3

标题说了算。

如果我尝试将 ServerSocket 和 SSLServerSocket 绑定到同一个端口,我会收到错误消息。如果客户端尝试在没有 SSL 的情况下连接到 SSLServerSocket,accept() 方法将引发错误。如果客户端尝试通过 SSL 连接到 ServerSocket,我不知道如何建立安全连接。

甚至可能吗?

4

1 回答 1

3

You can accept a normal socket connection and upgrade it to SSL/TLS at a later stage, using SSLSocketFactory.createSocket(Socket s, String host, int port, boolean autoClose) (and SSLSocket.setUseClientMode(false) on the server side).

You'll need to defined a command in your plaintext protocol so that both sides can agree about an upgrade taking place (similarly to STARTTLS commands in SMTP or LDAP for example).

Alternatively, you could use port unification (as it can be done with Grizzly), whereby you try to detect whether the client initiates the connection with an SSL/TLS Client Hello message. It can be trickier to do, since you'd have to read ahead to detect the packet type (so you'd probably need to keep that buffer and pass its content into an SSLEngine, instead of being able to use the SSLSocket directly).

于 2012-08-16T11:19:01.460 回答