During an SSL handshake, the step 3, which is downloading the certificate from the server, is optional.
So if I have distributed the certificate with my client, how can I skip the downloading to improve the performance?
Note that I know how to load a local certificate and how to trust it. But I don't know how to skip the downloading process and I haven't found anything useful in the java document.
Thanks in advance.
My question is NOT about using a cipher suite which does not require a certificate. I still have a certificate and wish to use its public key for symmetric key exchange.
My question is NOT about using a cipher suite which does not require a certificate. I still have a certificate and wish to use its public key for encryption.
I think you are missing the role of a certificate in TLS. The main task is to provide authentication so that the connection is protected against man in the middle attacks (i.e. man in the middle claiming to be the server).
Payload encryption is not done by the certificate at all. At most it is used to exchange the encryption key in RSA based key exchange. But for currently recommended key exchanges (ECDHE and maybe DHE) the certificate is not needed at all.
Which means that using a certificate only for key exchange but not for authentication makes no sense and for this reason there is no cipher which supports this.