# HG changeset patch
# User Joeri van Ruth <joeri.van.ruth@monetdbsolutions.com>
# Date 1701944499 -3600
# Node ID 09f463444ddecd85d87798c847ac4f24a29a3927
# Parent  117e7917325d81ef16cf2302fd7b2f7aed23d616
TLS support in its most basic form

diff --git a/src/main/java/org/monetdb/mcl/net/MapiSocket.java b/src/main/java/org/monetdb/mcl/net/MapiSocket.java
--- a/src/main/java/org/monetdb/mcl/net/MapiSocket.java
+++ b/src/main/java/org/monetdb/mcl/net/MapiSocket.java
@@ -345,7 +345,7 @@ public final class MapiSocket {
 		con = sock;
 	}
 
-	private Socket wrapTLS(Socket sock, Target.Validated validated) throws MCLException {
+	private Socket wrapTLS(Socket sock, Target.Validated validated) throws IOException {
 		if (validated.getTls())
 			return SecureSocket.wrap(validated, sock);
 		return sock;
diff --git a/src/main/java/org/monetdb/mcl/net/SecureSocket.java b/src/main/java/org/monetdb/mcl/net/SecureSocket.java
--- a/src/main/java/org/monetdb/mcl/net/SecureSocket.java
+++ b/src/main/java/org/monetdb/mcl/net/SecureSocket.java
@@ -1,9 +1,22 @@
 package org.monetdb.mcl.net;
 
+import org.monetdb.mcl.MCLException;
+
+import javax.net.ssl.SSLSocket;
+import javax.net.ssl.SSLSocketFactory;
+import java.io.IOException;
 import java.net.Socket;
 
 public class SecureSocket {
-    public static Socket wrap(Target.Validated validated, Socket sock) {
-        throw new MCLException("TLS connections (monetdbs://) are not supported yet");
+    public static Socket wrap(Target.Validated validated, Socket inner) throws IOException {
+        SSLSocketFactory factory = (SSLSocketFactory) SSLSocketFactory.getDefault();
+        String host = validated.connectTcp();
+        int port = validated.connectPort();
+        boolean autoclose = true;
+        SSLSocket sock = (SSLSocket) factory.createSocket(inner, host, port, autoclose);
+        sock.setUseClientMode(true);
+
+        sock.startHandshake();
+        return sock;
     }
 }