是否可以将普通套接字更改为SSLSocket? [英] Is it possible to change plain socket to SSLSocket?
问题描述
普通套接字服务器侦听端口 12345 ;
There is a plain socket server listening on port 12345;
ServerSocket s = new ServerSocket(12345);
我想知道的是:有可能:
What I want to know is that it is possible that:
- 如果客户端发送
http请求,服务器会直接处理请求, - 如果客户端发送
https请求,服务器将客户端套接字更改为SSLSocket?
- If the client send a
httprequest, the server handle the request directly, - If the client send a
httpsrequest, the server change client socket to SSLSocket?
谢谢
推荐答案
是否可以将普通套接字
更改为SSLSocket?
Is it possible to change plain socket to SSLSocket?
是的,确实如此。在服务器端,以下工作:
Yes, it is. On the server side, the following works:
ServerSocketFactory ssf = ServerSocketFactory.getDefault();
ServerSocket serverSocket = ssf.createServerSocket(12345);
// I've initialised an sslContext with a keystore, as you normally would.
Socket socket = serverSocket.accept();
SSLSocketFactory sslSf = sslContext.getSocketFactory();
// The host name doesn't really matter, since we're turning it into a server socket
// (No need to match the host name to the certificate on this side).
SSLSocket sslSocket = (SSLSocket) sslSf.createSocket(socket, null,
socket.getPort(), false);
sslSocket.setUseClientMode(false);
// Use the sslSocket InputStream/OutputStream as usual.
SSLSocketFactory.createSocket(Socket,...)默认情况下会将现有的 Socket 转换为客户端模式 SSLSocket 。由于握手仅在您开始使用I / O流进行读/写时开始,因此仍然需要使用 setUseClientMode(false)来更改模式。
SSLSocketFactory.createSocket(Socket, ...) will by default convert the existing Socket into a client-mode SSLSocket. Since the handshake only starts when you start reading/writing with the I/O streams, it's still time to change the mode using setUseClientMode(false).
关于问题的其余部分:
我想知道的是它是
可能:
What I want to know is that it is possible that:
- 如果客户端发送http请求,服务器直接处理请求
, - 如果客户端发送https请求,服务器将客户端
套接字更改为SSLSocket?
再次,是的,这是可能的。它有时被称为端口统一,它是在Grizzly中实施,因此 Glassfish 。
Again, yes, it's possible. It's sometimes referred to as "port unification" and it's implemented in Grizzly and thus Glassfish.
它的工作原理是HTTP和TLS(HTTPS工作)都是预期客户端首先通话的协议。因此,服务器可以检测客户端最初发送的是TLS ClientHello 消息(在这种情况下应该尝试继续进行TLS握手)还是普通的HTTP请求(例如 GET / HTTP / 1.1 ...)。
It works because both HTTP and TLS (upon which HTTPS works) are protocols where the client is expected to talk first. Therefore, the server can detect whether what the client initially sends is a TLS ClientHello message (in which case it should try to proceed with the TLS handshake) or a plain HTTP request (e.g. GET / HTTP/1.1...).
我怀疑端口统一更容易使用 SSLEngine ,否则,可能很难在普通套接字上实现预读,你仍然可以通过 SSLSocketFactory.createSocket进行转换(套接字,......)。
I suspect port unification is "easier" to do using SSLEngine, otherwise, it might be hard to implement a read-ahead on a plain socket, which you would still be able to convert via SSLSocketFactory.createSocket(Socket, ...).
请注意,这仍然很不寻常。
Note that this is still rather unusual, though.
这篇关于是否可以将普通套接字更改为SSLSocket?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
