38

I am trying to establish an SSL or TLS connection between a Java client and server I am setting up.

I have been using SSLContext.getInstance("SSL") to build the SSLContext, and it worked.

I would like to know what the purpose of the protocol parameter is in SSLContext.getInstance(String protocol).

In particular, what changes between using SSLContext.getInstance("SSL") and SSLContext.getInstance("TLS"), or other possible values?

jscs
  • 63,694
  • 13
  • 151
  • 195
user1781746
  • 461
  • 1
  • 4
  • 3
  • see http://en.wikipedia.org/wiki/Transport_Layer_Security – John Dvorak Oct 30 '12 at 08:34
  • 3
    Have you tried to read the [documentation](http://docs.oracle.com/javase/6/docs/api/javax/net/ssl/SSLContext.html#getInstance%28java.lang.String%29)? – Kai Oct 30 '12 at 08:46
  • I search them,And know the differ between the ssl,sslv3,tls,I just do not know the communication between server and client with different protocol type.Thanks – user1781746 Oct 31 '12 at 01:39
  • 2
    Those who downvote or vote to delete, please participate [here](http://meta.stackoverflow.com/q/265482/372643). – Bruno Jul 12 '14 at 14:29
  • 2
    Pay attention to Bruno's comment: "If you want a particular set of protocols to be used... `setEnabledProtocols`". If you say `getInstance("TLS")`, then you will get SSLv3 and TLSv1. TLSv1.1 and TLSv1.2 will not be enabled under most Java implementations (I say most because Java 8 changed some of the behavior). You have to explicitly remove SSLv3, and have to explicitly enable TLSv1.0, TLSv1.1 and TLSv1.2. Note that there is a difference between available and enabled here. – jww Jul 13 '14 at 00:38
  • @jww You don't have to explicitly enable TLSv1.1/2. You can use SSLContext.getInstance("TLSv1.2") for example. – user207421 Jul 13 '14 at 02:02
  • 3
    Just to clarify: in both Java 7 and Java 8, for the SunJSSE provider (out-of-the-box provider), "SSL" is an alias for "TLS" as far as SSLContext.getInstance(protocol) is concerned. – vladr Jul 07 '15 at 20:03

2 Answers2

34

Here is a rather detailed answer that I wrote a while back describing the difference between SSL and TLS. In short, TLS is the successor of SSL, and TLS 1.0 can be considered as "SSL 3.1".

If you look at the JSSE Reference Guide, in the SSLContext section, it says:

These static methods each return an instance that implements at least the requested secure socket protocol. The returned instance may implement other protocols too. For example, getInstance("TLSv1") may return a instance which implements "TLSv1", "TLSv1.1" and "TLSv1.2".

This is also mentioned in the Standard Names document.

In particular, if you check the Oracle/OpenJDK 7 source code for SSLContextImpl, you'll find that all its SSLContexts support all protocols (from SSLv3 using an SSLv2 Client Hello to TLS 1.2). What differs is which protocols are enabled by default. In addition, you shouldn't rely on this in general, since other Java implementations (e.g. the IBM JRE) could behave differently.

If you want a particular set of protocols to be used for a connection, you should use SSLSocket or SSLEngine's setEnabledProtocols method. Otherwise, it will use the default values, as described in the Providers documentation.

Community
  • 1
  • 1
Bruno
  • 119,590
  • 31
  • 270
  • 376
1

Protocol is used for communicating between server and client. So SSLContext(String protocol) returns the instance of the protocol and then using that server or client communicate with each other for security level.

For more ref refer this link. http://www.herongyang.com/JDK/SSL-java-net-ssl-SSLContext-Class-Test.html

jww
  • 97,681
  • 90
  • 411
  • 885
Angel
  • 902
  • 8
  • 16
  • 1
    I just said that In the server,I create a protocol 'tls'. SSLCOntext(String protocol) means get the client protocol?I just do not understand why it works that In client I call SSLContext.getInstance("ssl"). 'ssl' and 'tls' are different protocol type.My english is bad,I am so sorry to unclear question – user1781746 Oct 31 '12 at 01:32
  • First sentence is vague. Second sentence is incorrect: getInstance() does not return 'an instance of the protocol'; it reruns an instance of SSLContext. Final paragraph cites a non-normative and basically irrelevant reference. – user207421 Jul 13 '14 at 02:04
  • @Angel Instead of fiddling about deleting and undeleting this, why not *fix* it? – user207421 Feb 21 '17 at 23:35