Hi, I have gone through the mailing list archives, but I haven't found anything definitive on how to go about replacing the JCE provider for Tomcat's version of JSSE. My project requires that extremely large keys be used for SSL, beyond the size that is supported by the Sun implementation (I need 4096bit RSA keys), and I haven't had any luck getting Cryptix to play nicely with Tomcat. I've turned on JSSE debugging, but I don't understand the results that I am seeing: using Cryptix breaks my ability to establish client authenticated SSL connections.
With my normal setup, I see the following messages at the end of the SSL handshake in catalina.out: HttpProcessor[8443][4], READ: TLSv1 Handshake, length = 134 JsseJCE: Using JSSE internal implementation for cipher RSA/ECB/PKCS1Padding RSA PreMasterSecret version: TLSv1 ... If I add Cryptix as my primary provider in my java.security file, and update my classpaths appropriately (but leave everything else the same, including client certificates), I get: HttpProcessor[8443][4], READ: TLSv1 Handshake, length = 134 JsseJCE: Using JSSE internal implementation for cipher RSA/ECB/PKCS1Padding RSA PreMasterSecret version: TLSv1 ... I have written a small test program that demonstrates that the Cryptix libraries are working properly (it encrypts and then decrypts a string), and I have verified that the Cryptix provider is being activated by varying the key length to values greater than 2048. I am unsure if this is a JSSE problem or a tomcat problem, but I was hoping that someone on this list might be able to offer me some guidance in finding the root of the issue. If you have any suggestions, please let me know! Thanks, Mike --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]