Further Reading

This chapter has covered SSL from the perspective of a Java developer. Further details on the protocol, its evolution, supported cipher suites and so on. can be found in the book SSL and TLS: Designing and Building Secure Systems. Its author, Eric Rescorla, has developed ssldump, a freely available tool based on OpenSSL cryptographic library and libpcap packet capture library to analyze SSL traffic by capturing data packets flowing through a network interface card. You can download OpenSSL from http://www.openssl.org, libpcap from http://www.tcpdump.org, and ssldump from http://www.rtfm.com/ssldump. This tool, especially its display format, has been the inspiration behind the SSL protocol analysis capability of JSTK utility ssltool when running as a proxy.

The official document specifying the TLSv1 standard is in IETF RFC 2246. Two RFCs, RFC 2817 and RFC2818, provide information on using HTTP over SSL.

The best source for authoritative and up-to-date documentation on Java API for SSL is the official reference guide from Sun Microsystems, Java Secure Socket Extension (JSSE) Reference Guide for J2SE SDK, v1.4. This document has good background information on the underlying protocol and contains code samples and operating procedures, in addition to a description of the API classes, interfaces and standard names. Further method-level details can be found in the Javadoc API documentation.