Protocol Support

This chapter includes the following topics:

• HTTP, FTP, and GOPHER
• HTTPS
• Socks
• NTLM Authentication

HTTP, FTP, and GOPHER

Java Plug-in supports HTTP, FTP, and GOPHER protocols, including built-in proxy configuration support.

HTTPS

Introduction

HTTPS is supported in Java Plug-in through Java Secure Socket Extension (JSEE), which provides a Java implementation of SSL and HTTPS for the Java platform.

Error handling support

When accessing an HTTPS server, errors may occur. Java Plug-in has hooked into JSSE to provide the following types of error handling:

• Hostname mismatch: If the HTTPS server host name does not match the name on the server certificate, a warning dialog will appear. 
  
• Untrusted server certificate: If the server certificate can not be verified during the SSL handshaking, a warning dialog will appear.
  
• Untrusted client certificate: In case client authentication is required by the server and the client certificate cannot be verified, a warning dialog will be appear.
  
• Server authentication: If the client accesses a protected directory on the HTTPS server, the users will be prompted for a username and password. Note: Only basic authentication is currently supported.

Potential issues with HTTPS through JSSE

Although support of HTTPS through JSSE eliminates many browser-specific problems, there are several issues that developers should be aware of:

• Untrusted server certificate: When SSL handshaking takes place in establishing an HTTPS connection, the server certificate is verified against the root CA store in Java SE. However, Java SE supports fewer root CA certificates than does the browser. As a result, you may have problems with untrusted server certificates.
  
• Client authentication: Java Plugin supports browser keystore in JRE 1.5 or later. With browser keystore client authentication of HTTPS server is performed differently for Internet Explorer and Mozilla family browsers. For Internet Explorer the certificate is not imported into the JRE keystore. For Mozilla family browsers, a JSS package should be installed to read the certificate from the Mozilla keystore. By default browser keystore support is turned on.
  
• Level of error handling: Java Plug-in currently handles the types of error listed in the previous section. However, if there are additional types of error that Java Plug-in doesn't recognize, the Java applet code may break. 
  

Socks

Java Plug-in currently supports SOCKS version 4.

Note: For HTTP/HTTPS, a SOCKS proxy server may be used with a web proxy server to add caching. The behavior, however, may differ from that observed when running a similar configuration in a browser without Java Plug-in.

NTLM Authentication

Java Plug-in supports NTLM authentication protocol for HTTP/HTTPS. When attempting to access a server requiring NTLM authentication, the following dialog is displayed:

To authenticate enter User Name, Password and the Domain in the respective fields.