Date: Wed, 11 Feb 1998 08:59:02 -0800
From: Jeff.Nisewanger@Eng (Jeff Nisewanger)
Message-Id: <199802111659.IAA07710@puuoo.eng.sun.com>
To: java-security@web2.javasoft.com, sonal@dbsinternet.com
Subject: Re: About SSL and Java
> I have gone through the APIs for the "SSL Standard Extension",
> which have been published at:
>
> http://java.sun.com/jdc/earlyAccess/ssl.html
>
> But how does one deploy them? That is, are these available in the
> form of ".class" files?
Neither the API itself or the complete implementation of Java SSL
is currently available on the website as Java classes. What is available
is just the API documentation.
> Just like we use (say) the "java.net" package, how could
> "javax.net.ssl" or "javax.net" be used? Sorry, but I'm on tenterhooks
> as far as this matter is concerned. If you could tell me where these
> packages, which are extensions, could be downloaded from and
> how exactly they are to be deployed, it'll be a big help indeed.
These APIs are currently available as part of HotJava 1.1 and
Java Web Server 1.1 but there is no seperately available standalone
Java SSL extension available at this time.
> By way of being extension packages to the JDK1.1, how do they
> differ from normal packages in terms of usage etc.??
This API is packaged as a Java Standard Extension. It is not
being positioned as part of the core Java API that is guaranteed to
always be present on a full Java platform. Other than that, you would
use these Java APIs much like you would any other Java class. Some
products could come bundled with this API or you might be able to get
a seperate Java SSL extension which you could install as an extension of
an existing Java Runtime Environment.
>
> Secondly, having established a connection using the SSLSocket
> SSLServerSocket classes etc., how does one go about transferring
> data between the two machines. Also, is it that once you've used these
> classes for a connection, is all the data that goes through inherently
> encrypted and hence secure???
Yes, SSLSocket inherits from java.net.Socket and can be used
just like a Socket except that any data sent or received through it will
automatically be protected by SSL using whatever SSL security
mechanism that has been negotiated at connection startup with the SSL
server.
Jeff