Is keystore and truststore mandatory for ssl?

Question

I have the following client and server which uses SSL:

Client code (desktop):

        SSLSocket socket= (SSLSocket)sslsf.createSocket(ip,Constants.CHAT_SERVER_PORT);
        final String[] enabledCipherSuites = socket.getSupportedCipherSuites();
        socket.setEnabledCipherSuites(enabledCipherSuites); 

Server Code (Android):

        SSLServerSocket ss=(SSLServerSocket)sslssf.createServerSocket(Constants.CHAT_SERVER_PORT);
        final String[] enabledCipherSuites = ss.getSupportedCipherSuites();
        ss.setEnabledCipherSuites(enabledCipherSuites);         
        while(true){                
            Socket s=ss.accept();
        }

I am using them without truststore and keystore. Are they mandatory?

Answer 1

Finally with the following code I have resolved the keystore issue for the Android Server:-

try{                
      String keyStoreType = KeyStore.getDefaultType();
      KeyStore keyStore = KeyStore.getInstance(keyStoreType);
      keyStore.load(Dummy.class.getResourceAsStream("IPMessengerServerKeystore"), "dhar9654".toCharArray());                

      String keyalg=KeyManagerFactory.getDefaultAlgorithm();
      KeyManagerFactory kmf=KeyManagerFactory.getInstance(keyalg);
      kmf.init(keyStore, "dhar9654".toCharArray());

      SSLContext context = SSLContext.getInstance("TLS");
      context.init(MainActivity.kmf.getKeyManagers(), null, null);          
      SSLServerSocket ss=(SSLServerSocket)context.getServerSocketFactory().createServerSocket(Constants.CHAT_SERVER_PORT);

  }catch(Exception e){
     e.printStackTrace();
   }     

Answer 2

You only need a keystore if you are going to be asked for a certificate, i.e. if you are server or the server wants client authentication.

A default truststore is shipped with Java. It is used if you don't specify another one.

Don't enable the disabled cipher suites. They are insecure. You're just avoiding the problem. Solve it.