Some basic question about SSL
Hi
suppose that there is a server (web server) that accept https connection from a client (java SSL socket), the client first initiate the connection, then they do handshake, after successful handshake now the client can make GET/POST.... request, let say he make a "GET page1.html" request, the server accept it and respone him with the code 200 and the contents of"page1.html", OK so far so good, NOW what if the client want another page (saypage2.html), here come my question and problem:
Does the client(SSL socket create by SSLSocketFactory) need to handshake again with server, if no how does they remember that they are trust to each other, it is by cookie or by SSLSession?, if it's by SSLSession how can I reuse it.
Does the client need to recreate the socket(SSLSocketFactory.createSocket()) when he getting thepage2.html, if no why Im keep getting a "connection close by remote" exception, when I reusing the same socket intance.
any idea
Thanks
# 1
> Does the client(SSL socket create by
> SSLSocketFactory) need to handshake again with
> server
No.
> if no how does they remember that they are
> trust to each other, it is by cookie or by
> SSLSession?
SSLSession. But also if you are using URL and/or URLConnection there is connection caching behind the scenes so you may be actually reusing the same TCP connection, in which case there is no need for another handshake either.
> if it's by SSLSession how can I reuse it.
It's automatic, you don't have to do anything about it.
But the handshake is automatic too, when it's needed. Why do you need to know this information?
> Does the client need to recreate the
> socket(SSLSocketFactory.createSocket()) when
> he getting the page2.html, if no why Im keep
> getting a "connection close by remote" exception,
> when I reusing the same socket intance.
Obviously you need a new socket if the connection you're trying to use is closed. But again if you use URL/URLConnection all this is taken care of for you. Why would you use a low-level mechanism like a Socket when a higher-level mechanism is available?
ejpa at 2007-7-9 6:27:11 >
# 2
Thanks for the reply
Why would you use a low-level mechanism like a Socket when a higher-level mechanism is available?
Because there is lot of things that the URLConnection can not do, e.g can't get/set cookie, can't get/set header, and it won't work on some web server, for example the following won't work
public static void main(String[] args)
{
try
{
URL google=new URL("http://www.google.pt/search?hl=pt-PT&q=water&meta=");
java.net.URLConnection urlc=google.openConnection();
BufferedReader in=new BufferedReader(new InputStreamReader(urlc.getInputStream()));
String inputLine;
while((inputLine=in.readLine())!=null)
System.out.println(inputLine);
in.close();
}
catch(Exception e)
{
e.printStackTrace();
}
}
# 3
> Because there is lot of things that the URLConnection
> can not do
True. As long as you have a good reason!
>, e.g can't get/set cookie
True.
>can't get/set header
False:
http://java.sun.com/j2se/1.5.0/docs/api/java/net/URLConnection.html#getRequestProperty(java.lang.String)
http://java.sun.com/j2se/1.5.0/docs/api/java/net/URLConnection.html#setRequestProperty(java.lang.String,%20java.lang.String)
> and it won't work on some web server
Try setting the User-Agent header to whatever Mozilla sets it to.
ejpa at 2007-7-9 6:27:11 >
