Can I extract symmetric key in java SSLSocket class?

Question

how can I get session symmetric key in Java? Is it hidden? (Looked for methods but there were none) That would make sense, however, I still need it. Is there a way to retrieve the symmetric key?

Answer 1

No. The SSL layer implementation is supposed to be transparent and internally takes care of encrypting the data below the application layer without any interference from the application layer. The symmetric key is generated per session and is to be shared only with the parties involved (in your case, the SSL layer at both ends of the socket connection) and nobody else. There is no justifiable need for the application layer to have access to the session key.