In response to frequent discussions on RMI and SSL on the RMI users list, the RMI group here at Sun is providing a page that tells the complete RMI/SSL story. If this is a topic that interests you, or if you are interested in being included in the communications of the RMI development community you'll want to subscribe to the rmi-users list.
Below are some questions and answers about SSL and RMI. If there are any questions not addressed by this document, or any comments, please contact us at firstname.lastname@example.org .
Q1: Is it possible to use SSL with RMI?U.S. Implementations
A1: Yes, it is possible, due to RMI enhancements available in the JDK 1.2.
Q2: How do I use SSL with RMI?
A2: The version of RMI included in the JDK 1.2 enables the RMI developer to use custom socket types . Where, in earlier versions of RMI, there could only be one type of socket used per JavaTM VM, RMI now allows each object to use a different type of socket for its RMI connections. All an application has to do is install an RMI socket factory that creates sockets of the desired type (that speak a particular protocol). We have a tutorial on creating a custom RMI socket factory. Where to get the Java implementation of SSL is discussed next.
Q3: Does SunTM have a pure Java implementation of SSL?
A3: The HotJavaTM Browser, JavaTM Web ServerTM and JavaServerTM Toolkit all provide secure communications using a Java implementation of SSL from Sun, however, Sun has no stand-alone Java implementation of SSL at this time. While JavaSoftTM may release a stand-alone implementation in the future, for those of you who need SSL right now, there are a few third party vendors whose products you might consider until Sun releases a Java implementation of SSL as a stand-alone product.
Q4: Does Sun recommend any third party pure Java implementations of SSL?
A4: While we do not endorse any one vendor's implementation, we would like to provide a list of available SSLimplementations in Java.
Most implementations of SSL use RSA algorithms. In the U.S., the use of RSA algorithms must be licensed from RSA. Therefore, U.S. customers have to take special care to understand all the legal ramifications of the implementations they choose. As a result, the available implementations will be listed in two categories, U.S. implementations and non-U.S. implementations.