Martin, > 1) Is this integrated to the JCE crypto providers framework or does it work separately? No, this is not currently integrated into the JCE crypto providers framework. The implementation we currently have integrates into the existing JCE providers and it defaults to using the OpenSSL libraries, if they are found and can be used, otherwise it drops back to the existing implementation provided with the JDK. As I stated previously the entire use of the the OpenSSL library can be enabled / disabled as well as the use of specific OpenSSL algorithms using java runtime options.
> 2) Which algorithms are under scope? The OpenSSL algorithms we have currently done this work for are RSA, CMC, GCM and Digest. Thanks Steve Groeger IBM Runtime Technologies Hursley, Winchester Tel: (44) 1962 816911 Mobex: 279990 Mobile: 07718 517 129 Fax (44) 1962 816800 Lotus Notes: Steve Groeger/UK/IBM Internet: groe...@uk.ibm.com Unless stated otherwise above: IBM United Kingdom Limited - Registered in England and Wales with number 741598. Registered office: PO Box 41, North Harbour, Portsmouth, Hampshire PO6 3AU From: Martin Balao <mba...@redhat.com> To: security-dev@openjdk.java.net Date: 15/03/2019 13:35 Subject: Re: Use of OpenSSL as JCE security provider if available on system Sent by: "security-dev" <security-dev-boun...@openjdk.java.net> Hi Steve, This looks interesting. I have a couple of questions: 1) Is this integrated to the JCE crypto providers framework or does it work separately? The properties "jdk.nativeCrypto" and "jdk.nativeDigest" made me think it's not. 2) Which algorithms are under scope? Kind regards, Martin.- Unless stated otherwise above: IBM United Kingdom Limited - Registered in England and Wales with number 741598. Registered office: PO Box 41, North Harbour, Portsmouth, Hampshire PO6 3AU