Is this SSL using AES implementation correct and secure?

Question

DavidKroukamp 105 Master Poster

12 Years Ago

hi everyone,

I am writing a small client and server application in java which uses SSL sockets and AES, i got this from the net and edited it a bit is this correct and secure?
client:

/*
 * To change this template, choose Tools | Templates
 * and open the template in the editor.
 */
package sslaesclient;

import java.io.*;
import javax.net.ssl.*;


import java.util.regex.*;

public class Sslaesclient {

    public static void main(String[] args) {
        // Pick all AES algorithms of 256 bits key size
        String patternString = "AES.*256";
        Pattern pattern = Pattern.compile(patternString);
        Matcher matcher;
        boolean matchFound;

        try {

            SSLSocketFactory sslFact =
                    (SSLSocketFactory) SSLSocketFactory.getDefault();
            SSLSocket s =
                    (SSLSocket) sslFact.createSocket("127.0.0.1", 8181);
           String str[] = s.getSupportedCipherSuites();

            int len = str.length;
            String set[] = new String[len];

            int j = 0, k = len - 1;
            for (int i = 0; i < len; i++) {

                // Determine if pattern exists in input
                matcher = pattern.matcher(str[i]);
                matchFound = matcher.find();

                if (matchFound) {
                    set[j++] = str[i];
                } else {
                    set[k--] = str[i];
                }
            }

            s.setEnabledCipherSuites(set);
            str = s.getEnabledCipherSuites();
      //System.out.println("Using cipher suite: " +   (s.getSession()).getCipherSuite());
            while (true) { 
            BufferedReader in = new BufferedReader(new InputStreamReader(s.getInputStream()));
            PrintWriter out = new PrintWriter(new OutputStreamWriter(s.getOutputStream()));
                out.println("h");
                out.flush();
                // receive the reply. 
                System.out.println("Server Says : " + in.readLine());
            }
        } catch (Exception e) {
            System.out.println("Exception" + e);
            //in.close();
        }
    }
}

server:

/*
 * To change this template, choose Tools | Templates
 * and open the template in the editor.
 */
package hellosslserver;

import java.io.*;
import javax.net.ssl.*;


import java.util.regex.*;

public class HelloSSLServer {

    public static void main(String[] args) {
        SSLServerSocket s;
        // Pick all AES algorithms of 256 bits key size
        String patternString = "AES.*256";
        Pattern pattern = Pattern.compile(patternString);
        Matcher matcher;
        boolean matchFound;
        try {
            SSLServerSocketFactory sslSrvFact =
                    (SSLServerSocketFactory) SSLServerSocketFactory.getDefault();
            s = (SSLServerSocket) sslSrvFact.createServerSocket(8181);
            SSLSocket in = (SSLSocket) s.accept();
            String str[] = in.getSupportedCipherSuites();

            int len = str.length;
            String set[] = new String[len];

            int j = 0, k = len - 1;
            for (int i = 0; i < len; i++) {

                // Determine if pattern exists in input
                matcher = pattern.matcher(str[i]);
                matchFound = matcher.find();

                if (matchFound) {
                    set[j++] = str[i];
                } else {
                    set[k--] = str[i];
                }
            }
            in.setEnabledCipherSuites(set);

            str = in.getEnabledCipherSuites();
            //   System.out.println("Using cipher suite: " +  (in.getSession()).getCipherSuite());
            while (true) {
                // At this point, we can read for input and reply with appropriate output. 
                BufferedReader iin = new BufferedReader(new InputStreamReader(in.getInputStream()));
                PrintWriter out = new PrintWriter(new OutputStreamWriter(in.getOutputStream()));
                System.out.println("Socket message: " + iin.readLine());
                out.println("Hello on a SSL socket");
                out.flush();
            }
        } catch (Exception e) {
            System.out.println("Exception" + e);
            //  in.close();
        }
    }
}

It all works fine, but i just want to make sure that the way i did the AES SSL is right
Thank you in advance!

client-server cybersecurity java socket-programming

1 Contributor
1 Reply
203 Views
3 Days Discussion Span
Latest Post 12 Years Ago Latest Post by DavidKroukamp

Reply to this topic

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.

DavidKroukamp 105 Master Poster Team Colleague Featured Poster · Answer 1 · 2011-12-19T03:41:09+00:00

i find the answer this is correct however not full SSL this is known as anonymous SLL-lower then SSL but better then plaintext, so yeah for anyone who cares...solved