Chapter 6. The sslsocket and sslbisocket transports

The sslsocket transport is derived from the socket transport (The socket transport) and differs only in the use of and instead of the usual Java sockets and server sockets. Similarly, the sslbisocket transport is derived from the bisocket transport (The bisocket transport) and differs only in the use of SSLSockets and SSLServerSockets.

6.1. Server side

Remoting provides a configurable extension of called It depends on an instance of, which creates and configures an instance of and uses it to create an instance of It is the SSLSocketBuilder which can be configured with keystores, etc. SSLSocketBuilder is described in more detail in the Remoting Guide.

For example, JBoss Messaging uses instances of SSLSocketFactoryService and SSLSocketBuilder as follows in its configuration of the sslbisocket transport:

   <mbean code=""
          display-name="SSL Server Socket Factory">
      <depends optional-attribute-name="SSLSocketBuilder"

   <mbean code=""
          display-name="SSL Server Socket Factory Builder">
           IMPORTANT - If making ANY customizations, this MUST be set to false.
           Otherwise, will use default settings and the following attributes will be ignored.
      <attribute name="UseSSLServerSocketFactory">false</attribute>
      <attribute name="KeyStoreURL">${jboss.server.home.url}/deploy/messaging/messaging.keystore</attribute>
      <attribute name="KeyStorePassword">secureexample</attribute>
      <attribute name="KeyPassword">secureexample</attribute>
      <attribute name="SecureSocketProtocol">TLS</attribute>
      <attribute name="KeyStoreAlgorithm">SunX509</attribute>
      <attribute name="KeyStoreType">JKS</attribute>

Through these two MBeans, JBoss Messaging provides itself with a suitably configured instance of an SSLServerSocketFactory on the server side.

6.2. Client side

Although a SSLSocketBuilder can be used to create a, the one on the server side typically will not be available on the client side, so it is the responsibility of the particular subsystem (JBoss Messaging, EJB2, EJB3) to create a RemoteClientInvoker with a suitable SSLSocketFactory. For example, JBoss Messaging takes two steps:

  1. it uses a Remoting transport, sslbisocket, whose SSLBisocketClientInvoker is designed to create an SSLSocketFactory through the use of a properly configured SSLSocketBuilder, and
  2. it captures appropriate SSL parameters and passes them to the SSLBisocketClientInvoker:
          Map configuration = new HashMap();
          String trustStoreLoc = System.getProperty("org.jboss.remoting.trustStore");
          if (trustStoreLoc != null)
             configuration.put("org.jboss.remoting.trustStore", trustStoreLoc);
             String trustStorePassword = System.getProperty("org.jboss.remoting.trustStorePassword");
             if (trustStorePassword != null)
                configuration.put("org.jboss.remoting.trustStorePassword", trustStorePassword);
          Client client = new Client(new InvokerLocator(serverLocatorURI), configuration);

6.3. Additional parameters

The following parameters are applicable to both the client and server sides for the sslsocket and sslbisocket transports:

enabledCipherSuites - a String array which is passed to SSLSocket.setEnabledCipherSuites()

enabledProtocols - a String array which is passed to SSLSocket.setEnabledProtocols()

enableSessionCreation - a boolean value which is passed to SSLSocket.setEnableSessionCreation()