...
The principal protections included in SSLSocket that are not provided by the Socket class are [API 2006]:
- Integrity Protection: SSL protects against modification of messages by an active wiretapper.
- Authentication: In most modes, SSL provides peer authentication. Servers are usually authenticated, and clients may be authenticated as requested by servers.
- Confidentiality (privacy protection): In most modes, SSL encrypts data being sent between client and server. This protects the confidentiality of data so that passive wiretappers cannot observe sensitive data such as financial or personal information.
It is also important to use SSL for secure remote method invocation (RMI) communications because RMI depends on object serialization, and serialized data must be safeguarded in transit. Gong, Ellison, and Dageforde [Gong 2003] describe how to secure RMI communications using SSLSocket.
...
Bibliography