3

The title says it.

If I try to bind a ServerSocket and a SSLServerSocket to the same port I get an error. If a client tries to connect to an SSLServerSocket without SSL, the accept() method throws an error. If a client tries to connect to a ServerSocket via SSL I have no idea how I would go about establishing a secure connection.

Is it even possible?

Kristaps Baumanis
  • 563
  • 1
  • 7
  • 18

1 Answers1

3

You can accept a normal socket connection and upgrade it to SSL/TLS at a later stage, using SSLSocketFactory.createSocket(Socket s, String host, int port, boolean autoClose) (and SSLSocket.setUseClientMode(false) on the server side).

You'll need to defined a command in your plaintext protocol so that both sides can agree about an upgrade taking place (similarly to STARTTLS commands in SMTP or LDAP for example).

Alternatively, you could use port unification (as it can be done with Grizzly), whereby you try to detect whether the client initiates the connection with an SSL/TLS Client Hello message. It can be trickier to do, since you'd have to read ahead to detect the packet type (so you'd probably need to keep that buffer and pass its content into an SSLEngine, instead of being able to use the SSLSocket directly).

Bruno
  • 119,590
  • 31
  • 270
  • 376
  • 3
    Or use a PushbackInputStream to snoop for SSL client hellos. – user207421 Aug 16 '12 at 23:45
  • The PushbackInputStream class has the unread method, but it does not push the bytes back into the socket. After you create the SSLSocket, the first byte will still be missing and you will be thrown javax.net.ssl.SSLException: Unrecognized SSL message, plaintext connection? – dclaudiud Mar 14 '22 at 22:59