Return-Path: Delivered-To: apmail-db-derby-dev-archive@www.apache.org Received: (qmail 94332 invoked from network); 22 Nov 2006 14:18:26 -0000 Received: from hermes.apache.org (HELO mail.apache.org) (140.211.11.2) by minotaur.apache.org with SMTP; 22 Nov 2006 14:18:26 -0000 Received: (qmail 22729 invoked by uid 500); 22 Nov 2006 14:18:35 -0000 Delivered-To: apmail-db-derby-dev-archive@db.apache.org Received: (qmail 22692 invoked by uid 500); 22 Nov 2006 14:18:35 -0000 Mailing-List: contact derby-dev-help@db.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: Delivered-To: mailing list derby-dev@db.apache.org Received: (qmail 22678 invoked by uid 99); 22 Nov 2006 14:18:35 -0000 Received: from herse.apache.org (HELO herse.apache.org) (140.211.11.133) by apache.org (qpsmtpd/0.29) with ESMTP; Wed, 22 Nov 2006 06:18:35 -0800 X-ASF-Spam-Status: No, hits=0.0 required=10.0 tests= X-Spam-Check-By: apache.org Received: from [140.211.11.4] (HELO brutus.apache.org) (140.211.11.4) by apache.org (qpsmtpd/0.29) with ESMTP; Wed, 22 Nov 2006 06:18:24 -0800 Received: from brutus (localhost [127.0.0.1]) by brutus.apache.org (Postfix) with ESMTP id DFD0E7142D2 for ; Wed, 22 Nov 2006 06:18:03 -0800 (PST) Message-ID: <30102752.1164205083914.JavaMail.jira@brutus> Date: Wed, 22 Nov 2006 06:18:03 -0800 (PST) From: "Bernt M. Johnsen (JIRA)" To: derby-dev@db.apache.org Subject: [jira] Updated: (DERBY-2108) Implement SSL/TLS communication between client and server In-Reply-To: <7261017.1164203162110.JavaMail.jira@brutus> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 7bit X-Virus-Checked: Checked by ClamAV on apache.org [ http://issues.apache.org/jira/browse/DERBY-2108?page=all ] Bernt M. Johnsen updated DERBY-2108: ------------------------------------ Attachment: DERBY-2108-first-cut.diff DERBY-2108-first-cut.stat I have implemented a first cut to SSL/TLS. This patch requires for jdk1.3 an implementation of javax.net and javax.net.ssl placed on java/tools. I used JSSE1.0.3 downloaded from http://java.sun.com/products/jsse/index-103.html >From JDK1.4 on, JSSE is part of the JRE. To activate SSL I just check if system property javax.net.ssl.keyStore is defined on the server side javax.net.ssl.trustStore on the client side How to generate keystore and truststore with keygen is described in the JSSE Reference guide: http://java.sun.com/j2se/1.4.2/docs/guide/security/jsse/JSSERefGuide.html I used the following commands when I generated keys and certificates, and ran with: keytool -genkey -alias derby -keyalg RSA -validity 7 -keystore keystore keytool -export -alias derby -keystore keystore -rfc -file derby.cert keytool -import -alias derbycert -file derby.cert -keystore truststore I ran my testapp the following way: java -Djavax.net.ssl.trustStore=truststore -Djavax.net.ssl.trustStorePassword=secret -cp derbyclient.jar:. TestApp and the client like this: java -Djavax.net.ssl.keyStore=keystore -Djavax.net.ssl.keyStorePassword=secret -jar derbyrun.jar server -p 22120 start The JSSE Reference defines a set of system properties which may be used to parameterize JSSE. I have so far anly used default settings. Feel free to experiment and comment. > Implement SSL/TLS communication between client and server > --------------------------------------------------------- > > Key: DERBY-2108 > URL: http://issues.apache.org/jira/browse/DERBY-2108 > Project: Derby > Issue Type: New Feature > Components: Network Server, Network Client > Reporter: Bernt M. Johnsen > Assigned To: Bernt M. Johnsen > Attachments: DERBY-2108-first-cut.diff, DERBY-2108-first-cut.stat > > > Implement SSL/TLS communication between client and server -- This message is automatically generated by JIRA. - If you think it was sent incorrectly contact one of the administrators: http://issues.apache.org/jira/secure/Administrators.jspa - For more information on JIRA, see: http://www.atlassian.com/software/jira