How do I secure a Java SocketChannel, ServerSocketChannel or, perhaps even, a DatagramChannel with TLS? 
I know that there are some frameworks (#1 #2) that advertise to be able, but I want to know if it is possible to achieve this with the pure Java standard library alone.
In Java NIO, the channel is a medium used to transports the data efficiently between the entity and byte buffers. It reads the data from an entity and places it inside buffer blocks for consumption. Channels act as gateway provided by java NIO to access the I/O mechanism.
The Java NIO Selector is a component which can examine one or more Java NIO Channel instances, and determine which channels are ready for e.g. reading or writing. This way a single thread can manage multiple channels, and thus multiple network connections.
public abstract class SSLEngine extends Object. A class which enables secure communications using protocols such as the Secure Sockets Layer (SSL) or IETF RFC 2246 "Transport Layer Security" (TLS) protocols, but is transport independent. The secure communications modes include: Integrity Protection.
You need to use the SSLEngine, as documented in Non-blocking I/O with SSLEngine. The libraries you mention use it or use libraries that use it.
(Note that this is notoriously difficult to use.)
You may find these links interesting:
For Datagrams, you should look into using DTLS instead of TLS. I'm not sure of its implementation status in Java, but you could dig through the archives of the java.openjdk.security.devel mailing list.
You need to use SSLEngine and do the handshake manually using that state machine. SSL/TLS is implemented on top of TCP so you can not use it directly on top of a DatagramChannel.
The article Non-blocking I/O with SSLEngine may be helpful.
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With