Skip to content

Instantly share code, notes, and snippets.

@4ndrej
Last active January 3, 2024 09:50
Star You must be signed in to star a gist
Save 4ndrej/4547029 to your computer and use it in GitHub Desktop.
Test of java SSL / keystore / cert setup. Check the comment #1 for howto.
import javax.net.ssl.SSLParameters;
import javax.net.ssl.SSLSocket;
import javax.net.ssl.SSLSocketFactory;
import java.io.*;
/** Establish a SSL connection to a host and port, writes a byte and
* prints the response. See
* http://confluence.atlassian.com/display/JIRA/Connecting+to+SSL+services
*/
public class SSLPoke {
public static void main(String[] args) {
if (args.length != 2) {
System.out.println("Usage: "+SSLPoke.class.getName()+" <host> <port>");
System.exit(1);
}
try {
SSLSocketFactory sslsocketfactory = (SSLSocketFactory) SSLSocketFactory.getDefault();
SSLSocket sslsocket = (SSLSocket) sslsocketfactory.createSocket(args[0], Integer.parseInt(args[1]));
SSLParameters sslparams = new SSLParameters();
sslparams.setEndpointIdentificationAlgorithm("HTTPS");
sslsocket.setSSLParameters(sslparams);
InputStream in = sslsocket.getInputStream();
OutputStream out = sslsocket.getOutputStream();
// Write a test byte to get a reaction :)
out.write(1);
while (in.available() > 0) {
System.out.print(in.read());
}
System.out.println("Successfully connected");
} catch (Exception exception) {
exception.printStackTrace();
System.exit(1);
}
}
}
@klasen
Copy link

klasen commented May 8, 2020

I made a version that show the current setting of all known (to me) Java properties, which a relevant for TLS:
https://github.com/klasen/sslpoke

@4ndrej
Copy link
Author

4ndrej commented Oct 5, 2021

Gives error: "Error: Could not find or load main class sslpoke" (I also tried SSLPoke on the command line)

Yeah, I don't do Java, so it looks good to me, and I want to add a --Look_in_the_dang_file to tell it to not be an idiot and look in the file for the class, it is right there, static main... I just copied the 'raw' and then pasted it into a file and ran it with java SSLPoke site.name.com 8693

Hi @traderhut,
expecting you are running this in the same folder the SSLPoke.java is it seems like you are trying to run the source code, not the compiled stuff.
So, run the compiler first:
javac SSLPoke.java
Make sure it produces SSLPoke.class file.
and then run the interpreter:
java SSLPoke site.name.com 8693

@bric3
Copy link

bric3 commented Oct 5, 2021

@traderhut Also if your Java version is at least JDK 11 you can run the file without compiling it. Just copy the content and paste it into a file name SSLPoke.java — the .java extension is important — then run it

$ java -version
openjdk version "11.0.12" 2021-07-20 LTS
OpenJDK Runtime Environment Corretto-11.0.12.7.2 (build 11.0.12+7-LTS)
OpenJDK 64-Bit Server VM Corretto-11.0.12.7.2 (build 11.0.12+7-LTS, mixed mode)

$ java SSLPoke.java google.com 443
Successfully connected

The error you encounter is probably because you run the following command java sslpoke {site} {port}. Without the .java extension the command assumes it is a compiled class. Look at the help.

$ java --help
Usage: java [options] <mainclass> [args...]
           (to execute a class)
   or  java [options] -jar <jarfile> [args...]
           (to execute a jar file)
   or  java [options] -m <module>[/<mainclass>] [args...]
       java [options] --module <module>[/<mainclass>] [args...]
           (to execute the main class in a module)
   or  java [options] <sourcefile> [args]
           (to execute a single source-file program)

...

@traderhut
Copy link

Been a while since I looked at Java, like about a year after it came out... Thanks for the assistance, turns out I solved the problem without using this tool

@TiloGit
Copy link

TiloGit commented Feb 11, 2022

fyi, I use this with this CLI:

java -Djavax.net.ssl.trustStore=/path/to/store/LdapSSLKeyStore.jks -Djavax.net.ssl.trustStorePassword=123 -Djavax.net.ssl.trustStoreType=jks SSLPoke myserver.local 443

#or with debug and force certain protocol
java -Djavax.net.ssl.trustStore=/path/to/store/LdapSSLKeyStore.jks -Djavax.net.ssl.trustStorePassword=123 -Djavax.net.ssl.trustStoreType=jks -Djavax.net.debug=ssl:handshake:verbose -Djdk.tls.client.protocols=TLSv1 -Dhttps.protocols=TLSv1  SSLPoke myserver.local 443

Copy link

ghost commented Oct 8, 2022

java -Djavax.net.ssl.trustStore=/path/to/store/LdapSSLKeyStore.jks -Djavax.net.ssl.trustStorePassword=123 -Djavax.net.ssl.trustStoreType=jks SSLPoke

Very cool. Exactly what I was looking for. Thanks!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment