Java的SSLSocket安全吗？

Question

I Need to create a Secure socket Communication in java. Can i just use the sslsocket class or is there any other thing that i have to Take care of?

Does the sslsocket do everything of the encryption?

Answer 1

public abstract class SSLSocket extends Socket

This class extends Sockets and provides secure socket using protocols such as the "Secure Sockets Layer" (SSL) or IETF "Transport Layer Security" (TLS) protocols. Such sockets are normal stream sockets, but they add a layer of security protections over the underlying network transport protocol, such as TCP. Those protections include: • Integrity Protection. SSL protects against modification of messages by an active wiretapper. • Authentication. In most modes, SSL provides peer authentication. Servers are usually authenticated, and clients may be authenticated as requested by servers. • Confidentiality (Privacy Protection). In most modes, SSL encrypts data being sent between client and server. This protects the confidentiality of data, so that passive wiretappers won't see sensitive data such as financial information or personal information of many kinds.

These kinds of protection are specified by a "cipher suite", which is a combination of cryptographic algorithms used by a given SSL connection. During the negotiation process, the two endpoints must agree on a ciphersuite that is available in both environments. If there is no such suite in common, no SSL connection can be established, and no data can be exchanged.

http://docs.oracle.com/javase/7/docs/api/javax/net/ssl/SSLSocket.html