> So is *jsse.jar* the default security provider for Java? Can you also
> give some examples of other security providers?
>
> Is it the security providers who actually implement the underlying
> Ciphers or crytographic Algorithms?
There are many Oracle providers that provide different algorithms.
I think you may not have grasped the Provider-based mechanism yet.
Please see the documentation:
http://docs.oracle.com/javase/8/docs/technotes/guides/security/
Specifically:
Java Cryptography Architecture (JCA) Reference Guide
specifically the "Cryptographic Service Providers" section.
Standard Algorithm Names
Oracle Providers
Brad
Thanks
Ayas
On Thu, Jun 2, 2016 at 12:13 AM, Bradford Wetmore
<bradford.wetm...@oracle.com <mailto:bradford.wetm...@oracle.com>> wrote:
Hopefully this makes it clear.
For JSSE, javax.net/javax.net.ssl <http://javax.net/javax.net.ssl>
(in rt.jar) contains the APIs which call into JSSE providers.
sun.security.ssl (contained in jsse.jar) is one such provider. The
JSSE implementation contains routines specific to TLS, but
eventually calls into JCA/JCE for specific crypto algorithms (e.g.
RSA/AES/SHA/DH/ECDH/etc). The JCA/JCE framework consults its list
of installed providers, and finds the first available implementation
of whatever is needed. If it can't find something, that ciphersuite
has to be disabled.
Going back to the followup question, on JDK 6, if JCA/JCE can't find
a registered ECC provider, then it must disable the ECC-based
suites. As Sean said, Solaris has ECC through PKCS11, so OOTB
ECC-based suites should work on JDK 6 if you're on Solaris. If on
something else, you need to install an ECC provider to get ECC-based
suite.
Brad
On 6/1/2016 1:06 AM, Ayaskant Swain wrote:
Hi All,
My question was not specific to those two cipher suites that I had
pasted in my query. I had just pasted them as examples. Rather my
question was generic.
I want to know which library or packages in JDK implement the
Algorithms/Ciphers that are used for SSL communication?
If java provides the implementation of those cryptographic Algos
through
the *java.security , java.net.ssl & javax.crypto* packages then
what is
the role of the *jsse.jar* library that ships in as part of the
*JAVA_HOME/ jre/lib* directory?
I could clearly see the *jsse.jar *has classes like
*Handshaker.class,
SSLContextImpl.class, HandShakeMessage.class* inside the
sun.security.ssl package which do the actual SSL Handshake.
There are
many more classes inside this package.
So wanted clarification on this.
Thanks
Ayas
On Wed, Jun 1, 2016 at 1:22 PM, Seán Coffey
<sean.cof...@oracle.com <mailto:sean.cof...@oracle.com>
<mailto:sean.cof...@oracle.com <mailto:sean.cof...@oracle.com>>>
wrote:
On 01/06/2016 03:42, Jim Manico wrote:
I think this is the right answer.
From
https://stackoverflow.com/questions/27323858/java-6-ecdhe-cipher-suite-support
The SSL/TLS implementation "JSSE" in Java 1.6 and later
supports
ECDHE suites *IF there is an available (JCE) provider*
for needed
ECC primitives. *Java 1.6 OOTB does NOT* include such an ECC
provider, but you can add one. *Java 7 and 8 do* include
SunECC
provider.
I don't believe Ayaskant's query was specific to ECC. In any
case,
the above answer isn't accurate. ECC support is available
OOTB in JDK
6 for Solaris. It's provided via the SunPKCS11 provider. SunEC
provider was added in JDK 7:
http://docs.oracle.com/javase/7/docs/technotes/guides/security/SunProviders.html#SunEC
regards,
Sean.
- Jim
On 5/29/16 8:02 PM, Ayaskant Swain wrote:
Hi,
Can anyone please help me know about this - Does
JSSE library
implement the Ciphers or Algorithms of a SSL
protocol ? I see the
jsse.jar library shipped with the JDK. I read the
the Oracle
document about JSSE
-
<http://docs.oracle.com/javase/8/docs/technotes/guides/security/jsse/JSSERefGuide.html#Introduction>http://docs.oracle.com/javase/8/docs/technotes/guides/security/jsse/JSSERefGuide.html#Introduction
So my question is - does the JSSE implement the
Ciphers or
Algorithms that are used for a successful SSL
handshake , server
authentication, data integrity & data confidentiality
(Application data encryption).
Example of cipher suites -
*TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
or **TLS_DHE_RSA_WITH_AES_128_GCM_SHA256*
*
*
So is the coding of the above ciphers have been done
in the JSSE
library?
Thanks
Ayaskant
Bangalore