Is keystore and truststore mandatory for ssl?

Question

I have the following client and server which uses SSL:

Client code (desktop):

        SSLSocket socket= (SSLSocket)sslsf.createSocket(ip,Constants.CHAT_SERVER_PORT);
        final String[] enabledCipherSuites = socket.getSupportedCipherSuites();
        socket.setEnabledCipherSuites(enabledCipherSuites);

Server Code (Android):

        SSLServerSocket ss=(SSLServerSocket)sslssf.createServerSocket(Constants.CHAT_SERVER_PORT);
        final String[] enabledCipherSuites = ss.getSupportedCipherSuites();
        ss.setEnabledCipherSuites(enabledCipherSuites);         
        while(true){                
            Socket s=ss.accept();
        }

I am using them without truststore and keystore. Are they mandatory?

See this post where I just gave an example to create an HTTPS connection without any (using the defaults): http://stackoverflow.com/questions/16504527/android-https-post-how-to-do/16507195?noredirect=1#comment23697931_16507195 — tbkn23, May 12 '13 at 14:06

score 1 · Accepted Answer · answered May 13 '13 at 01:29

1

You only need a keystore if you are going to be asked for a certificate, i.e. if you are server or the server wants client authentication.

A default truststore is shipped with Java. It is used if you don't specify another one.

Don't enable the disabled cipher suites. They are insecure. You're just avoiding the problem. Solve it.

answered May 13 '13 at 01:29

user207421

305,947
44
307
483

on Android if i write just "SSLServerSocket ss=(SSLServerSocket)sslssf.createServerSocket(Constants.CHAT_SERVER_PORT); " this it is showing an error message. The message is "javax.net.ssl.SSLException: Could not find any key store entries to support the enabled cipher suites." On desktop systems(oracle VM) it is not happening. – Muralidhar Yaragalla May 13 '13 at 03:11
Exactly what I said. You are the server, so you need a keystore. – user207421 May 13 '13 at 06:25
Truststore is also mandatory on client side if the certificate from the server is not from CA. – Muralidhar Yaragalla May 15 '13 at 14:22

score 0 · Answer 2 · answered May 14 '13 at 07:50

Finally with the following code I have resolved the keystore issue for the Android Server:-

try{                
      String keyStoreType = KeyStore.getDefaultType();
      KeyStore keyStore = KeyStore.getInstance(keyStoreType);
      keyStore.load(Dummy.class.getResourceAsStream("IPMessengerServerKeystore"), "dhar9654".toCharArray());                

      String keyalg=KeyManagerFactory.getDefaultAlgorithm();
      KeyManagerFactory kmf=KeyManagerFactory.getInstance(keyalg);
      kmf.init(keyStore, "dhar9654".toCharArray());

      SSLContext context = SSLContext.getInstance("TLS");
      context.init(MainActivity.kmf.getKeyManagers(), null, null);          
      SSLServerSocket ss=(SSLServerSocket)context.getServerSocketFactory().createServerSocket(Constants.CHAT_SERVER_PORT);

  }catch(Exception e){
     e.printStackTrace();
   }

Is keystore and truststore mandatory for ssl?

2 Answers2