Secure socket communication is provided by using the SSLSocket or SSLServerSocket class. When using the SSL/TLS communication functionality realized by SSL-J, configure the protocols and encryption suites for both the server-side and client-side sockets. The APIs used are listed below.

Table 7-5 APIs for configuring the protocols and encryption suites

Socket	Protocol	Encryption suite
Server side	setEnabledProtocols method of the SSLServerSocket class	setEnabledCipherSuites method of the SSLServerSocket class
Client side	setEnabledProtocols method of the SSLSocket class	setEnabledCipherSuites method of the SSLSocket class

A sample file is available, which contains configuration examples for the server-side socket. This file is stored in the following location:

Location of the sample file:

JDK-installation-path/jre/lib/sslj/sample.txt

If you wish to limit the use of protocols and encryption suites, use this file only to offer necessary protocols and encryption suites.

Below are the configuration examples for the server-side socket, which are included in the sample file.

Configuration examples for the server-side socket

1.	SSLContext sslc = SSLContext.getDefault();//
2.	SSLServerSocketFactory sslssf = sslc.getServerSocketFactory();//
3.	SSLServerSocket sslss = (SSLServerSocket)sslssf.createServerSocket(<port number>);//
4.	String[] protocols = new String[]{"SSLv3","TLSv1","TLSv1.1","TLSv1.2"};//
5.	sslss.setEnabledProtocols(protocols);//
6.	String[] suites = new String[]{"TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384","TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384","TLS_RSA_WITH_AES_256_CBC_SHA256","TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384","TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384","TLS_DHE_RSA_WITH_AES_256_CBC_SHA256","TLS_DHE_DSS_WITH_AES_256_CBC_SHA256","TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA","TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA","TLS_RSA_WITH_AES_256_CBC_SHA","TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA","TLS_ECDH_RSA_WITH_AES_256_CBC_SHA","TLS_DHE_RSA_WITH_AES_256_CBC_SHA","TLS_DHE_DSS_WITH_AES_256_CBC_SHA","TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256","TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256","TLS_RSA_WITH_AES_128_CBC_SHA256","TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256","TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256","TLS_DHE_RSA_WITH_AES_128_CBC_SHA256","TLS_DHE_DSS_WITH_AES_128_CBC_SHA256","TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA","TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA","TLS_RSA_WITH_AES_128_CBC_SHA","TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA","TLS_ECDH_RSA_WITH_AES_128_CBC_SHA","TLS_DHE_RSA_WITH_AES_128_CBC_SHA","TLS_DHE_DSS_WITH_AES_128_CBC_SHA","TLS_ECDHE_ECDSA_WITH_RC4_128_SHA","TLS_ECDHE_RSA_WITH_RC4_128_SHA","SSL_RSA_WITH_RC4_128_SHA","TLS_ECDH_ECDSA_WITH_RC4_128_SHA","TLS_ECDH_RSA_WITH_RC4_128_SHA","TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA","TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA","SSL_RSA_WITH_3DES_EDE_CBC_SHA","TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA","TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA","SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA","SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA","SSL_RSA_WITH_RC4_128_MD5"};//
7.	sslss.setEnabledCipherSuites(suites);//

The examples in the table are described below.

1. Obtains SSLContext, which is the SSL-J provider implementation encapsulated in SSLContext.getDefault().
2. Uses SSLContext to retrieve SSLServerSocketFactory.
3. Uses SSLServerSocketFactory to create SSLServerSocket.
4. Creates a string array for protocols.
5. Sets the string array above in SSLServerSocket.
6. Creates a string array for encryption suites.
7. Sets the string array above in SSLServerSocket.