P
Pratul Chatterjee
I am trying to add SSL support to an existing unsigned applet. The applet
only opens a connection back to the originating web server and works fine.
Some of our clients prefer unsigned rather than signed applets for their
restricted privileges as part of their corporate security policies. So
signing the applet is not an immediate option.
I have added a new class in the applet. Just copying a few lines from this
class for discussion:
Security.addProvider(new com.sun.net.ssl.internal.ssl.Provider());
SSLSocketFactory sslFact = (SSLSocketFactory) SSLSocketFactory.getDefault();
mySSLSocket = (SSLSocket) sslFact.createSocket(myIPAddress, mySSLPort);
mySSLSocket.setEnabledCipherSuites(mySSLSocket.getSupportedCipherSuites());
mySSLSocket.setSoTimeout(mySocketTimeout);
myInputStream = mySSLSocket.getInputStream();
I have done some experiments on a Windows Server 2003 machine with IIS 6 and
SelfSSL. Switching on SSL on this server was straightforward.
On my client machine (i.e. Windows XP SP1, Internet Explorer
6.0.2800.xpsp2.030422-1633 and Sun JVM 1.4.1_01), I had to do the following
for the new applet to work:
1) Save the server's certificate and add it to the Java certificate
keystore.
2) Add the following line to java.policy:
permission java.security.SecurityPermission "insertProvider.SunJSSE";
Unlike my SelfSSL certificate, our production servers will carry proper
certificates, which could be verified by VeriSign/Thawte. Please let me
know if a proper certificate is enough to avoid step 1.
I also want to avoid step 2 by changing my code if possible. Please advise
me if you have any previous experience in this area.
Many thanks
Pratul Chatterjee
only opens a connection back to the originating web server and works fine.
Some of our clients prefer unsigned rather than signed applets for their
restricted privileges as part of their corporate security policies. So
signing the applet is not an immediate option.
I have added a new class in the applet. Just copying a few lines from this
class for discussion:
Security.addProvider(new com.sun.net.ssl.internal.ssl.Provider());
SSLSocketFactory sslFact = (SSLSocketFactory) SSLSocketFactory.getDefault();
mySSLSocket = (SSLSocket) sslFact.createSocket(myIPAddress, mySSLPort);
mySSLSocket.setEnabledCipherSuites(mySSLSocket.getSupportedCipherSuites());
mySSLSocket.setSoTimeout(mySocketTimeout);
myInputStream = mySSLSocket.getInputStream();
I have done some experiments on a Windows Server 2003 machine with IIS 6 and
SelfSSL. Switching on SSL on this server was straightforward.
On my client machine (i.e. Windows XP SP1, Internet Explorer
6.0.2800.xpsp2.030422-1633 and Sun JVM 1.4.1_01), I had to do the following
for the new applet to work:
1) Save the server's certificate and add it to the Java certificate
keystore.
2) Add the following line to java.policy:
permission java.security.SecurityPermission "insertProvider.SunJSSE";
Unlike my SelfSSL certificate, our production servers will carry proper
certificates, which could be verified by VeriSign/Thawte. Please let me
know if a proper certificate is enough to avoid step 1.
I also want to avoid step 2 by changing my code if possible. Please advise
me if you have any previous experience in this area.
Many thanks
Pratul Chatterjee