I currently have an intranet-resident JAVA Applet that connects back to the
Application Server via standard TCP/IP sockets using the java.net.Socket
class, and everything is peachy. What I'm looking at doing now is making it
Internet friendly by providing host authentication (don't care about client
authentication at the mo) and strong cryptography between client and server.

OpenSSL and Stunnel (I don't want to have to make the Application Server SSL
compatible if I don't have to) are available on the server box therefore I
would dearly love an example of a JAVA client that can talk javax.net.SSL
(or something else) to a Stunnel-fronted server. (Less is definitely more
here - The least number of client keys and or certificate-generations the
better!)

Can anyone please help me with this? Obviously example-code would be ideal,
as would first-hand accounts of the trials and tribulations, but I'll
certainly settle for web-references to the appropriate docs or other
relevant material!

Are all the JSSE libraries/code reqd bundled with the JDK and runtime JVM ready?

Is there a better way? (Sadly IPsec is not an option here) Maybe there's an
alternate solution that can preserve the client's true IP address and
present it to the Application Server's "Listen"?

Cheers Richard Maher