Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Programming > Java > Java Applet Client for STUNNEL-fronted server

Reply
Thread Tools

Java Applet Client for STUNNEL-fronted server

 
 
Richard Maher
Guest
Posts: n/a
 
      06-17-2007
Hi,

I currently have an intranet-resident JAVA Applet that connects back to the
Application Server via standard TCP/IP sockets using the java.net.Socket
class, and everything is peachy. What I'm looking at doing now is making it
Internet friendly by providing host authentication (don't care about client
authentication at the mo) and strong cryptography between client and server.

OpenSSL and Stunnel (I don't want to have to make the Application Server SSL
compatible if I don't have to) are available on the server box therefore I
would dearly love an example of a JAVA client that can talk javax.net.SSL
(or something else) to a Stunnel-fronted server. (Less is definitely more
here - The least number of client keys and or certificate-generations the
better!)

Can anyone please help me with this? Obviously example-code would be ideal,
as would first-hand accounts of the trials and tribulations, but I'll
certainly settle for web-references to the appropriate docs or other
relevant material!

Are all the libraries/code reqd bundled with the JDK and runtime JVM ready?

Is there a better way? (Sadly IPsec is not an option here) Maybe there's an
alternate solution that can preserve the client's true IP address and
present it to the Application Server's "Listen"?

Cheers Richard Maher


 
Reply With Quote
 
 
 
 
Richard Maher
Guest
Posts: n/a
 
      06-21-2007
Is my question so ambiguous that nobody wants to answer it?

Well, it work for the other guy

Cheers Richard Maher

"Richard Maher" <(E-Mail Removed)> wrote in message
news:f52k0r$bk3$(E-Mail Removed)...
> Hi,
>
> I currently have an intranet-resident JAVA Applet that connects back to

the
> Application Server via standard TCP/IP sockets using the java.net.Socket
> class, and everything is peachy. What I'm looking at doing now is making

it
> Internet friendly by providing host authentication (don't care about

client
> authentication at the mo) and strong cryptography between client and

server.
>
> OpenSSL and Stunnel (I don't want to have to make the Application Server

SSL
> compatible if I don't have to) are available on the server box therefore I
> would dearly love an example of a JAVA client that can talk javax.net.SSL
> (or something else) to a Stunnel-fronted server. (Less is definitely more
> here - The least number of client keys and or certificate-generations the
> better!)
>
> Can anyone please help me with this? Obviously example-code would be

ideal,
> as would first-hand accounts of the trials and tribulations, but I'll
> certainly settle for web-references to the appropriate docs or other
> relevant material!
>
> Are all the libraries/code reqd bundled with the JDK and runtime JVM

ready?
>
> Is there a better way? (Sadly IPsec is not an option here) Maybe there's

an
> alternate solution that can preserve the client's true IP address and
> present it to the Application Server's "Listen"?
>
> Cheers Richard Maher
>
>



 
Reply With Quote
 
 
 
 
=?ISO-8859-1?Q?Arne_Vajh=F8j?=
Guest
Posts: n/a
 
      07-04-2007
Richard Maher wrote:
> Is my question so ambiguous that nobody wants to answer it?


I posted some SSLSocket code in your next question, so I assume
all is set here.

Arne
 
Reply With Quote
 
Richard Maher
Guest
Posts: n/a
 
      07-04-2007
Hi

> I posted some SSLSocket code in your next question, so I assume
> all is set here.


Yeah, Rockin' and Rollin' thanks again Arne. (At least I hope so, I haven't
gotten around to testing it yet (with Stunnel), and am currently
experiencing the joys of porting my Internet Explorer JavaScript/HTML to
Firefox On the upside, the Applet stuff worked straight away)

Having said that there is a related topic that you might be able to assist
me with though: -

"The TCP/IP Out-of-band character with Java->SSL->Stunnel."

I know Java can't receive OOB data (except inline) but it can send them and
SSLSocket inherits sendUrgentData() so it's vaguely on topic. The problem I
foresee according to the STUNNEL docs is that unless the OOB character is
in-lined then it will just be ignored. Can anyone confirm this?

SSLv3 seems to mandate that the OOB data be supported (as normal data with a
complete SSL wrapper record) but I can't find anything in the OpenSSL
routines that modify (or inform) an SSL_Read() that it's got the OOB; can
anyone confirm this?

At first glance, I just can't see a problem with STUNNEL/OpenSSL unpacking
the OOB byte and passing it on to the in-the-clear connection (with the
option for *both* inline or OOB) but maybe that's just me?

Cheers Richard Maher

PS. I actually find the whole SSL thing a huge fudge and long for the day
when everyone is talking something more transparent like IPSec! (Or other
VPN solution) Still they'll always be the ubiquitous unauthorised browser
client with a dynamic IP address I suppose.

PPS. If you know much about a "SOCKS - Generic *circuit-level* Proxy Server"
I'd be very willing to listen to that too! But the implementations I've seen
(HP-UX at least) seem to deploy SSH in this space with one process/user and
up-front user authorization and other unpleasantness; any thoughts?

"Arne Vajh°j" <(E-Mail Removed)> wrote in message
news:468b173a$0$90270$(E-Mail Removed)...
> Richard Maher wrote:
> > Is my question so ambiguous that nobody wants to answer it?

>
> I posted some SSLSocket code in your next question, so I assume
> all is set here.
>
> Arne



 
Reply With Quote
 
=?ISO-8859-1?Q?Arne_Vajh=F8j?=
Guest
Posts: n/a
 
      07-04-2007
Richard Maher wrote:
> Having said that there is a related topic that you might be able to assist
> me with though: -
>
> "The TCP/IP Out-of-band character with Java->SSL->Stunnel."
>
> I know Java can't receive OOB data (except inline) but it can send them and
> SSLSocket inherits sendUrgentData() so it's vaguely on topic. The problem I
> foresee according to the STUNNEL docs is that unless the OOB character is
> in-lined then it will just be ignored. Can anyone confirm this?
>
> SSLv3 seems to mandate that the OOB data be supported (as normal data with a
> complete SSL wrapper record) but I can't find anything in the OpenSSL
> routines that modify (or inform) an SSL_Read() that it's got the OOB; can
> anyone confirm this?
>
> At first glance, I just can't see a problem with STUNNEL/OpenSSL unpacking
> the OOB byte and passing it on to the in-the-clear connection (with the
> option for *both* inline or OOB) but maybe that's just me?


I would go for a simpler solution.

Either open a second socket connection for this traffic or make
a protocol on the original socket that has both "next data block"
and "urgent interrupt" messages.

Arne
 
Reply With Quote
 
 
 
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
java.applet.Applet.getParameter() blaine@worldweb.com Java 4 01-11-2007 08:04 PM
confussed about showStatus in java.applet.Applet yawnmoth Java 1 08-15-2006 05:44 AM
Java Applet loading in Applet Viewer but not in HTML page Archana Java 1 10-24-2004 11:41 PM
Java applet failed when I try to load the avi file in my java applet Krista Java 3 09-15-2004 02:53 AM
Re: play wave files using java.applet.Applet webster Java 0 07-20-2003 01:51 PM



Advertisments