Such sockets are normal stream sockets, but they
add a layer of security protections over the underlying network transport
protocol, such as TCP. Those protections include:
These kinds of protection are specified by a "cipher suite", which
is a combination of cryptographic algorithms used by a given SSL connection.
During the negotiation process, the two endpoints must agree on
a ciphersuite that is available in both environments.
If there is no such suite in common, no SSL connection can
be established, and no data can be exchanged.
The cipher suite used is established by a negotiation process
called "handshaking". The goal of this
process is to create or rejoin a "session", which may protect many
connections over time. After handshaking has completed, you can access
session attributes by using the getSession method.
The initial handshake on this connection can be initiated in
one of three ways:
If handshaking fails for any reason, the SSLSocket
is closed, and no futher communications can be done.
There are two groups of cipher suites which you will need to know
about when managing cipher suites:
Implementation defaults require that only cipher
suites which authenticate servers and provide confidentiality
be enabled by default.
Only if both sides explicitly agree to unauthenticated and/or
non-private (unencrypted) communications will such a ciphersuite be
When SSLSockets are first created, no handshaking
is done so that applications may first set their communication
preferences: what cipher suites to use, whether the socket should be
in client or server mode, etc.
However, security is always provided by the time that application data
is sent over the connection.
You may register to receive event notification of handshake
completion. This involves
the use of two additional classes. HandshakeCompletedEvent
objects are passed to HandshakeCompletedListener instances,
which are registered by users of this API.
SSLSockets are created by SSLSocketFactorys,
or by accepting a connection from a
A SSL socket must choose to operate in the client or server mode.
This will determine who begins the handshaking process, as well
as which messages should be sent by each party. Each
connection must have one client and one server, or handshaking
will not progress properly. Once the initial handshaking has started, a
socket can not switch between client and server modes, even when