1 Reply Latest reply: Mar 5, 2012 7:16 PM by EJP RSS

    For SSL enabled sites, when is the secure connection established

    802569
      Not entirely a servlet related question, but I'm not sure where else to post. I have an SSL enabled site and I'm curious at what point the handshake occurs to establish the encryption. I have a webpage on one app server, that needs to post data directly to a servlet on an SSL enabled webapp of another app server. It needs to post some sensitive data, so I want to ensure that the encryption is established prior to posting to the servlet. From what I gather, when the web page initiates the post, the client will go through a series of exchanges with the servlets server to establish the encryption, then perform the actual post. Is this correct? No other resource on the servlets server is requested prior to this post.

      thanks
        • 1. Re: For SSL enabled sites, when is the secure connection established
          EJP
          For SSL enabled sites, when is the secure connection established
          The first HTTPS connection is established the first time you use an HTTPS URL.

          The SSL handshake occurs at the beginning of an SSL connection.

          Not sure why this is such a mystery.
          It needs to post some sensitive data, so I want to ensure that the encryption is established prior to posting to the servlet.
          No you don't, you want to ensure that that post takes place over HTTPS. So use an HTTPS URL for the POST.