One of the worst things I've ever dealt with in Java is SSL. Easily. There's a lot I like about the language otherwise, but dealing with SSL is always a nightmare, nothing does it simply or cleanly, the keytools are bizarrely unintuitive, and configuring anything is incredibly verbose
You must log in to comment.
in reply to @possumskull's post:
the only thing I have ever had to do with SSL in java was write a man-in-the-middle proxy for security class in college and I am deeply grateful for that because even that was a nightmare
That does sound bad. I hate having to like create some kind of factory and set a bunch of things, and then add that to another connection factory, and add that to a configuration factory, and then use that to create a connection.
Just to have the thing not complain about self-signed certificates
I also had to solve an issue with SSL some time ago. What was weird, but I guess it kind of makes sense, is that you can only have one truststore, so you have to import the data from the system trust store into your app's trust store so that things like normal https works.
Definitely one of those processes that I documented step by step into the knowledgebase just so I don't have to figure it all out again.
Pinned Tags