[英]Java How to make a socket connection secure?
I want to setup a secure socket connection between a Server and a Client.我想在服务器和客户端之间设置安全套接字连接。 My protocol is:
我的协议是:
The problem: This protocol is very vulnerable against Man-in-the-middle attacks.问题:这个协议很容易受到中间人攻击。 A attacker could easily send his own public key to the server, and receive the AES key.
攻击者可以轻松地将自己的公钥发送到服务器,并接收 AES 密钥。 The attacker can spoof to be the server to the client and to be the client to the server.
攻击者可以伪装成客户端的服务器和服务器的客户端。
How to make my connection secure?如何确保我的连接安全?
As Marc says, use TLS.正如 Marc 所说,使用 TLS。 TLS uses Diffie-Hellman to secure the connection between A and B. This is also what makes HTTPS secure.
TLS 使用Diffie-Hellman来保护 A 和 B 之间的连接。这也是 HTTPS 安全的原因。
Here's a short example in Java. 这是Java 中的一个简短示例。 Note that the term SSL is used - TLS used to be SSL, but the term is still used interchangeably.
请注意,使用术语 SSL - TLS 曾经是 SSL,但该术语仍可互换使用。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.