Query - Does JSSE library implement the Ciphers or Algorithms of a SSL protocol ?

Bradford Wetmore bradford.wetmore at oracle.com
Thu Jun 2 17:36:29 UTC 2016 

 > So is *jsse.jar* the default security provider for Java? Can you also
 > give some examples of other security providers?
 >
 > Is it the security providers who actually implement the underlying
 > Ciphers or crytographic Algorithms?

There are many Oracle providers that provide different algorithms.

I think you may not have grasped the Provider-based mechanism yet. 
Please see the documentation:

     http://docs.oracle.com/javase/8/docs/technotes/guides/security/

Specifically:

     Java Cryptography Architecture (JCA) Reference Guide
         specifically the "Cryptographic Service Providers" section.
     Standard Algorithm Names
     Oracle Providers

Brad



>
> Thanks
> Ayas
>
> On Thu, Jun 2, 2016 at 12:13 AM, Bradford Wetmore
> <bradford.wetmore at oracle.com <mailto:bradford.wetmore at oracle.com>> wrote:
>
>     Hopefully this makes it clear.
>
>     For JSSE, javax.net/javax.net.ssl <http://javax.net/javax.net.ssl>
>     (in rt.jar) contains the APIs which call into JSSE providers.
>     sun.security.ssl (contained in jsse.jar) is one such provider.  The
>     JSSE implementation contains routines specific to TLS, but
>     eventually calls into JCA/JCE for specific crypto algorithms (e.g.
>     RSA/AES/SHA/DH/ECDH/etc).  The JCA/JCE framework consults its list
>     of installed providers, and finds the first available implementation
>     of whatever is needed.  If it can't find something, that ciphersuite
>     has to be disabled.
>
>     Going back to the followup question, on JDK 6, if JCA/JCE can't find
>     a registered ECC provider, then it must disable the ECC-based
>     suites.  As Sean said, Solaris has ECC through PKCS11, so OOTB
>     ECC-based suites should work on JDK 6 if you're on Solaris.  If on
>     something else, you need to install an ECC provider to get ECC-based
>     suite.
>
>     Brad
>
>
>
>
>     On 6/1/2016 1:06 AM, Ayaskant Swain wrote:
>
>         Hi All,
>
>         My question was not specific to those two cipher suites that I had
>         pasted in my query. I had just pasted them as examples. Rather my
>         question was generic.
>
>         I want to know which library or packages in JDK implement the
>         Algorithms/Ciphers that are used for SSL communication?
>
>         If java provides the implementation of those cryptographic Algos
>         through
>         the *java.security , java.net.ssl & javax.crypto* packages then
>         what is
>         the role of the *jsse.jar* library that ships in as part of the
>         *JAVA_HOME/ jre/lib* directory?
>
>         I could clearly see the *jsse.jar *has classes like
>         *Handshaker.class,
>         SSLContextImpl.class, HandShakeMessage.class* inside the
>         sun.security.ssl package which do the actual SSL Handshake.
>         There are
>         many more classes inside this package.
>
>         So wanted clarification on this.
>
>         Thanks
>         Ayas
>
>         On Wed, Jun 1, 2016 at 1:22 PM, Seán Coffey
>         <sean.coffey at oracle.com <mailto:sean.coffey at oracle.com>
>         <mailto:sean.coffey at oracle.com <mailto:sean.coffey at oracle.com>>>
>         wrote:
>
>
>             On 01/06/2016 03:42, Jim Manico wrote:
>
>
>                 I think this is the right answer.
>
>                 From
>
>             https://stackoverflow.com/questions/27323858/java-6-ecdhe-cipher-suite-support
>
>                 The SSL/TLS implementation "JSSE" in Java 1.6 and later
>             supports
>                 ECDHE suites *IF there is an available (JCE) provider*
>             for needed
>                 ECC primitives. *Java 1.6 OOTB does NOT* include such an ECC
>                 provider, but you can add one. *Java 7 and 8 do* include
>             SunECC
>                 provider.
>
>             I don't believe Ayaskant's query was specific to ECC. In any
>         case,
>             the above answer isn't accurate. ECC support is available
>         OOTB in JDK
>             6 for Solaris. It's provided via the SunPKCS11 provider. SunEC
>             provider was added in JDK 7:
>
>         http://docs.oracle.com/javase/7/docs/technotes/guides/security/SunProviders.html#SunEC
>
>             regards,
>             Sean.
>
>
>                 - Jim
>
>
>                 On 5/29/16 8:02 PM, Ayaskant Swain wrote:
>
>                     Hi,
>
>                     Can anyone please help me know about this - Does
>                 JSSE library
>                     implement the Ciphers or Algorithms of a SSL
>                 protocol ? I see the
>                     jsse.jar library shipped with the JDK. I read the
>                 the Oracle
>                     document about JSSE
>                     -
>                 <http://docs.oracle.com/javase/8/docs/technotes/guides/security/jsse/JSSERefGuide.html#Introduction>http://docs.oracle.com/javase/8/docs/technotes/guides/security/jsse/JSSERefGuide.html#Introduction
>
>                     So my question is - does the JSSE implement the
>                 Ciphers or
>                     Algorithms that are used for a successful SSL
>                 handshake , server
>                     authentication, data integrity & data confidentiality
>                     (Application data encryption).
>
>                     Example of cipher suites -
>                 *TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
>                     or **TLS_DHE_RSA_WITH_AES_128_GCM_SHA256*
>                     *
>                     *
>                     So is the coding of the above ciphers have been done
>                 in the JSSE
>                     library?
>
>                     Thanks
>                     Ayaskant
>                     Bangalore
>
>
>
>
>

More information about the security-dev mailing list