Summary

SSL is a secure data communication protocol layered over TCP. It inherits the properties of being reliable and connection-oriented from the underlying TCP and adds security capabilities of end-point authentication, data confidentiality and message integrity, making use of cryptography and PKI. SSL is remarkable in its ability to hide the inherent complexity of cryptographic algorithms and PKI abstractions and expose a simple and familiar interface to applications.

SSL API for Java is modeled after socket-based networking API and it is fairly straightforward to modify existing TCP programs to use SSL. Using JCA-compliant API to plug different implementation of cryptographic services and to build and install key managers and trust managers provides an extensible framework to use security components from different sources.

HTTP over SSL, also referred to as HTTPS, has been widely deployed to secure connections between a Web Browser and a Web Server for exchanging sensitive information such as user account names, passwords, credit card information, bank account details, and so on. The popularity of HTTP, and hence HTTPS, for newer uses such as Web Services communication, implies that SSL will continue to be the dominant protocol to secure online connections.

As expected, SSL communication is slower than plain TCP communication. The initial handshake required by SSL and subsequent encryption and decryption consume CPU cycles, with the net effect of decreasing communication latency and bandwidth. Fortunately, SSL allows a number of cryptographic parameters to be negotiated to meet the performance and security needs of the application. You can also boost SSL bandwidth by adding more CPU power and speedup SSL latency by special crypto accelerators.

Experimentation and troubleshooting with various configuration parameters and interaction with external components to get an SSL program working can be quite a challenge. This is where the JSTK utility ssltool can help you do your job better and quicker. Further debugging tips explained in this chapter should also come in handy.