Welcome!

Welcome to the official BlackBerry Support Community Forums.

This is your resource to discuss support topics with your peers, and learn from each other.

inside custom component

Java Development

Reply
Developer
robybd
Posts: 216
Registered: ‎09-11-2008
My Device: 9000(Bold)

SSL Connection saved in the BB cache?

Hello,

 

I'm having trouble using SSL connection on the BB (Both real device and Simulator):

1) I'm connecting using SSL connection to a server and communicate successfully.

2) i'm closing the socket

3) after ~5sec i open a new SSL connection to the same server

4) The server "claims" that the BB uses the same session-id and therefore doesn't use full SSL-handshke

 

My questions is: Does the BB uses cache for SSL connections and if so can i force the BB to use "fresh" SSL connection (didn't see such option in the API?

Thx.

 

Please use plain text.
Developer
Posts: 1,474
Registered: ‎04-14-2009
My Device: Not Specified

Re: SSL Connection saved in the BB cache?

Just to confirm, are you seeing the same underlying TCP connection being used (e.g., HTTP 1.1 over TLS/SSL) or different connections but the same SSL Session? If it's the latter, you can always disable this feature on your server (if you don't like the feature for some reason).

Please use plain text.
Developer
robybd
Posts: 216
Registered: ‎09-11-2008
My Device: 9000(Bold)

Re: SSL Connection saved in the BB cache?

Hi,

The server is located at my customer site and i can't access it. According to my customer he sees the same session but on different socket.

Here's the code i'm using:

 

 

SecureConnection securedCon = (SecureConnection)Connector.open(SECURED_URL);
OutputStream outStream = _securedCon.openOutputStream();
OutputStreamWriter out = new OutputStreamWriter(outStream);

DataOutputStream dos = new DataOutputStream(outStream);
dos.write(data.getBytes());
dos.flush();

try {   
   outStream.close();
   securedCon.close();
} catch (Exception conExc) {
}

//...
//...
securedCon = (SecureConnection)Connector.open(SECURED_URL);
OutputStream outStream = _securedCon.openOutputStream();
OutputStreamWriter out = new OutputStreamWriter(outStream);

dos.write(data.getBytes());
dos.flush();

 

 

Please use plain text.
Developer
Posts: 1,474
Registered: ‎04-14-2009
My Device: Not Specified

Re: SSL Connection saved in the BB cache?

[ Edited ]

So, why does the customer dislike session reuse? It's a valid feature of SSL/TLS. If they have reason to dislike this feature, let them switch it off on the server-side. It's much more reliable (and secure) than changing all possible clients that could connect to their server.

Please use plain text.
Developer
robybd
Posts: 216
Registered: ‎09-11-2008
My Device: 9000(Bold)

Re: SSL Connection saved in the BB cache?

I agree that it can be solved on the server side but i wanted to know if there's a way to "force" the BB to request full auth. session again from the server.

Please use plain text.