Chapter 4

Section 4.1

Operating SSL

Overview

Figure 8 General SSL Operation: HTTPS

Man-in-Middle Attack:

Hacker

Cannot break secured channel

 

 

POST / GET

HTTP(S) eWay

 

Web Server

 

Response

SSL Communication Channel

TrustStore KeyStore

Trusted CA

Certificates

Private

Certificate &

Key

CA Certificate

Chain

This SSL feature is supported through the use of JSSE version 1.0.3.

Currently, the JSSE reference implementation is used. JSSE is a provider-based architecture, meaning that there is a set of standard interfaces for cryptographic algorithms, hashing algorithms, secured-socket-layered URL stream handlers, and so on.

Because the user is interacting with JSSE through these interfaces, the different components can be mixed and matched as long as the implementation is programmed under the published interfaces. However, some implementations may not support a particular algorithm.

The JSSE 1.0.3 application programming interface (API) is capable of supporting SSL versions 2.0 and 3.0 and Transport Layer Security (TLS) version 1.0. These security protocols encapsulate a normal bidirectional stream socket and the JSSE 1.0.3 API adds transparent support for authentication, encryption, and integrity protection. The JSSE reference implementation implements SSL version 3.0 and TLS 1.0.

For more information, visit the Sun Java Web site at the following URL:

http://java.sun.com

Note: See the JSSE documentation provided by Sun Microsystems for further details.

HTTPS eWay Adapter User’s Guide

28

Sun Microsystems, Inc.

Page 28
Image 28
Sun Microsystems 5.1.1 manual Hacker, Https eWay