Query - Does JSSE library implement the Ciphers or Algorithms of a SSL protocol ?

Ayaskant Swain ayaskant.swain at gmail.com
Thu Jun 2 14:55:39 UTC 2016 

Thanks a lot Brad !

You have nailed it & I was looking for this answer only :-).

So is *jsse.jar* the default security provider for Java? Can you also give
some examples of other security providers?

Is it the security providers who actually implement the underlying Ciphers
or crytographic Algorithms?

Thanks
Ayas

On Thu, Jun 2, 2016 at 12:13 AM, Bradford Wetmore <
bradford.wetmore at oracle.com> wrote:

> Hopefully this makes it clear.
>
> For JSSE, javax.net/javax.net.ssl (in rt.jar) contains the APIs which
> call into JSSE providers.  sun.security.ssl (contained in jsse.jar) is one
> such provider.  The JSSE implementation contains routines specific to TLS,
> but eventually calls into JCA/JCE for specific crypto algorithms (e.g.
> RSA/AES/SHA/DH/ECDH/etc).  The JCA/JCE framework consults its list of
> installed providers, and finds the first available implementation of
> whatever is needed.  If it can't find something, that ciphersuite has to be
> disabled.
>
> Going back to the followup question, on JDK 6, if JCA/JCE can't find a
> registered ECC provider, then it must disable the ECC-based suites.  As
> Sean said, Solaris has ECC through PKCS11, so OOTB ECC-based suites should
> work on JDK 6 if you're on Solaris.  If on something else, you need to
> install an ECC provider to get ECC-based suite.
>
> Brad
>
>
>
>
> On 6/1/2016 1:06 AM, Ayaskant Swain wrote:
>
>> Hi All,
>>
>> My question was not specific to those two cipher suites that I had
>> pasted in my query. I had just pasted them as examples. Rather my
>> question was generic.
>>
>> I want to know which library or packages in JDK implement the
>> Algorithms/Ciphers that are used for SSL communication?
>>
>> If java provides the implementation of those cryptographic Algos through
>> the *java.security , java.net.ssl & javax.crypto* packages then what is
>> the role of the *jsse.jar* library that ships in as part of the
>> *JAVA_HOME/ jre/lib* directory?
>>
>> I could clearly see the *jsse.jar *has classes like *Handshaker.class,
>> SSLContextImpl.class, HandShakeMessage.class* inside the
>> sun.security.ssl package which do the actual SSL Handshake. There are
>> many more classes inside this package.
>>
>> So wanted clarification on this.
>>
>> Thanks
>> Ayas
>>
>> On Wed, Jun 1, 2016 at 1:22 PM, Seán Coffey <sean.coffey at oracle.com
>> <mailto:sean.coffey at oracle.com>> wrote:
>>
>>
>>     On 01/06/2016 03:42, Jim Manico wrote:
>>
>>>
>>>     I think this is the right answer.
>>>
>>>     From
>>>
>>> https://stackoverflow.com/questions/27323858/java-6-ecdhe-cipher-suite-support
>>>
>>>     The SSL/TLS implementation "JSSE" in Java 1.6 and later supports
>>>     ECDHE suites *IF there is an available (JCE) provider* for needed
>>>     ECC primitives. *Java 1.6 OOTB does NOT* include such an ECC
>>>     provider, but you can add one. *Java 7 and 8 do* include SunECC
>>>     provider.
>>>
>>>     I don't believe Ayaskant's query was specific to ECC. In any case,
>>     the above answer isn't accurate. ECC support is available OOTB in JDK
>>     6 for Solaris. It's provided via the SunPKCS11 provider. SunEC
>>     provider was added in JDK 7:
>>
>> http://docs.oracle.com/javase/7/docs/technotes/guides/security/SunProviders.html#SunEC
>>
>>     regards,
>>     Sean.
>>
>>>
>>>     - Jim
>>>
>>>
>>>     On 5/29/16 8:02 PM, Ayaskant Swain wrote:
>>>
>>>>     Hi,
>>>>
>>>>     Can anyone please help me know about this - Does JSSE library
>>>>     implement the Ciphers or Algorithms of a SSL protocol ? I see the
>>>>     jsse.jar library shipped with the JDK. I read the the Oracle
>>>>     document about JSSE
>>>>     - <
>>>> http://docs.oracle.com/javase/8/docs/technotes/guides/security/jsse/JSSERefGuide.html#Introduction
>>>> >
>>>> http://docs.oracle.com/javase/8/docs/technotes/guides/security/jsse/JSSERefGuide.html#Introduction
>>>>
>>>>     So my question is - does the JSSE implement the Ciphers or
>>>>     Algorithms that are used for a successful SSL handshake , server
>>>>     authentication, data integrity & data confidentiality
>>>>     (Application data encryption).
>>>>
>>>>     Example of cipher suites - *TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
>>>>     or **TLS_DHE_RSA_WITH_AES_128_GCM_SHA256*
>>>>     *
>>>>     *
>>>>     So is the coding of the above ciphers have been done in the JSSE
>>>>     library?
>>>>
>>>>     Thanks
>>>>     Ayaskant
>>>>     Bangalore
>>>>
>>>
>>>
>>
>>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://mail.openjdk.org/pipermail/security-dev/attachments/20160602/ed7e9cde/attachment.htm>

More information about the security-dev mailing list