This discussion is archived
1 Reply Latest reply: Mar 5, 2012 5:16 PM by EJP RSS

For SSL enabled sites, when is the secure connection established

802569 Newbie
Currently Being Moderated
Not entirely a servlet related question, but I'm not sure where else to post. I have an SSL enabled site and I'm curious at what point the handshake occurs to establish the encryption. I have a webpage on one app server, that needs to post data directly to a servlet on an SSL enabled webapp of another app server. It needs to post some sensitive data, so I want to ensure that the encryption is established prior to posting to the servlet. From what I gather, when the web page initiates the post, the client will go through a series of exchanges with the servlets server to establish the encryption, then perform the actual post. Is this correct? No other resource on the servlets server is requested prior to this post.

thanks
  • 1. Re: For SSL enabled sites, when is the secure connection established
    EJP Guru
    Currently Being Moderated
    For SSL enabled sites, when is the secure connection established
    The first HTTPS connection is established the first time you use an HTTPS URL.

    The SSL handshake occurs at the beginning of an SSL connection.

    Not sure why this is such a mystery.
    It needs to post some sensitive data, so I want to ensure that the encryption is established prior to posting to the servlet.
    No you don't, you want to ensure that that post takes place over HTTPS. So use an HTTPS URL for the POST.

Legend

  • Correct Answers - 10 points
  • Helpful Answers - 5 points