http://java.sun.com/security/ssl/API_users_guide.html

Life is hard, and then you die. (ronald@innovation.ch)
Sat, 12 Dec 1998 09:52:50 +0100 (MET)

Hi,

Is there any archive of any discussions on this API?

Anyway, I have the following problem with the current spec: how do I
create a plain Socket, talk some protocol (such as SOCKS5, HTTP CONNECT,
whatever) to establish a tunnel through a proxy, and then start the SSL
handshake? For the life of me, I can't figure out how this can be
achieved with the current API. But this is a pretty standard requirement.

One solution of course is to have a constructor in SSLSocketFactory
which takes a java.net.Socket. However, this might not be such a nice
solution. A possibly nicer one would be to be able to delay the SSL
handshake on an SSLSocket. Example:

SSLSocket sock = factory.getSocket("www.some.host", 443);
sock.setAutomaticHandshake(false);
... // getInputStream()/getOutputStream() don't trigger
// the handshake - all data read and written goes over
// the connection as plaintext
sock.startHandshake();
... // read()'s/write()'s to the streams are now SSL'd (i.e.
// usually encrypted)

This would require two new methods to SSLSocket: setAutomaticHandshake()
and getAutomaticHandshake() (maybe a there is a better name...), with
the default being the current behaviour (i.e. getInputStream() or
getOutputStream() triggers startHandshake()).

Pardon if this has been asked before, but I couldn't find any note to
that effect.

Cheers,

Ronald