Query - Does JSSE library implement the Ciphers or Algorithms of a SSL protocol ?

Ayaskant Swain ayaskant.swain at gmail.com
Wed Jun 1 08:30:13 UTC 2016


Thank you Sean. :-)

I will try it out.

Ayas

On Wed, Jun 1, 2016 at 1:50 PM, Seán Coffey <sean.coffey at oracle.com> wrote:

> The JDK pulls crypto operations from different providers to complete
> operations (like TLS handshakes). The jsse.jar file is primarily tasked
> with handling TLS operations but will call into other providers (jars)
> where necessary. That's all controlled by the security provider framework.
>
> If you're interested in seeing exactly what providers are in use, you can
> use the -Djava.security.debug=provider property. It'll print that
> information in verbose detail. That extra output is available in 7u80, 8u40
> and later JDKs :  https://bugs.openjdk.java.net/browse/JDK-8056026
>
> Regards,
> Sean.
>
> On 01/06/2016 09:06, Ayaskant Swain wrote:
>
> Hi All,
>
> My question was not specific to those two cipher suites that I had pasted
> in my query. I had just pasted them as examples. Rather my question was
> generic.
>
> I want to know which library or packages in JDK implement the
> Algorithms/Ciphers that are used for SSL communication?
>
> If java provides the implementation of those cryptographic Algos through
> the *java.security , java.net.ssl & javax.crypto* packages then what is
> the role of the *jsse.jar* library that ships in as part of the *JAVA_HOME/
> jre/lib* directory?
>
> I could clearly see the *jsse.jar *has classes like *Handshaker.class,
> SSLContextImpl.class, HandShakeMessage.class* inside the sun.security.ssl
> package which do the actual SSL Handshake. There are many more classes
> inside this package.
>
> So wanted clarification on this.
>
> Thanks
> Ayas
>
> On Wed, Jun 1, 2016 at 1:22 PM, Seán Coffey <sean.coffey at oracle.com>
> wrote:
>
>>
>> On 01/06/2016 03:42, Jim Manico wrote:
>>
>> I think this is the right answer.
>>
>> From
>> https://stackoverflow.com/questions/27323858/java-6-ecdhe-cipher-suite-support
>>
>> The SSL/TLS implementation "JSSE" in Java 1.6 and later supports ECDHE
>> suites *IF there is an available (JCE) provider* for needed ECC
>> primitives. *Java 1.6 OOTB does NOT* include such an ECC provider, but
>> you can add one. *Java 7 and 8 do* include SunECC provider.
>>
>> I don't believe Ayaskant's query was specific to ECC. In any case, the
>> above answer isn't accurate. ECC support is available OOTB in JDK
>> 6 for Solaris. It's provided via the SunPKCS11 provider. SunEC provider
>> was added in JDK 7:
>>
>> http://docs.oracle.com/javase/7/docs/technotes/guides/security/SunProviders.html#SunEC
>>
>> regards,
>> Sean.
>>
>> - Jim
>>
>> On 5/29/16 8:02 PM, Ayaskant Swain wrote:
>>
>> Hi,
>>
>> Can anyone please help me know about this - Does JSSE library implement
>> the Ciphers or Algorithms of a SSL protocol ? I see the jsse.jar library
>> shipped with the JDK. I read the the Oracle document about JSSE -
>> <http://docs.oracle.com/javase/8/docs/technotes/guides/security/jsse/JSSERefGuide.html#Introduction>
>> http://docs.oracle.com/javase/8/docs/technotes/guides/security/jsse/JSSERefGuide.html#Introduction
>>
>> So my question is - does the JSSE implement the Ciphers or Algorithms
>> that are used for a successful SSL handshake , server authentication, data
>> integrity & data confidentiality (Application data encryption).
>>
>> Example of cipher suites - *TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 or *
>> *TLS_DHE_RSA_WITH_AES_128_GCM_SHA256*
>>
>> So is the coding of the above ciphers have been done in the JSSE library?
>>
>> Thanks
>> Ayaskant
>> Bangalore
>>
>>
>>
>>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.openjdk.java.net/pipermail/security-dev/attachments/20160601/80548c1a/attachment.html>


More information about the security-dev mailing list