Re: DSA certificates/SSLSocket.

Jeff Nisewanger (jdn@puuoo.eng.sun.com)
Wed, 30 Sep 1998 09:13:00 -0700 (PDT)

> Basically- I want to construct a DSA certificate and associate it with an
> SSL connection using the javax.net.ssl.SSSSocket class (which I know is
> abstract).
>
> when I compile a simple program to print out the supported cipher suites (I
> am using the ssl.jar with the HotJava Browser)- I get the following
> supported ciphers:
> Supported Suite : SSL_DH_anon_WITH_DES_CBC_SHA
> Supported Suite : SSL_DH_anon_WITH_3DES_EDE_CBC_SHA
> Supported Suite : SSL_DHE_DSS_WITH_DES_CBC_SHA
> Supported Suite : SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA
> Supported Suite : SSL_DH_anon_EXPORT_WITH_DES40_CBC_SHA
> Supported Suite : SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA
>
> since there is support for doing DHE with DSS- there has to be a way of
> associating a DSA certificate with an SSL connection (unless client
> authentication at the server is unsupported - highly unlikely!)
>
> Could someone send me a link, a code snippet on how to associate a DSA
> certificate with an SSL (connection) Socket?

HotJava Browser's SSL supports connecting to servers which
authenticate themselves using DSA certificates via the SSL_DHE_DSS_XXX
cipher suites which you list above. HotJava Browser currently does not
support SSL client authentication so there is no supported way of
setting up a client DSA or RSA certificate on the client side and using
that to authenticate with the server. One possibility would be to use
a DSA certificate on the server side and then authenticate the client,
if needed, through a traditional password-based approach.

Jeff