I'm using Java's SSL library to secure the connections between my applications. And I noted that SSLServerSocket.accept()
returns a socket even if the handshake fails.
SSLServerSocket.accept()
won't wait until the initial handshake is done? and SSLSocket
and the handshake will be completed automatically before the actual operation? Also, does writing to and reading from SSLSockets that are currently (re)handshaking block until the current handshake is done? And if not, is it secure to operate on handshaking sockets? Will handshake and application data be sent parallel and not affecting each other?
accept()
does not initiate a handshake, it merely returns the accepted socket. The handshake is initiated when you start performing I/O on the accepted socket. This is documented behavior:
http://docs.oracle.com/javase/7/docs/api/javax/net/ssl/SSLSocket.html
The initial handshake on this connection can be initiated in one of three ways:
- calling
startHandshake
which explicitly begins handshakes, or- any attempt to read or write application data on this socket causes an implicit handshake, or
- a call to
getSession
tries to set up a session if there is no currently valid session, and an implicit handshake is done.If handshaking fails for any reason, the SSLSocket is closed, and no futher communications can be done.
...
When SSLSockets are first created, no handshaking is done so that applications may first set their communication preferences: what cipher suites to use, whether the socket should be in client or server mode, etc. However, security is always provided by the time that application data is sent over the connection.
As for handshake renegotiation, this is also documented:
http://docs.oracle.com/javase/7/docs/api/javax/net/ssl/SSLSocket.html#startHandshake()
If data has already been sent on the connection, it continues to flow during this handshake. When the handshake completes, this will be signaled with an event. This method is synchronous for the initial handshake on a connection and returns when the negotiated handshake is complete. Some protocols may not support multiple handshakes on an existing socket and may throw an IOException.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.