In SSLSocket.java there is one abstract method
public abstract SSLSession getSession();
and One
public SSLSession getHandshakeSession() {
throw new UnsupportedOperationException();
}
and once we get the session object from either session=getSession or session=getHandshakeSession
What does session.startHandhshake do?
What is the difference between the three when it comes to SSL handshake, especially in 2 way SSL? When we pass keystore in java during handshake does the SSL session object consider it?
getSession(): Returns the SSL session associated with the established connection, including any data exchanged after the handshake. It reflects the entire handshake process, including client authentication.getHandshakeSession(): Returns the SSL session specifically for the ongoing handshake process. It contains information relevant to the handshake, such as the chosen cipher suite and exchanged certificates.session.startHandshake(): Initiates or continues the SSL handshake process, exchanging cryptographic information and establishing a secure connection. The session object obtained fromgetSession()orgetHandshakeSession()reflects the result of this handshake.In 2-way SSL, the session objects consider the keystore if it contains the necessary certificates and private keys for client authentication. The SSL implementation uses the certificates from the keystore to authenticate the client during the handshake.