SSL support for Java

Posted on 2000-02-06
Medium Priority
Last Modified: 2010-05-18
Hi All,
Bascially my problem is like this, I have an applet which needs to call a cgi
script on the server, now everything is working alright, except that I need to
secure the data transfer between the applet and the cgi script. I can setup a SSL module on the server side, which is in fact a RedHat with Apache. The CGI
script is written in C, and I'd had a hard time implementing a decryption
module on the server side, therefore I decide to use normal HTTPS protocol to speed things up.

So do you know any SSL package in java that you HAVE USED and is good enough to solve my problem?

I've looked around the web for such a package, and found Icesoft's package is for this purpose. But when I tried it, I always get "IOExeception: This certificate has expired." error. I don't know whether this is related to their product bugs or anything else. I tried to contact their tech support, but got no reply at all, and now I am turning away from them. I don't know much about this "certificate" stuff, so if you would give me some pointers why I got this error, I greatly appreciate it.

My basic requirement about such a package is like this:

1)it'd be best for it to be able to compile under JDK1.0.2 since my applet is developed under this version.

2)The size of the package should be as small as possible, it'd be best not larger than around 20K.

3)the package should either provide a pure SSLSocket class or more better with a HTTPSURLConnection class, or something like this.

If you've done any projects like this kind, please give me some help.

Thanks in advance.

Question by:lll888
  • 3

Author Comment

ID: 2495488
Adjusted points to 143

Author Comment

ID: 2495489
sorry, I don't have enough points for this one, now I get 0 points left. So please help...

Accepted Solution

vladi21 earned 560 total points
ID: 2496544

Can Java applet post to an SSL enabled server?
Yes. All you need to do is post to the "https://" URL. You don't need to have packages such as SSLava. The URLConnection class will say that https is an unknown protocol if the applet is run in the appletviewer, but it will do the right thing if run inside the Navigator.

Do I need to sign my classes to do out of SandBox operation, when they are servered from https server?
There is no need to sign the classes if they are served from an SSL enabled server (https) server, but you need to make PrivilegeManager.enableprivilege() calls with appropriate target (even System Classes do this) for doing out of SandBox operations.



SSL (Secure Socket Layer) is the scheme proposed by Netscape Communications Corporation. It is a low level encryption scheme used to encrypt transactions in higher-level protocols such as HTTP, NNTP and FTP. The SSL protocol includes provisions for server authentication (verifying the server's identity to the client), encryption of data in transit, and optional client authentication (verifying the client's identity to the server). SSL is currently implemented commercially on several different browsers, including Netscape Navigator, Secure Mosaic, and Microsoft Internet Explorer, and many different servers, including ones from Netscape, Microsoft, IBM, Quarterdeck, OpenMarket and O'Reilly and Associates. Details on SSL can be found at:
How secure is the encryption used by SSL?
SSL uses public-key encryption to exchange a session key between the client and server; this session key is used to encrypt the http transaction (both request and response). Each transaction uses a different session key so that if someone manages to decrypt a transaction, that does not mean that they've found the server's secret key; if they want to decrypt another transaction, they'll need to spend as much time and effort on the second transaction as they did on the first.
Netscape servers and browsers do encryption using either a 40-bit secret key or a 128-bit secret key. Many people feel that using a 40-bit key is insecure because it's vulnerable to a "brute force" attack (trying each of the 2^40 possible keys until you find the one that decrypts the message). This was in fact demonstrated in 1995 when a French researcher used a network of workstations to crack a 40-bit encrypted message in a little over a week. It is thought that with specialized hardware, 40-bit messages can be cracked in minutes to hours. Using a 128-bit key eliminates this problem because there are 2^128 instead of 2^40 possible keys. To crack a message encrypted with such a key by brute force would take significantly longer than the age of the universe using conventional technology. Unfortunately, many Netscape users have browsers that support only 40-bit secret keys. This is because of legal restrictions on the encryption software that can be exported from the United States.

The SSL Protocol Specification is detailed at:
http://www.netscape.com/newsref/std/SSL_old.html - SSLv2
http://www.netscape.com/newsref/std/SSL.html - SSLv3

There is also a mailing list for discussion of SSL managed by Netscape at ssl-talk@netscape.com. You can join this list by sending mail to ssl-talk-request@netscape.com with subscribe as the subject line or the message body.

The SSL-Talk List FAQ is available at
and it contains a large amount of useful information.


Understanding Encryption and SSL

How SSL Works

detailing the Transport Layer Security & Secure Socket Layers protocols

Author Comment

ID: 2498842
Thanks for all the help. I never knew only posting to "https://URL.." will work...

Featured Post

Get expert help—faster!

Need expert help—fast? Use the Help Bell for personalized assistance getting answers to your important questions.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Java had always been an easily readable and understandable language.  Some relatively recent changes in the language seem to be changing this pretty fast, and anyone that had not seen any Java code for the last 5 years will possibly have issues unde…
In this post we will learn different types of Android Layout and some basics of an Android App.
This theoretical tutorial explains exceptions, reasons for exceptions, different categories of exception and exception hierarchy.
Viewers will learn how to properly install Eclipse with the necessary JDK, and will take a look at an introductory Java program. Download Eclipse installation zip file: Extract files from zip file: Download and install JDK 8: Open Eclipse and …
Suggested Courses

600 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question