This section describes using SSL from applications, specifically creating SSL connections to servers and creating SSL sockets from incoming connections.
Creating SSL connections to servers
The default platform configuration for SSL for creating connections to servers is handled as described in the following section:
Applications that need to create their own SSL connections to a server can make use of the same platform configuration.
Applications need only to create a new URL specifying HTTPS as the desired protocol, and the appropriate HttpsUrlConnection object will be created. Applications should either rely on the default configuration, or configure the security information on a per instance basis. Changing the default configuration may have adverse effects on other applications running in the platform, and on the connection capabilities of the components provided with the platform.
Creating SSL sockets for incoming connections
The default SSLServerSocketFactory that provides SSLServerSockets is based upon the settings provided in the java.security file for the platform. Refer to the articles listed in Configuring platform security
for more information on when and how to update this file. Applications should rely on the default configuration.
Applications attempting to open SSLServerSockets for their own usage should be aware that the web container component of the platform may also attempt to open SSL Server Sockets. Changing the default configuration may have adverse effects on other components provided with the platform.
Parent topic: Configuring platform security: XPD621