After human established the communication system, how to ensure the security of communication is always an important problem. With the establishment of modern communication system, people use mathematical theory to find some effective methods to ensure the security of digital communication. In simple terms, the process of the two-party communication is treated confidentially, such as the content of the communication between the parties to encrypt, so that can effectively prevent the listener easily intercepted the content of the communication. The current SSL (Secure Sockets Layer) and its subsequent version of TLS (transport Layer Security) are sophisticated communication encryption protocols that are often used to establish encrypted communication channels between the client and the server. All kinds of development languages give the implementation of SSL/TLS protocol, Java is no exception. There is a JSSE (JAVAX.NET.SSL) package in the JDK that provides support for SSL and TLS. By providing a series of APIs, developers can use Secure sockets based on SSL or TLS, as with normal sockets, without being concerned with the details of the SSL and TLS protocols, such as the handshake process, and so on. This makes it easy to use Java to develop secure SSL/TLS servers or clients, and this article will illustrate how to develop SSL/TLS applications in Java using a specific example.
Introduction to the SSL/TLS protocol
The SSL/TLS protocol (RFC2246 RFC4346) is between the TCP/IP protocol and various application layer protocols, providing security support for data communication.
From the functional level within the Protocol, the SSL/TLS protocol can be divided into two tiers:
1. Ssl/tls Recording Protocol (SSL/TLS record Protocol), which is based on a reliable Transport layer protocol (such as TCP), provides data encapsulation, compression, encryption and other basic functions for the upper layer protocol.
2. The Ssl/tls Handshake Protocol (SSL/TLS handshake Protocol), which is based on the SSL/TLS record protocol, is used for initialization negotiation functions such as identity authentication, negotiation encryption algorithm, Exchange encryption key, etc. before the actual data transmission begins.
In terms of protocol usage, it can be divided into two categories:
1. Ssl/tls one-way certification, that is, the user to the server only the existence of unilateral authentication, that is, the client will authenticate server-side identity, and server-side will not go to authenticate the identity of the client. First, the client initiates a handshake request, and after the server receives the handshake request, it chooses the protocol version and encryption method that is appropriate for both parties. The negotiated results are then sent to the client along with the server-side public key. The client uses the server-side public key to encrypt the data to be sent and send it to the server side. When the server side receives it, it decrypts the received client's encrypted data with the local private key. The data is then used by both sides of the communication to generate an encryption key for communication between the two parties. Next, the two sides can start the secure communication process.
2.ssl/tls two-way authentication, that is, both sides will mutual authentication, that is, between the two would exchange certificates. The basic process and one-way certification are exactly the same, just a few more steps in the negotiation phase. After the server side sends the negotiated results and the server-side public key to the client, the client's certificate is requested and the client sends the certificate to the server side. Then, after the client sends encrypted data to the server, the client will send the digital signature generated by the private key to the server side. The server side uses the public key in the client certificate to verify the legality of the digital signature. After the handshake is established, the process is fully consistent with the one-way communication.
The SSL/TLS protocol establishes the basic flow of communication as shown in Figure 1,
Figure 1. SSL/TLS Basic Flow chart