The JDK pulls crypto operations from different providers to complete
operations (like TLS handshakes). The jsse.jar file is primarily tasked
with handling TLS operations but will call into other providers (jars)
where necessary. That's all controlled by the security provider framework.
If you're interested in seeing exactly what providers are in use, you
can use the -Djava.security.debug=provider property. It'll print that
information in verbose detail. That extra output is available in 7u80,
8u40 and later JDKs : https://bugs.openjdk.java.net/browse/JDK-8056026
Regards,
Sean.
On 01/06/2016 09:06, Ayaskant Swain wrote:
Hi All,
My question was not specific to those two cipher suites that I had
pasted in my query. I had just pasted them as examples. Rather my
question was generic.
I want to know which library or packages in JDK implement the
Algorithms/Ciphers that are used for SSL communication?
If java provides the implementation of those cryptographic Algos
through the *java.security , java.net.ssl & javax.crypto* packages
then what is the role of the *jsse.jar* library that ships in as part
of the *JAVA_HOME/ jre/lib* directory?
I could clearly see the *jsse.jar *has classes like *Handshaker.class,
SSLContextImpl.class, HandShakeMessage.class* inside the
sun.security.ssl package which do the actual SSL Handshake. There are
many more classes inside this package.
So wanted clarification on this.
Thanks
Ayas
On Wed, Jun 1, 2016 at 1:22 PM, Seán Coffey <sean.cof...@oracle.com
<mailto:sean.cof...@oracle.com>> wrote:
On 01/06/2016 03:42, Jim Manico wrote:
I think this is the right answer.
From
https://stackoverflow.com/questions/27323858/java-6-ecdhe-cipher-suite-support
The SSL/TLS implementation "JSSE" in Java 1.6 and later supports
ECDHE suites*IF there is an available (JCE) provider*for needed
ECC primitives.*Java 1.6 OOTB does NOT*include such an ECC
provider, but you can add one.*Java 7 and 8 do*include SunECC
provider.
I don't believe Ayaskant's query was specific to ECC. In any case,
the above answer isn't accurate. ECC support is available OOTB in JDK
6 for Solaris. It's provided via the SunPKCS11 provider. SunEC
provider was added in JDK 7:
http://docs.oracle.com/javase/7/docs/technotes/guides/security/SunProviders.html#SunEC
regards,
Sean.
- Jim
On 5/29/16 8:02 PM, Ayaskant Swain wrote:
Hi,
Can anyone please help me know about this - Does JSSE library
implement the Ciphers or Algorithms of a SSL protocol ? I see
the jsse.jar library shipped with the JDK. I read the the Oracle
document about JSSE -
http://docs.oracle.com/javase/8/docs/technotes/guides/security/jsse/JSSERefGuide.html#Introduction
So my question is - does the JSSE implement the Ciphers or
Algorithms that are used for a successful SSL handshake , server
authentication, data integrity & data confidentiality
(Application data encryption).
Example of cipher suites -
*TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 or
**TLS_DHE_RSA_WITH_AES_128_GCM_SHA256*
*
*
So is the coding of the above ciphers have been done in the JSSE
library?
Thanks
Ayaskant
Bangalore
