That is, have your program use a socket factory to create the
sockets ... and pass around an appropriately configured one to
address your various configurations. The default factory is
TCP-only, but you can configure an SSLSocketFactory with the
appropriate cipher suites (etc) and pass it to modules that
should use SSL layered over TCP.
Note that SSL_NULL_WITH_NULL_NULL still uses SSL record framing, in
an insecure mode; since it's insecure, it's never available for use
with application data. Also, that SSL supports authenticated cleartext
flavors (SSL_RSA_WITH_NULL_MD5 for example). You can configure a
factory to enable only those SSL flavors, if you like.
So if "cleartext" is the issue, you have several options! But
you should certainly be using a SocketFactory for any of them.
- Dave