[EXTERNAL]Re: Use of OpenSSL as JCE security provider if available on system

John Gray John.Gray at entrustdatacard.com
Mon Apr 15 18:12:34 UTC 2019 

Our Entrust Authority Security Toolkit for the Java platform also contains a FIPS 140-2 certified provider, and we add pluggable crypto ability to provide FIPS 140-2 crypto using the TLS protocol available in the JVM (when our FIPS 140-2 certified provider is being used).

Cheers,

John Gray
Entrust Datacard
 
-----Original Message-----
From: security-dev [mailto:security-dev-bounces at openjdk.java.net] On Behalf Of coderaptor
Sent: Friday, April 12, 2019 1:15 PM
To: Simone Bordet <simone.bordet at gmail.com>
Cc: OpenJDK Dev list <security-dev at openjdk.java.net>
Subject: [EXTERNAL]Re: Use of OpenSSL as JCE security provider if available on system

WARNING: This email originated outside of Entrust Datacard.
DO NOT CLICK links or attachments unless you trust the sender and know the content is safe.

I may be off-mark here (since I did not go over the mail thread with a fine comb), but one possible use is to satisfy cases where FIPS 140-2 validated library is a requirement. Currently, there are very few options in the market (BouncyCastle is FIPS 140-2, RSA BSAFE has exited), so the ability to use OpenSSL as a JCE provided would be immensely beneficial.

Thanks.

-ag

On Thu, Mar 21, 2019 at 8:43 AM Simone Bordet <simone.bordet at gmail.com> wrote:
>
> Hi,
>
> On Thu, Mar 21, 2019 at 3:43 PM Sean Mullan <sean.mullan at oracle.com> wrote:
> > But, if we want to explore this further, I think it first makes 
> > sense to take a step back and focus more on what benefits an OpenSSL 
> > provider or "native bridge" would provide.
>
> Benchmarked 3x-10x performance improvements.
> https://nbsoftsolutions.com/blog/dropwizard-1-3-upcoming-tls-improveme
> nts
>
> I guess the memory allocation/footprint has similar improvements, with 
> the JDK insisting at requiring ~17 KiB buffers to read HTTP requests 
> in the order of <1 KiB.
>
> --
> Simone Bordet
> ---
> Finally, no matter how good the architecture and design are, to 
> deliver bug-free software with optimal performance and reliability,
> the implementation technique must be flawless.   Victoria Livschitz

More information about the security-dev mailing list