How to create a secured TCP connection via TLS v.1.2 in Java

Argho Chatterjee picture Argho Chatterjee · Jan 14, 2016 · Viewed 20.8k times · Source

I want to create commnicate between two systems via TLS v1.2. The information it contains is confidential. I want to avoid an https web service call and diectly want to perform message exchange at the TCP layer.

Can you suggest how to implement this where I can securely transfer data via TLS v1.2.

EDIT:

I have written the following code after reading the below answers

SSLServer

        System.setProperty("javax.net.ssl.keyStore", "/home/user/.keystore");
        System.setProperty("javax.net.ssl.keyStorePassword", "changeit");

        SSLServerSocketFactory ssf = (SSLServerSocketFactory) SSLServerSocketFactory.getDefault();
        ServerSocket ss = ssf.createServerSocket(8362);
        while (true) {
            System.out.println("awaiting to accept..");
          Socket s = ss.accept();
          SSLSession session = ((SSLSocket) s).getSession();
          Certificate[] cchain2 = session.getLocalCertificates();
          for (int i = 0; i < cchain2.length; i++) {
            System.out.println(((X509Certificate) cchain2[i]).getSubjectDN());
          }
          System.out.println("Peer host is " + session.getPeerHost());
          System.out.println("Cipher is " + session.getCipherSuite());
          System.out.println("Protocol is " + session.getProtocol());
          System.out.println("ID is " + new BigInteger(session.getId()));
          System.out.println("Session created in " + session.getCreationTime());
          System.out.println("Session accessed in " + session.getLastAccessedTime());


          PrintStream out = new PrintStream(s.getOutputStream());

          /*BufferedReader in = new BufferedReader(new InputStreamReader(
                    s.getInputStream()));*/
          boolean isChatOver = false;
          System.out.println("\n\n*******************Type Below********************");
          System.out.println("To End Chat Type 'Bye'!");

          BufferedReader br = new BufferedReader(new InputStreamReader(System.in));

          while(!isChatOver) {
              String nextChat = br.readLine();
              out.println(nextChat);
              if("bye".equalsIgnoreCase(nextChat.trim())) {
                  isChatOver = true;
              }
          }

          out.close();
          s.close();
        }

SSLClient

    System.setProperty("javax.net.ssl.trustStore", "/home/user/.truststore");
    System.setProperty("javax.net.ssl.trustStorePassword", "changeit");

    SSLSocketFactory ssf = (SSLSocketFactory) SSLSocketFactory.getDefault();
    Socket s = ssf.createSocket("127.0.0.1", 8362);

    SSLSession session = ((SSLSocket) s).getSession();
    Certificate[] cchain = session.getPeerCertificates();
    System.out.println("The Certificates used by peer");
    for (int i = 0; i < cchain.length; i++) {
        System.out.println(((X509Certificate) cchain[i]).getSubjectDN());
    }
    System.out.println("Peer host is " + session.getPeerHost());
    System.out.println("Cipher is " + session.getCipherSuite());
    System.out.println("Protocol is " + session.getProtocol());
    System.out.println("ID is " + new BigInteger(session.getId()));
    System.out.println("Session created in " + session.getCreationTime());
    System.out.println("Session accessed in "
            + session.getLastAccessedTime());

    BufferedReader in = new BufferedReader(new InputStreamReader(
            s.getInputStream()));
    boolean isChatOver = false;
    while(!isChatOver) {
        if(in.ready()) {
            Thread.sleep(5000);
        }
        String nextChat = in.readLine();
        System.out.println("server says : " + nextChat);
        if("bye".equalsIgnoreCase(nextChat.trim())) {
            System.out.println("**************************************Closing Session.*********************************************");
            isChatOver = true;
        }
    }
    in.close();

In the above code, is my code directly passing message to TCP Layer after encryption using TLS 1.2 ? I hope it does not call an https internally because I want to avoid application layer at all cost.

Kindly let me know in case of any queries in the question.

Thanks cheers :))

Answer