Query - Does JSSE library implement the Ciphers or Algorithms of a SSL protocol ?
Bradford Wetmore
bradford.wetmore at oracle.com
Thu Jun 2 17:36:29 UTC 2016
> So is *jsse.jar* the default security provider for Java? Can you also
> give some examples of other security providers?
>
> Is it the security providers who actually implement the underlying
> Ciphers or crytographic Algorithms?
There are many Oracle providers that provide different algorithms.
I think you may not have grasped the Provider-based mechanism yet.
Please see the documentation:
http://docs.oracle.com/javase/8/docs/technotes/guides/security/
Specifically:
Java Cryptography Architecture (JCA) Reference Guide
specifically the "Cryptographic Service Providers" section.
Standard Algorithm Names
Oracle Providers
Brad
>
> Thanks
> Ayas
>
> On Thu, Jun 2, 2016 at 12:13 AM, Bradford Wetmore
> <bradford.wetmore at oracle.com <mailto:bradford.wetmore at oracle.com>> wrote:
>
> Hopefully this makes it clear.
>
> For JSSE, javax.net/javax.net.ssl <http://javax.net/javax.net.ssl>
> (in rt.jar) contains the APIs which call into JSSE providers.
> sun.security.ssl (contained in jsse.jar) is one such provider. The
> JSSE implementation contains routines specific to TLS, but
> eventually calls into JCA/JCE for specific crypto algorithms (e.g.
> RSA/AES/SHA/DH/ECDH/etc). The JCA/JCE framework consults its list
> of installed providers, and finds the first available implementation
> of whatever is needed. If it can't find something, that ciphersuite
> has to be disabled.
>
> Going back to the followup question, on JDK 6, if JCA/JCE can't find
> a registered ECC provider, then it must disable the ECC-based
> suites. As Sean said, Solaris has ECC through PKCS11, so OOTB
> ECC-based suites should work on JDK 6 if you're on Solaris. If on
> something else, you need to install an ECC provider to get ECC-based
> suite.
>
> Brad
>
>
>
>
> On 6/1/2016 1:06 AM, Ayaskant Swain wrote:
>
> Hi All,
>
> My question was not specific to those two cipher suites that I had
> pasted in my query. I had just pasted them as examples. Rather my
> question was generic.
>
> I want to know which library or packages in JDK implement the
> Algorithms/Ciphers that are used for SSL communication?
>
> If java provides the implementation of those cryptographic Algos
> through
> the *java.security , java.net.ssl & javax.crypto* packages then
> what is
> the role of the *jsse.jar* library that ships in as part of the
> *JAVA_HOME/ jre/lib* directory?
>
> I could clearly see the *jsse.jar *has classes like
> *Handshaker.class,
> SSLContextImpl.class, HandShakeMessage.class* inside the
> sun.security.ssl package which do the actual SSL Handshake.
> There are
> many more classes inside this package.
>
> So wanted clarification on this.
>
> Thanks
> Ayas
>
> On Wed, Jun 1, 2016 at 1:22 PM, Seán Coffey
> <sean.coffey at oracle.com <mailto:sean.coffey at oracle.com>
> <mailto:sean.coffey at oracle.com <mailto:sean.coffey at oracle.com>>>
> wrote:
>
>
> On 01/06/2016 03:42, Jim Manico wrote:
>
>
> I think this is the right answer.
>
> From
>
> https://stackoverflow.com/questions/27323858/java-6-ecdhe-cipher-suite-support
>
> The SSL/TLS implementation "JSSE" in Java 1.6 and later
> supports
> ECDHE suites *IF there is an available (JCE) provider*
> for needed
> ECC primitives. *Java 1.6 OOTB does NOT* include such an ECC
> provider, but you can add one. *Java 7 and 8 do* include
> SunECC
> provider.
>
> I don't believe Ayaskant's query was specific to ECC. In any
> case,
> the above answer isn't accurate. ECC support is available
> OOTB in JDK
> 6 for Solaris. It's provided via the SunPKCS11 provider. SunEC
> provider was added in JDK 7:
>
> http://docs.oracle.com/javase/7/docs/technotes/guides/security/SunProviders.html#SunEC
>
> regards,
> Sean.
>
>
> - Jim
>
>
> On 5/29/16 8:02 PM, Ayaskant Swain wrote:
>
> Hi,
>
> Can anyone please help me know about this - Does
> JSSE library
> implement the Ciphers or Algorithms of a SSL
> protocol ? I see the
> jsse.jar library shipped with the JDK. I read the
> the Oracle
> document about JSSE
> -
> <http://docs.oracle.com/javase/8/docs/technotes/guides/security/jsse/JSSERefGuide.html#Introduction>http://docs.oracle.com/javase/8/docs/technotes/guides/security/jsse/JSSERefGuide.html#Introduction
>
> So my question is - does the JSSE implement the
> Ciphers or
> Algorithms that are used for a successful SSL
> handshake , server
> authentication, data integrity & data confidentiality
> (Application data encryption).
>
> Example of cipher suites -
> *TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
> or **TLS_DHE_RSA_WITH_AES_128_GCM_SHA256*
> *
> *
> So is the coding of the above ciphers have been done
> in the JSSE
> library?
>
> Thanks
> Ayaskant
> Bangalore
>
>
>
>
>
More information about the security-dev
mailing list