Dear Wiki user,

You have subscribed to a wiki page or wiki category on "Httpcomponents Wiki" 
for change notification.

The following page has been changed by RolandWeber:
http://wiki.apache.org/HttpComponents/AlternativeJSSE

The comment on the change is:
updated some links

New page:
= JSSE Implementations =
HttpClient does not come with support for SSL/TLS because it doesn't have to.
Both security protocols are for the transport layer, while the HTTP protocol
operates on top of the transport layer. You can mix and match HttpClient with
any independent SSL/TLS implementation. Our
[http://hc.apache.org/httpclient-3.x/sslguide.html SSL/TLS guide]
explains how to do this.
The standard 
[http://java.sun.com/j2se/1.4.2/docs/guide/security/jsse/JSSERefGuide.html#KeyClasses
 Java API for SSL/TLS]
is called [http://java.sun.com/products/jsse/index.jsp JSSE (Java Secure Socket 
Extension)].
This page lists some JSSE providers, that is implementations of the API, which 
you can use.
It starts with JSSE providers that are bundled with JDKs, then follow 
independent packages.

Some of the [http://hc.apache.org/httpclient-3.x/sslguide.html SSL code]
in the HttpClient contrib package is hard-coded against the SUN JSSE provider,
since classes under com.sun.* are referenced. If you are using a different 
provider,
you have to adapt the code to use the respective API of that provider.
Problems you may encounter with some JSSE implementations are sometimes caused 
by the fact
that the secure sockets provided not always correctly implement all socket 
operations
used by HttpClient.


== SUN JSSE ==
SUN JDKs since 1.4 are shipped with the SUN JSSE provider.
There is a separate package that can be downloaded and installed for older JDKs.
The SUN JSSE provider is reported to be stable for use with HttpClient since 
JDK 1.4.2.
Older versions, and the separate download packages for older JDKs, are reported 
to cause problems.


== IBM JSSE ==
IBM JDKs ship with an IBM JSSE provider replacing the one from SUN. Here is the
[http://www-128.ibm.com/developerworks/java/jdk/security/142/secguides/jssedocs/JSSERefGuide.html
 documentation]
for the JSSE. Platform specific security information for the IBM JDK 1.4.2 is 
available
[http://www-128.ibm.com/developerworks/java/jdk/security/142/ here].
Information about older JDKs seems to be unavailable or is well hidden.


== JESSIE ==
[http://www.nongnu.org/jessie/ JESSIE] stands for ''JESSIE Executes Secure 
Sockets In Excess''.
It is a free implementation of JSSE with a relaxed GNU license.


== SSLava ==
[http://www.oracle.com/technology/products/id_mgmt/phaos/prod_doc.html#ssl 
Oracle Phaos SSLava]


== iSaSiLk ==
Developed at the Technical University of Graz,
[http://jce.iaik.tugraz.at/products/02_isasilk/index.php iSaSiLk]
is not a cheap, but a good SSL/TLS implementation.
[http://mail-archives.apache.org/mod_mbox/jakarta-httpcomponents-dev/200505.mbox/[EMAIL
 PROTECTED] Recommended by Oleg.]

---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Reply via email to