Summary

JSSE hides a lot of the complexities of SSL and TLS, but provides the security of either protocol. SSL and TLS provide integrity between data connections, a means of transferring keys, and encryption to the data sent between the connections for confidentiality. To accomplish the work that JSSE provides would require an in-depth knowledge of both the TCP/IP and UDP/IP protocols to extend the Java Socket layer as well as the ability to implement the SSL and TLS protocol. Using the input and output streams enables the developer to work with just the data and not decipher each block of data and maintain the session keying in the protocol itself. There is a great deal of complexity that is hidden from the developer of JSSE. However, using SSL and TLS on the Internet is a must for providing any level of security.

This chapter provided an introduction to JSSE, and steps must be taken in the future to enhance the security wherever possible. There are many places that the developer must anticipate attacks. The KeyStore and TrustStore must be secure, as well as any access to the code. Each endpoint must be examined to ensure that there are no security issues at a package and coding level. Some extra precautions can be established to combine other techniques.

An example is using a KeyStore and certificates from the LDAP interface and taking advantage of the security of LDAP. Another is using the SSLPermissions and security manager of the server and client to provide only local initialization of the server through a JAAS authentication so that only an authenticated user can start and stop the SSLServer . These are just a couple of examples of enhancing applications. The developer and architect should understand a multitude of protocols and algorithms and provide their own combination that seems reasonable. The security measures described are just building blocks. The architect should provide a robust and steady way to combine the blocks.