B4J Question SSL Configuration

gpa

Member
Licensed User
Longtime User
Hi...
I'm using this code Below) for an SSL connection to servers.
In some cases I get handshake errors.
I think I can resolve this by adjusting the exact protocol (eg TLS versions) and ciphersuites in use.

Can someone please advise how to adjust those parameters?

Thanks!


B4X:
Private Sub CreateTrustAllSSLSocket (EventName As String) As Socket
    Dim socket As Socket
    socket.Initialize(EventName)
    Dim jo As JavaObject = socket
    jo.SetField("socket", CreateTrustAllSSLSocketFactory.RunMethod("createSocket", Null))
    Return socket
End Sub

Sub CreateTrustAllSSLSocketFactory As JavaObject
    Dim tm As CustomTrustManager
    tm.InitializeAcceptAll
    Dim SSLContext As JavaObject
    SSLContext = SSLContext.InitializeStatic("javax.net.ssl.SSLContext").RunMethod("getInstance", Array("TLS"))
    SSLContext.RunMethod("init", Array(Null, tm, Null))
    Dim Factory As JavaObject = SSLContext.RunMethod("getSocketFactory", Null)
    Return Factory
End Sub
 

gpa

Member
Licensed User
Longtime User
Fair enough - so how do I set the protocol type / level and ciphersuites to use? I had thought it might be in additional SSLContext settings (which already refers to TLS)?
 
Upvote 0

gpa

Member
Licensed User
Longtime User
My program is the client. some of the servers I need to connect to don't support all ciphersuites and all TLS versions. In python toy can specify a subset of all TLS versions or ciphersuites to suit. This resolves the issue - by limiting to TLS1.2 and AES256 only for example in one case. I assume there must be a way to set the same limits in java / b4j.
Sadly I have no control over the server end!
 
Upvote 0

gpa

Member
Licensed User
Longtime User
It is how it works - both sides negotiate from their own list of supported protocol, protocol levels and supported ciphersuites - but it is often necessary to limit the selection especially with legacy devices. Normal stuff in my universe! Sure it potentially makes the link weaker - but if that's needed to get a connection then that's what has to happen!
A typical error is helpfully "unsupported ciphersuite" or "handshake failure" reported on the server - not a lot of help!
I've found a bunch of settings available in the java context init though, so hopefully those will do it.
 
Upvote 0
Top