84 */
85 protected void createSocket() {
86 setAddress(new InetSocketAddress(getDdosPattern().getHost(), getDdosPattern().getPort()));
87 socket = new Socket(); 88 try {
89 socket.setKeepAlive(true);
90 socket.setSoTimeout(getDdosPattern().getSocketTimeout());
Socket
and ServerSocket
do not implement TLS/SSL by default. Use SSLSocket
/SSLServerSocket
instead.
The socket factory types javax.net.SocketFactory
and javax.net.ServerSocketFactory
cannot be used to create secure client and server sockets. For that purpose, their subclasses, SSLSocketFactory
and SSLServerSocketFactory
must be used.
Socket s = SocketFactory.getDefault().createSocket();
ServerSocket s2 = new ServerSocket(3434);
Socket s = SSLSocketFactory.getDefault().createSocket();
ServerSocket s2 = SSLServerSocketFactory.getDefault().createSocket();
Beyond using an SSL socket, you need to make sure your use of SSLSocketFactory
(or for server sockets, SSLServerSocketFactory
) does all the appropriate certificate validation checks to make sure you are not subject to man-in-the-middle attacks. Please read the OWASP Transport Layer Protection Cheat Sheet for details on how to do this correctly.