Reputation: 605
Can a Java server accept both SSL and plaintext connections on one port?
The title says it.
If I try to bind a ServerSocket and a SSLServerSocket to the same port I get an error. If a client tries to connect to an SSLServerSocket without SSL, the accept() method throws an error. If a client tries to connect to a ServerSocket via SSL I have no idea how I would go about establishing a secure connection.
Is it even possible?
Upvotes: 3
Views: 2039
Answers (1)
Reputation: 122649
You can accept a normal socket connection and upgrade it to SSL/TLS at a later stage, using SSLSocketFactory.createSocket(Socket s, String host, int port, boolean autoClose) (and SSLSocket.setUseClientMode(false) on the server side).
You'll need to defined a command in your plaintext protocol so that both sides can agree about an upgrade taking place (similarly to STARTTLS commands in SMTP or LDAP for example).
Alternatively, you could use port unification (as it can be done with Grizzly), whereby you try to detect whether the client initiates the connection with an SSL/TLS Client Hello message. It can be trickier to do, since you'd have to read ahead to detect the packet type (so you'd probably need to keep that buffer and pass its content into an SSLEngine, instead of being able to use the SSLSocket directly).
Upvotes: 3
Related Questions
- How make SSL server socket support both http & https in java?
- can one port listen for two different protocols?
- Support SSL and non-SSL on the same port
- Java SSL Socket Communication - Both Sending and Receiving
- Tomcat Http and Https on the same port
- Communication with server that support ssl in java
- How to make a SSL tcp server with java?
- Java multiple SSL client to one server
- Java and SSL on localhost
- Java + SSL using custom Socket