8
  • 53
  • 57
21
votes
3 answers

Why does iOS 5 fail to connect to a server running JDK 1.6, but not JDK 1.5

We have a Java Socket Server listening on an SSLSocket (port 443) and an iOS application that connects with it. When running on iOS 5.1, the application stopped working when we upgraded the Java version of the server from JDK 1.5 to 1.6 (or 1.7).…
KC Baltz
  • 1,498
  • 1
  • 13
  • 22
18
votes
2 answers

jsse handshake_failure on public https web site

I have read a related question already, but it doesn't seem to fail at the same place I am seeing a failure. I am trying a very simple operation: public static void main(String [] argv) { try { URL u = new…
TheDon
  • 388
  • 1
  • 2
  • 11
16
votes
1 answer

What is SunX509 used for and can it work with parties using IbmX509?

When I manually create a KeyManager, one of the steps is this: KeyManagerFactory.getInstance("SunX509") This does not work on IBM jre where I need to specify "IbmX509". My questions: I read that this is called the "certificate encoding…
daramasala
  • 3,040
  • 2
  • 26
  • 33
14
votes
3 answers

How to override the cipherlist sent to the server by Android when using HttpsURLConnection?

During TLS negotiation, clients send a list of supported ciphers to the server, the server picks one, and encryption starts. I want to change this cipherlist sent to the server by Android, when I'm using HttpsURLConnection for communication. I know…
AndroidSec
  • 299
  • 1
  • 5
  • 13
14
votes
3 answers

Create app with SSLSocket Java

I want to create an app use SSLSocket: client send a String to server and server will uppercase that String and send back to client for display. SSLServer public class SSLServer { public static void main(String args[]) throws Exception { …
user1871578
  • 179
  • 2
  • 2
  • 5
13
votes
4 answers

javax.net.ssl.SSLException: java.security.InvalidAlgorithmParameterException: the trustAnchors parameter must be non-empty

I'm looking to parse an XML file that updates said file daily - the only issue I've run into is that they use their own certificate (https://...) and I can't use that specific URL, nor is there an http://... link available. URL url = new…
Acetaminophen
  • 131
  • 1
  • 1
  • 4
13
votes
8 answers

JDK/JRE source code with matching JSSE (SSL) source code and matching runnable JDK / JRE?

I have seen Where to find Java 6 JSSE/JCE Source Code? and asked the question myself How to get JRE/JDK with matching source? but I don't either of these was specific enough to get the answer I was really after, so I'm going to try a way more…
Chris Markle
  • 2,076
  • 4
  • 25
  • 46
13
votes
2 answers

SSLContext initialization

I'm looking at the JSSE reference guide, I need to obtain an instance of SSLContext in order to create a SSLEngine, so I can use it with Netty to enable security. To obtain an instance of SSLContext, I use SSLContext.getInstance(). I see that the…
manash
  • 6,985
  • 12
  • 65
  • 125
12
votes
1 answer

How to get the java.security.PrivateKey object from RSA Privatekey.pem file?

I have a RSA private key file (OCkey.pem). Using java i have to get the private key from this file. this key is generated using the below openssl command. Note : I can't change anything on this openssl command below. openssl> req -newkey rsa:1024…
Kanagavelu Sugumar
  • 18,766
  • 20
  • 94
  • 101
11
votes
0 answers

Add a custom TLS extension on Android

I am developing an Android application and want to add a custom extension on the TLS/SSL ClientHello handshake. Both OpenSSL and BoringSSL support the necessary functionality and callbacks to add custom extensions, but unfortunately Android JSSE…
yiannis
  • 121
  • 3
10
votes
2 answers

SSL Server socket want auth option

Concerning SSLServerSocket.setWantClientAuth: If this is set to true if the client chooses to not send a certificate the negotiation continues. Also I noticed this also happens if the client sends a certificate but is not part of the truststore.The…
Jim
  • 18,826
  • 34
  • 135
  • 254
9
votes
2 answers

Robolectric test that uses OkHttp for real HTTP requests throws java.lang.NullPointerException: No password supplied for PKCS#12 KeyStore

I'm using Robolectric 4.3.1 (testImplementation "org.robolectric:robolectric:4.3.1") to create an Android sqlite environment for my integration tests. My system uses OkHttp (implementation 'com.squareup.okhttp3:okhttp:3.14.7') for real HTTP…
Heath Borders
  • 30,998
  • 16
  • 147
  • 256
9
votes
4 answers

Can I avoid putting key store password on command-line with JSSE?

We are using Maven 2 and have a maven repository manager secured with SSL client authentication. In order for Maven to access the repository the following system properties must be passed to…
kldavis4
  • 2,177
  • 1
  • 22
  • 33
9
votes
3 answers

How to configure TLS connections to protect them from freak attack (CVE 2015-0204)?

For the vulnerabilty see https://freakattack.com/. Mozilla wiki has a page with recommendations for ciphersuites: https://wiki.mozilla.org/Security/Server_Side_TLS#Recommended_configurations How would I apply those or similar recommendations in the…
Gustave
  • 3,359
  • 4
  • 31
  • 64
1
2
3
19 20