So, I have been using the Java Websockets API to create a WebSocket server in Java, which worked just fine, until I realized I should be using an SSL encrypted connection using "wss:myurl.tld". Basically, the API wants an SSLContext object to work with SSL, but I can't for the life of me figure out how to make one of those.
I looked at some examples and found out that if I could make a Java KeyStore file with a certificate I could make it work, so I tried to do that.
I started fiddling around with trying to get a "Let's Encrypt" certificate following these instructions but I ran into to some problems.
I run windows and I could find no software using the Let's Encrypt system that worked the same as in the instructions, and homebrew on my mac machine is broken, and it's running a too old OS to update.
Being rather inexperienced with SSL I had no real idea what to put in as parameters.
So, in short, how do I make my Java Websocket server use a secure SSL connection?
Oh, and pardon my messy English and lack of question-writing skills, I'm a bit new to these sorts of things.
Related
I'm trying to setup my springboot app on Debian Stretch production server. App uses TLS 1.2 and HTTP2 so I ran it with embedded Undertow and it worked flawlessly on Windows, however it seems to just drop connection after Client Hello on Linux.
this is what it looks like in wireshark:
I was able to connect over insecure http/1.1 with no problems though. I'm pretty sure it has something to do with TLS, because turning it off in application.properties allows Undertow to fallback to http/1.1. (I need multiplexing though)
And I can't find anything that could cause such behaviour. It's not keystore because I get no errors in Java.
The only thing I had to change from Windows were JVM parameters I had to change to make it use IPv4:
java -Xbootclasspath/p:/home/dptools/alpn-boot-8.1.11.v20170118.jar -Djava.net.preferIPv4Stack=true -Djava.net.preferIPv4Addresses -jar dpTools-0.0.1-SNAPSHOT.jar
Turns out it was keystore after all, not exactly keystore, but keypair inside. Apparently putting special characters in alias is not a good idea. after switching to alphanumeric alias it works. What concerns me is lack of any error on socket binding.
I am writing a Java proxy which communicates to other servers using SSL.
It all works well using ServerSocketFactory along with keystore and trustore which is populated with the server cert.
I wonder, is there a way in Java 7 to disable the certification and trust all servers? (and yes I know this is risky - bu the proxy is for internal use only)
I have seen some examples of implementing TrustManager using X509TrustManager implementation, although apparently Java 7 does not support these contracts and X509TrustManager itself has been deprecated.
Appreciate your advise and any code sample on Java 7 that works.
MITM proxy servers (i.e. servers capable of looking into SSL/TLS traffic) normally use their own CA to generate fake certificates for the requested site.
Install this CA certificate in your client's trust store instead of tweaking the code. This is a much cleaner solution, and in the long run, it's easier to deploy.
(For a more direct answer to your question, the countless example of trust managers that do nothing still work fine in Java 7.)
What I did was implementing a java.security.Provider using the code mentioned in this post
https://code.google.com/p/misc-utils/wiki/JavaHttpsUrl
Note: it is the second solution offered.
This post does not mention that you should also add a keystore in-order to make things work.
So, these VM argument should be set as well (Unless so you will get an error message of "no cipher suites in common"):
-Djavax.net.ssl.keyStore=KEYSTORE LOCATION
-Djavax.net.ssl.keyStorePassword=YOUR PASS
I hope this will help you, since in all the places I looked at this part was not mentioned.
I have an GUI which is designed in JAVA and act as an client, and can communicate remotely to an server which is written in C/C++. Communication between them is made through Sockets. However the messages sent are not encrypted and is vulnerable to man-in-the-middle attacks. I was wondering what the best solution will be to protect the communication and wanted to implement SSL. Is it possible to do so, and if yes, what toolkit I should look into.
Java contains an SSL implementation called JSSE. See the Javadoc for the javax.net.ssl package. There is also a tutorial, and several examples are provided with the JDK.
You might not even need to modify the server at all. You could just stick stunnel in front of it.
A warning: With TLS/SSL you face a whole bunch of additional error conditions that you might need report or log, especially concerning certificates (wrong, expired, unable to verify due to networking / DNS issues)
I'm currently investigating for a client a solution where he wants to send and receive files using sftp in Domino.
I have looked on the net for API's covering this and found one recommended more than others; JSch.
One reason for choosing this API is for its use by others including Eclipse.
What I'd like to know is:
if there're any obsticales using this Library? If so, can you recommend any other?
are there any other caveats using sftp in Domino Java?
does Domino JVM support JavaTM Cryptography Extension (JCE)?
can we use Dominos self-signed certificates here, with Dominos CA?
/Mike
1) Sending. This should work, but you will probably have to deal with the JVM's Security Manager ("/jvm/lib/security/java.policy") of Domino to get a socket, ...
2) Receiving: You probably don't want to implement a SSH server inside domino. It's much easier and more secure to use the SSH server of the host and periodicaly scoop up the inbound files via an Agent.
Dominos Self Signed SSL certificates have nothing to do with SSH as implemented by JSch.
3) The Domino JVm will probably support theJavaTM Cryptography Extension (JCE). Watch out for the supported JRE versions of Domino.
4) Generally: Are you sure, you want to implement it that way? Probably way easier are either WebServices or a REST-API, both via SSL/TLS and optionally facilitating client certificates.
I have a requirement to use client/server architecture and with Open SSL authentication.
Here, how server to know the connect client using their OPen SSL certificate?
Anyone knows the link, sample then please reply me.We have to develop it in Java.
OpenSSL is not Java, so your solution cannot be both - but I think I know what is intended.
Normally OpenSSL is used as part of Apache http as part of mod_ssl. This in turn uses a "connector" to send the requests to an application server, e.g. Apache Tomcat. You can configure this connector to also send the SSL certificates to tomcat if that is required, but normally the authentication/verification is handled within the deamon.
All this is pretty easy to Google, although you should factor in some time to fully understand the connectors. You've the keywords, now use them :)