I want my app to talk to the server without encryption before issuing a STARTTLS and then upgrade the socket to be encrypted after that. Can I connect to a port (E.g., 5222) and use STARTTLS to request TLS using java? If so, which Socket object should I use for that?
Sure you can. Use your SSLSocketFactory to create a socket wrapping an existing regular java.net.Socket:
SSLSocket sslsocket = (SSLSocket) sslsocketfactory.createSocket(
socket,
socket.getInetAddress().getHostAddress(),
socket.getPort(),
true);
@Jan's answer was helpful (and I voted for it), but I had to tweak it a bit to get it working for me:
SSLSocket sslSocket = (SSLSocket) ((SSLSocketFactory) SSLSocketFactory.getDefault()).createSocket(
socket,
socket.getInetAddress().getHostAddress(),
socket.getPort(),
true);
InputStream inputStream = sslSocket.getInputStream();
OutputStream outputStream = sslSocket.getOutputStream();
// reads from the socket
Scanner scanner = new Scanner(inputStream);
// writes to the socket
OutputStream outputStream = new BufferedOutputStream(outputStream);
Tested with Java 7 and GMail (smtp.gmail.com) on port 587.
Here's a possible improvement: If your code is for server side instead of client side, add this, and it will work fine:
sslsocket.setUseClientMode(false);
sslsocket.startHandshake();
来源:https://stackoverflow.com/questions/8425999/upgrade-java-socket-to-encrypted-after-issue-starttls