Getting Started

To create an SSLEngine, you use the SSLContext.createSSLEngine() methods. You must then configure the engine to act as a client or a server, as well as set other configuration parameters such as which cipher suites to use and whether to require client authentication.

Here is an example that creates an SSLEngine. Note that the server name and port number are not used for communicating with the server--all transport is the responsibility of the application. They are hints to the JSSE provider to use for SSL session caching, and for Kerberos-based cipher suite implementations to determine which server credentials should be obtained.

import javax.net.ssl.*;
import java.security.*;


// Create/initialize the SSLContext with key material


char[] passphrase = "passphrase".toCharArray();


// First initialize the key and trust material.

KeyStore ksKeys = KeyStore.getInstance("JKS");

ks.load(new FileInputStream("testKeys"), passphrase);

KeyStore ksTrust = KeyStore.getInstance("JKS");

ks.load(new FileInputStream("testTrust"), passphrase);


// KeyManager's decide which key material to use.

KeyManagerFactory kmf =
  KeyManagerFactory.getInstance("IbmX509");

kmf.init(ksKeys, passphrase);


// TrustManager's decide whether to allow connections.
TrustManagerFactory tmf =

  TrustManagerFactory.getInstance("PKIX");
tmf.init(ksTrust);


sslContext = SSLContext.getInstance("SSL_TLS");
sslContext.init(

kmf.getKeyManagers(), tmf.getTrustManagers(), null);


// We're ready for the engine.
SSLEngine engine = sslContext.createSSLengine(hostname, port);


// Use as client
engine.setUseClientMode(true);