I’m writing a thread/connection mmorpg server in Java, and I was wondering, should I use the normal Socket class and add security to the connection by myself(exchanging keys with a certain handshake order?), or is it better to use SSLSocket class to connect the clients with the server all the time?
Are there any benchmarks or performance tests that show the performance of the SSLSocket class?
I’m writing a thread/connection mmorpg server in Java, and I was wondering, should I
Share
Most MMO Servers don’t use SSLSockets, but for your case it would be advisable. You should do a Diffie-Hellman-Keyexchange over an SSL Connection and then encrypt all following packets symmetrically with Blowfish, for example.
Addendum:
I don’t think it still holds that SSLSockets put much more load on a server. If the server is fairly recent, he should be able to cope with the little extra load of encryption. I know of StarCraft 2 that it encrypts the packets on it’s own and uses UDP for that purpose. Also, WOW uses encryption on it’s packets, to prevent altering of the data on their way and sniffing of player positions aso. Encryption is for every MMO a must, but how you implement it is up to you.
I point you to this thread, where this problem is discussed: http://www.gamedev.net/topic/589113-should-mmorpgs-use-encryption/
Also, there is a google book about this problem:
http://books.google.at/books?id=hiBFUv_FT0wC&pg=PA105&lpg=PA105#v=onepage&q&f=false