Java.nio Channels and TLS

java nio ssl socketchannel

XZS · Feb 2, 2012 · Viewed 16.8k times · Source

How do I secure a Java SocketChannel, ServerSocketChannel or, perhaps even, a DatagramChannel with TLS?

I know that there are some frameworks (#1 #2) that advertise to be able, but I want to know if it is possible to achieve this with the pure Java standard library alone.

Answer

You need to use the SSLEngine, as documented in Non-blocking I/O with SSLEngine. The libraries you mention use it or use libraries that use it.

(Note that this is notoriously difficult to use.)

You may find these links interesting:

This answer (which also contains a link to a book chapter).
Notes from Jean-François Arcand who implemented it in Grizzly.
An example of the type of problems you can get with asynchronous SSL/TLS.
Getting familiar with the problems mentioned in these this question should also be relevant (in particular, how to deal with them in async mode).
The Simple Framework also has support for async SSL/TLS.

For Datagrams, you should look into using DTLS instead of TLS. I'm not sure of its implementation status in Java, but you could dig through the archives of the java.openjdk.security.devel mailing list.

Java.nio Channels and TLS

Answer

Related questions