Re: turn off enabled cipher suites?

Jeff Nisewanger (jdn@puuoo.eng.sun.com)
Fri, 11 Sep 1998 07:15:33 -0700 (PDT)

> I want to give my users the choice whether to enable encryption or just
> use a clear text socket. Is there any special way to
> setEnabledCipherSuites to some value that accomplishes this?
> Maybe something like NULL_NULL_WITH_NULL_NULL?

You may want to use javax.net.SocketFactory for this purpose.
If you're code and apis pass around a SocketFactory instance then the
implementation of the SocketFactory can decide what kind of sockets
to create and how to configure their options. Code that just wants
to create and use generic sockets can then just be programmed
in terms of the java.net.Socket base class and either do SSL or not.

Actual instances of SSLSocket currently always do their handshake
negotiation before any application data is sent over the socket and
the "NULL" cipher suite is not a valid negotiated cipher suite -- it
is only used for the negotiation handshake messages themselves.
In the future, the SSL api may be extended to allow application data
to be sent over an SSLSocket instance with the handshake negotiation
and subsequent use of an SSL cipher suite to protect the application
data happening in an optionally delayed manner.



Jeff