Re: Java SSL Support (didn't have a subject, so I am giving it one.)
Chris Cleeland <[EMAIL PROTECTED]> writes: > On 30 Apr 2002, Eric Rescorla wrote: > Right. Good point. However, for some reason I remember that we had problems > with JSSE doing RSA properly, too. But memory is fuzzy anymore. That could be. I've heard such reports but never really verified them. > > PureTLS (http://www.rtfm.com/puretls) is a free Java SSL/TLS > > implementation that interoperates fine with OpenSSL. > > Thanks for the link! I checked it out. Do you have any idea what the > performance is like compared to JSSE? (I notice that you suggest using > GoNative accelerated implementations of crypto stuff, so comparisons should > specify whether PureTLS uses GoNative or not.) I haven't benchmarked JSSE. I imagine the performance of JSSE and PureTLS are pretty similar, since the DSA and RSA impls. use the same bignum operations and there's only so much you can do to optimize DES or SHA-1 in Java. The purpose of GoNative is to improve performance over what you can get in Java. -Ekr -- [Eric Rescorla [EMAIL PROTECTED]] http://www.rtfm.com/ __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: Java SSL Support (didn't have a subject, so I am giving it one.)
On 30 Apr 2002, Eric Rescorla wrote: > Chris Cleeland <[EMAIL PROTECTED]> writes: > > On Tue, 30 Apr 2002, Ed Moyle wrote: > > Does anybody know if the "wrong signature length" problems in JSSE have been > > fixed? Otherwise, I don't think this'll work, even if you code it > > properly... > > > > Check out the following link: > > > > >http://groups.google.com/groups?hl=en&frame=right&th=364ff2e1a2f20db0&seekm=40373dc3.0108131639.3b69c55d%40posting.google.com#link3 > > I dunno if this has been fixed or not (though it only applies to > DSA). Right. Good point. However, for some reason I remember that we had problems with JSSE doing RSA properly, too. But memory is fuzzy anymore. > PureTLS (http://www.rtfm.com/puretls) is a free Java SSL/TLS > implementation that interoperates fine with OpenSSL. Thanks for the link! I checked it out. Do you have any idea what the performance is like compared to JSSE? (I notice that you suggest using GoNative accelerated implementations of crypto stuff, so comparisons should specify whether PureTLS uses GoNative or not.) Thanks! -cj -- Chris Cleeland, cleeland_c @ ociweb.com, http://www.milodesigns.com/~chris Principal Software Engineer, Object Computing, Inc., +1 314 579 0066 Support Me Supporting Cancer Survivors in Ride for the Roses 2002 >Donate at http://www.milodesigns.com/donate< __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: Java SSL Support (didn't have a subject, so I am giving it one.)
Chris Cleeland <[EMAIL PROTECTED]> writes: > On Tue, 30 Apr 2002, Ed Moyle wrote: > Does anybody know if the "wrong signature length" problems in JSSE have been > fixed? Otherwise, I don't think this'll work, even if you code it > properly... > > Check out the following link: > > >http://groups.google.com/groups?hl=en&frame=right&th=364ff2e1a2f20db0&seekm=40373dc3.0108131639.3b69c55d%40posting.google.com#link3 I dunno if this has been fixed or not (though it only applies to DSA). PureTLS (http://www.rtfm.com/puretls) is a free Java SSL/TLS implementation that interoperates fine with OpenSSL. -Ekr -- [Eric Rescorla [EMAIL PROTECTED]] http://www.rtfm.com/ __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
RE: Java SSL Support (didn't have a subject, so I am giving it one.)
On Tue, 30 Apr 2002, Ed Moyle wrote:
> On Monday, April 29, 2002 09:15, arjan pot [mailto:[EMAIL PROTECTED]] wrote:
>
> > In other words; is it possible to connect with a Java - client through
> > OpenSSL to a server, written in C?
>
> The part about this that sounds hard is the "connect through OpenSSL" part.
> My recommendation would be to use the javax.net.ssl.SSLSocket extensions
> and use the built-in SSL support in the java API. Check out the following:
> http://java.sun.com/j2se/1.4/docs/api/javax/net/ssl/SSLSocket.html
> There are numerousimplementations (e.g. JCSI for example, is free for
> research and educational purposes: http://www.wedgetail.com/jcsi/index.html).
>
> So, for example, you might do something like:
>
> SSLSocketFactory factory = new SSLSocketFactory();
> Socket myClientSocket = createSocket(new String("127.0.0.1"), 443);
> //myClient should be an SSLSocket. Use like you would any other.
Does anybody know if the "wrong signature length" problems in JSSE have been
fixed? Otherwise, I don't think this'll work, even if you code it
properly...
Check out the following link:
http://groups.google.com/groups?hl=en&frame=right&th=364ff2e1a2f20db0&seekm=40373dc3.0108131639.3b69c55d%40posting.google.com#link3
-cj
--
Chris Cleeland, cleeland_c @ ociweb.com, http://www.milodesigns.com/~chris
Principal Software Engineer, Object Computing, Inc., +1 314 579 0066
Support Me Supporting Cancer Survivors in Ride for the Roses 2002
>Donate at http://www.milodesigns.com/donate<
__
OpenSSL Project http://www.openssl.org
User Support Mailing List[EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
RE: Java SSL Support (didn't have a subject, so I am giving it one.)
On Monday, April 29, 2002 09:15, arjan pot [mailto:[EMAIL PROTECTED]] wrote:
> In other words; is it possible to connect with a Java - client through
> OpenSSL to a server, written in C?
The part about this that sounds hard is the "connect through OpenSSL" part.
My recommendation would be to use the javax.net.ssl.SSLSocket extensions
and use the built-in SSL support in the java API. Check out the following:
http://java.sun.com/j2se/1.4/docs/api/javax/net/ssl/SSLSocket.html
There are numerousimplementations (e.g. JCSI for example, is free for
research and educational purposes: http://www.wedgetail.com/jcsi/index.html).
So, for example, you might do something like:
SSLSocketFactory factory = new SSLSocketFactory();
Socket myClientSocket = createSocket(new String("127.0.0.1"), 443);
//myClient should be an SSLSocket. Use like you would any other.
-E
__
OpenSSL Project http://www.openssl.org
User Support Mailing List[EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
