[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [iaik-ssl] newbie question on SSL + applet




Yup, Paul....u got it right !

But mind one thing, when u use a java.net.URL object with a "https" prefix
and
get a URLConnection object(that is the plugins HttpsURLConnection object), u
can only make the GET and POST requests. This is the second situation in
which
u mught need 3rd party classes like IAIK's own HttpsURLConnection class to
go
beyond making just GET and POST requests ! So it is more or less advisable
to
use 3rd party SSL implementations when using SSL in applets ! (Atleast till
Sun
produces something usable in JSSE)

Cheers,
Yogesh
--
PIRONET AG
Yogesh Sontakke - Consultant - SBU Software
Technology Park, Josef-Lammerting-Allee 14-18
50933 Cologne - Germany
Phone: +49 (0)221 770 1802 - Fax: +49 (0)221 770 1005
mailto:ysontakke@pironet.com - www.pironet.com

Besuchen Sie PIRONET auf der European Banking Technology Fair in
Frankfurt in Halle 5.1, Stand B55 vom 31. Oktober bis 2. November 2000


Paul Brown wrote:

> cheers
>
> i didn't know they had a light-applet version ... i'm going to download
> it and have a look.
>
> so my understanding so far is:
>
> in an applet you may construct a java.net.URL based on a "https" prefix.
> from this you can get a URLConnection, the instance will be
> HttpsURLConnection.
> this instance handles the SSL stuff for me.
>
> if i were to create a plain socket connection then i do not get the SSL
for
> free. so either i use 3rd party classes such as SSLSocket or do it myself.
>
> thanks for your help
>
> paul
>
> -----Original Message-----
> From: Yogesh Sontakke [mailto:ysontakke@pironet.com]
> Sent: Friday, October 06, 2000 10:10 AM
> To: stef.hoeben@utimaco.be; iaik-ssl@iaik.at
> Subject: Re: [iaik-ssl] newbie question on SSL + applet
>
> Hi Stef,
>
>         I think u got me wrong...
>
>         What I said was that if u r using URLConnection objects for SSL
> communication, then the browser's plugin takes care of that (the
> URL.openConnection() wil return a HttpsURLConnection object of the
> PlugIn if
> the URL is a https one). With this u can use the GET and POST methods
> only.
>
>         But if u want to use more than GET and POST methods then u need
> to
> have a SSL implementation like iSaSiLk which supports much more than GET
> and
> POST methods (Plus, IAIK has an applet edition which is around only
> 40K).
>
>         Pls refer to Sun's document of Plugin support to Https at
> http://java.sun.com/products/plugin/1.3/docs/https.html for a more clear
> perspective on how restricted it  is using the plugins Https support by
> just
> specifying the "http" in the URL object.
>
>         Hope this clears it....(correct me if I m wrong too) ! :-)
>
> Cheers,
> Yogesh
>
> Stef Hoeben wrote:
>
> > Hello Yogesh,
> >
> > don't thini I agree with you.
> >
> > What do you mean, that the applet can use the browsers SSL connection?
> > AFAIK, that's not so (please tell me if 'm wrong).
> >
> > Or do you mean that IAIK's implementation can only do a GET and POST?
> > I'm sure it can at least do a PUT as well (don't know of the other
> > commands).
> >
> > Cheers, Stef
> >
> > Hi Paul,
> >
> >     It depends on ur specific requirement.
> >
> >     U have 2 options -
> > 1) Don't use the SSLSocket or any SSL implementation classes. The
> > browser/plugin will take care of the HttpsURLConnection object returned.
> >
> >     The problem with this is it allows u to do only 2 HTTP requests
> > namely - GET and POST. If u r ok with that, then u can gladly skip the
> > SSL coding stuff.
> > 2) If u need to send requests other than or more than GET and POST, then
> > u will need a SSL implementation. There are commercial
> > implementations     available as well as Sun has come out with
> > JSSE(which from my personal experience is not at all stable enough for
> > producton use !!). Plus, if u have a SSL implementation u have more
> > control over ur applet's SSL connections like selecting the cipher
> > suite, maintaining caches etc etc
> >
> >     In other words, if u r using any functions which are there in the
> > class HttpURLConnection but NOT in URLConnection, then handling HTTPS
> > connections will require a SSL implementation. Else, the browser will
> > take care !!
> >
> >     So. it is upto the requirements of ur program that u should decide
> > what suits u most :-)
> >
> > HTH,
> > All the best,
> > Yogesh
> >
> > Paul Brown wrote:
> >
> > >  hii have got an applet (running in IE5) which attempts to make a
> > > socket connection back to its host.we want to start using SSL. do i
> > > need to use the SSLSocket class in the applet or will the
> > > browserhandle the SSL stuff for me due to the applet's URL being
> > > "https" prefixed? can i get away with theplain java.net.Socket
> > > ?thanksPaul
> >
> > --
> >
> > PIRONET AG
> > Yogesh Sontakke - Consultant - SBU Software
> > Technology Park, Josef-Lammerting-Allee 14-18
> > 50933 Cologne - Germany
> > Phone: +49 (0)221 770 1802 - Fax: +49 (0)221 770 1005
> > mailto:ysontakke@pironet.com - www.pironet.com
> >
> > Besuchen Sie PIRONET auf der European Banking Technology Fair in
> > Frankfurt in Halle 5.1, Stand B55 vom 31. Oktober bis 2. November 2000
>
>
> --
> Mailinglist-archive at
> http://jcewww.iaik.at/mailarchive/iaik-ssl/sslthreads.html
>
> To unsubscribe send an email to listserv@iaik.at with the folowing
content:
> UNSUBSCRIBE iaik-ssl
>

--

PIRONET AG
Yogesh Sontakke - Consultant - SBU Software
Technology Park, Josef-Lammerting-Allee 14-18
50933 Cologne - Germany
Phone: +49 (0)221 770 1802 - Fax: +49 (0)221 770 1005
mailto:ysontakke@pironet.com - www.pironet.com

Besuchen Sie PIRONET auf der European Banking Technology Fair in
Frankfurt in Halle 5.1, Stand B55 vom 31. Oktober bis 2. November 2000


--
Mailinglist-archive at
http://jcewww.iaik.at/mailarchive/iaik-ssl/sslthreads.html

To unsubscribe send an email to listserv@iaik.at with the folowing content:
UNSUBSCRIBE iaik-ssl