Home | Contact Us | FAQ | Search & Site Map | Link to Us
Sign In | Join | Other 45 Sites in Network
HomeAnnouncementsWhite Papers
Discussion GroupsFirst AidDatabasesJavaBeansGUIJava 3DVirtual MachineCORBASecurityToolsGeneral
Java DirectoryOpen Source ProjectsSample Book ChaptersUser GroupsWeb Resources
Related Topics
Databases.NETMore Topics ...
Java Forum / General / January 2006

Tip: Looking for answers? Try searching our database.

Is SSLSocketFactory thread-safe?

Thread view: 
Enable EMail AlertsStart New Thread
Scott W Gifford - 20 Jan 2006 00:54 GMT
Hello,

I'm writing a multi-threaded application that uses SSL sockets for
communication.  I'm wondering if I need to provide any synchronization
around the SocketFactory returned by SSLSocketFactory.getDefault(), if
it's possible many threads will be creating new connections
simultaneously?  Can they all use the same SocketFactory, or should
they each call SSLSocketFactory.getDefault() to get their own?

Currently, my client provides methods like these:

   private static SocketFactory sockFac = null;
   private static SocketFactory getSocketFac() {
       if (sockFac == null)
           sockFac = SSLSocketFactory.getDefault();
       return sockFac;
   }

   public SearchClient(InetAddress host, int port) throws IOException {
       this(getSocketFac().createSocket(host,port));
   }

Should this be thread-safe?

Thanks!

----ScottG.
Reply to this Message
Thomas Hawtin - 20 Jan 2006 01:30 GMT
> I'm writing a multi-threaded application that uses SSL sockets for
> communication.  I'm wondering if I need to provide any synchronization
> around the SocketFactory returned by SSLSocketFactory.getDefault(), if
> it's possible many threads will be creating new connections
> simultaneously?  Can they all use the same SocketFactory, or should
> they each call SSLSocketFactory.getDefault() to get their own?

http://download.java.net/jdk6/docs/api/javax/net/ssl/SSLSocketFactory.html#getDefault()
    "Returns the default SSL socket factory."

There should only be one. So it doesn't matter if your code fetches the
same value more the once.

I was going to check the source, but the SSLSocketFactory.java is in a
docs directory and has an explanatory comment. (Thunderbird wants to
call SSLSocketFactory unsatisfactory.)

/*
 * NOTE:
 * Because of various external restrictions (i.e. US export
 * regulations, etc.), the actual source code can not be provided
 * at this time. This file represents the skeleton of the source
 * file, so that javadocs of the API can be created.
 */

However, there are no export restriction on javap and the object code
looks safe.

> Currently, my client provides methods like these:
>
[quoted text clipped - 4 lines]
>         return sockFac;
>     }

You don't need to do that. Just calling SSLSocketFactory.getDefault()
should be fine.

If you did need to keep hold of the reference for some reason, you could
write it more simply and safely as:

    private static final SocketFactory socketFactory =
        SSLSocketFactory.getDefault();

> Should this be thread-safe?

Yup, although in general you'd need to either initialise it as part of
the static initialiser or perhaps synchronise.

Tom Hawtin
Signature

Unemployed English Java programmer
http://jroller.com/page/tackline/

Reply to this Message


Free Magazines

Get these publications absolutely FREE for up to 12 months. There are no hidden fees and no obligation. Simply choose a title, complete the application form and submit it. Read more ...

Oracle MagazineNetwork ComputingComputer WorldBio-IT WorldeWeekInformation WeekInfosecurity
 
Sign In
Join
My Latest Posts
My Monitored Threads
My Blog
My Photo Gallery
My Profile
My Homepage
Start New Thread
Enable EMail Alerts
Rate this Thread



©2009 Advenet LLC   Privacy Policy - Terms of Use
This website includes both content owned or controlled by Advenet as well as content owned or controlled by third parties.