DefaultSsl.createSocket(String, Socket, boolean) calls SSLSocketFactory.createSocket(sock, host, port, true) to layer an SSL socket around an already-connected socket. I notice the code is passing in the remote host for the host parameter, and the *local* port for the port parameter. Sun's Javadoc isn't much help describing what those parameters are for. They don't make a lot of sense, given that the socket being wrapped must be connected already. I decompiled some of Sun's code, and it looks as if the port might not be used.
The code works, so I'm not complaining about that. I just wondered about the discrepancy between local and remote in those two parameters. Clint Foster Axway