Re: Applets and SSL

David Brownell - JavaSoft (db@doppio)
Fri, 13 Dec 1996 19:23:29 -0800

Date: Fri, 13 Dec 1996 19:23:29 -0800
From: db@doppio (David Brownell - JavaSoft)
Message-Id: <199612140323.TAA08795@argon.eng.sun.com>
To: teg@one.net
Subject: Re: Applets and SSL

> >The JDK itself doesn't supply SSL (at least for now; there are export
> >control issues). However, some Java environments (including ones that
> >JavaSoft's planning to provide) support "https" URL connections.
>
> >As one example, Netscape Navigator supports "https" URLs.
>
> I'm not quite clear on what you mean above. Would the JDK built into
> Navigator take advantage of Navigator's SSL support?

I'd call it a "JVM" or something like that; they don't ship developer
support (compilers, debuggers, etc) with their product as far as I know,
it's inappropriate to call it a "Java Developer's Kit".

The answer as I understand it is "yes, they support it right now".
But of course Netscape doesn't pay me to speak for them.

> Specifically,
> would the following code snippet initiate a SSL secured CGI
> transaction?
>
> URLConnection serverConnection = new URLConnection(
> new URL("https://www.secure-business.com/order.cgi"));
> InputStream secureIn = serverConnection.getInputStream();
> OutputStream secureOut = serverConnection.getOutputStream();

Sort of -- yes, but you're not using URLConnection objects right,
and of course as a client you can't really know anything except
the fact that you're talking to a URL with "https". In particular,
that "cgi" extension could mean anything at all.

You would call "URL.openConnection ()" and only get the input stream
when you're doing an HTTP GET, only get the output stream when you
are doing an HTTP POST. (At least on JDK 1.02; the APIs have been
made more flexible in JDK 1.1.)

- Dave