> So is *jsse.jar* the default security provider for Java? Can you also
> give some examples of other security providers?
>
> Is it the security providers who actually implement the underlying
> Ciphers or crytographic Algorithms?

There are many Oracle providers that provide different algorithms.

I think you may not have grasped the Provider-based mechanism yet. Please see the documentation:

    http://docs.oracle.com/javase/8/docs/technotes/guides/security/

Specifically:

    Java Cryptography Architecture (JCA) Reference Guide
        specifically the "Cryptographic Service Providers" section.
    Standard Algorithm Names
    Oracle Providers

Brad




Thanks
Ayas

On Thu, Jun 2, 2016 at 12:13 AM, Bradford Wetmore
<bradford.wetm...@oracle.com <mailto:bradford.wetm...@oracle.com>> wrote:

    Hopefully this makes it clear.

    For JSSE, javax.net/javax.net.ssl <http://javax.net/javax.net.ssl>
    (in rt.jar) contains the APIs which call into JSSE providers.
    sun.security.ssl (contained in jsse.jar) is one such provider.  The
    JSSE implementation contains routines specific to TLS, but
    eventually calls into JCA/JCE for specific crypto algorithms (e.g.
    RSA/AES/SHA/DH/ECDH/etc).  The JCA/JCE framework consults its list
    of installed providers, and finds the first available implementation
    of whatever is needed.  If it can't find something, that ciphersuite
    has to be disabled.

    Going back to the followup question, on JDK 6, if JCA/JCE can't find
    a registered ECC provider, then it must disable the ECC-based
    suites.  As Sean said, Solaris has ECC through PKCS11, so OOTB
    ECC-based suites should work on JDK 6 if you're on Solaris.  If on
    something else, you need to install an ECC provider to get ECC-based
    suite.

    Brad




    On 6/1/2016 1:06 AM, Ayaskant Swain wrote:

        Hi All,

        My question was not specific to those two cipher suites that I had
        pasted in my query. I had just pasted them as examples. Rather my
        question was generic.

        I want to know which library or packages in JDK implement the
        Algorithms/Ciphers that are used for SSL communication?

        If java provides the implementation of those cryptographic Algos
        through
        the *java.security , java.net.ssl & javax.crypto* packages then
        what is
        the role of the *jsse.jar* library that ships in as part of the
        *JAVA_HOME/ jre/lib* directory?

        I could clearly see the *jsse.jar *has classes like
        *Handshaker.class,
        SSLContextImpl.class, HandShakeMessage.class* inside the
        sun.security.ssl package which do the actual SSL Handshake.
        There are
        many more classes inside this package.

        So wanted clarification on this.

        Thanks
        Ayas

        On Wed, Jun 1, 2016 at 1:22 PM, Seán Coffey
        <sean.cof...@oracle.com <mailto:sean.cof...@oracle.com>
        <mailto:sean.cof...@oracle.com <mailto:sean.cof...@oracle.com>>>
        wrote:


            On 01/06/2016 03:42, Jim Manico wrote:


                I think this is the right answer.

                From

            
https://stackoverflow.com/questions/27323858/java-6-ecdhe-cipher-suite-support

                The SSL/TLS implementation "JSSE" in Java 1.6 and later
            supports
                ECDHE suites *IF there is an available (JCE) provider*
            for needed
                ECC primitives. *Java 1.6 OOTB does NOT* include such an ECC
                provider, but you can add one. *Java 7 and 8 do* include
            SunECC
                provider.

            I don't believe Ayaskant's query was specific to ECC. In any
        case,
            the above answer isn't accurate. ECC support is available
        OOTB in JDK
            6 for Solaris. It's provided via the SunPKCS11 provider. SunEC
            provider was added in JDK 7:

        
http://docs.oracle.com/javase/7/docs/technotes/guides/security/SunProviders.html#SunEC

            regards,
            Sean.


                - Jim


                On 5/29/16 8:02 PM, Ayaskant Swain wrote:

                    Hi,

                    Can anyone please help me know about this - Does
                JSSE library
                    implement the Ciphers or Algorithms of a SSL
                protocol ? I see the
                    jsse.jar library shipped with the JDK. I read the
                the Oracle
                    document about JSSE
                    -
                
<http://docs.oracle.com/javase/8/docs/technotes/guides/security/jsse/JSSERefGuide.html#Introduction>http://docs.oracle.com/javase/8/docs/technotes/guides/security/jsse/JSSERefGuide.html#Introduction

                    So my question is - does the JSSE implement the
                Ciphers or
                    Algorithms that are used for a successful SSL
                handshake , server
                    authentication, data integrity & data confidentiality
                    (Application data encryption).

                    Example of cipher suites -
                *TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
                    or **TLS_DHE_RSA_WITH_AES_128_GCM_SHA256*
                    *
                    *
                    So is the coding of the above ciphers have been done
                in the JSSE
                    library?

                    Thanks
                    Ayaskant
                    Bangalore





Reply via email to