Use of OpenSSL as JCE security provider if available on system

[coderaptor]

I may be off-mark here (since I did not go over the mail thread with a
fine comb), but one possible use is to satisfy cases where FIPS 140-2
validated library is a requirement. Currently, there are very few
options in the market (BouncyCastle is FIPS 140-2, RSA BSAFE has
exited), so the ability to use OpenSSL as a JCE provided would be
immensely beneficial.

Thanks.

-ag

On Thu, Mar 21, 2019 at 8:43 AM Simone Bordet <simone.bordet at gmail.com> wrote:
>
> Hi,
>
> On Thu, Mar 21, 2019 at 3:43 PM Sean Mullan <sean.mullan at oracle.com> wrote:
> > But, if we want to explore this further, I think it first makes sense to
> > take a step back and focus more on what benefits an OpenSSL provider or
> > "native bridge" would provide.
>
> Benchmarked 3x-10x performance improvements.
> https://nbsoftsolutions.com/blog/dropwizard-1-3-upcoming-tls-improvements
>
> I guess the memory allocation/footprint has similar improvements, with
> the JDK insisting at requiring ~17 KiB buffers to read HTTP requests
> in the order of <1 KiB.
>
> --
> Simone Bordet
> ---
> Finally, no matter how good the architecture and design are,
> to deliver bug-free software with optimal performance and reliability,
> the implementation technique must be flawless.   Victoria Livschitz