<div dir="ltr">Thanks a lot Brad ! <div><br></div><div>You have nailed it & I was looking for this answer only :-).<div><br></div><div>So is <b>jsse.jar</b> the default security provider for Java? Can you also give some examples of other security providers?</div><div><br></div><div>Is it the security providers who actually implement the underlying Ciphers or crytographic Algorithms?</div><div><br></div><div>Thanks</div><div>Ayas</div></div></div><div class="gmail_extra"><br><div class="gmail_quote">On Thu, Jun 2, 2016 at 12:13 AM, Bradford Wetmore <span dir="ltr"><<a href="mailto:bradford.wetmore@oracle.com" target="_blank">bradford.wetmore@oracle.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">Hopefully this makes it clear.<br>
<br>
For JSSE, <a href="http://javax.net/javax.net.ssl" rel="noreferrer" target="_blank">javax.net/javax.net.ssl</a> (in rt.jar) contains the APIs which call into JSSE providers. sun.security.ssl (contained in jsse.jar) is one such provider. The JSSE implementation contains routines specific to TLS, but eventually calls into JCA/JCE for specific crypto algorithms (e.g. RSA/AES/SHA/DH/ECDH/etc). The JCA/JCE framework consults its list of installed providers, and finds the first available implementation of whatever is needed. If it can't find something, that ciphersuite has to be disabled.<br>
<br>
Going back to the followup question, on JDK 6, if JCA/JCE can't find a registered ECC provider, then it must disable the ECC-based suites. As Sean said, Solaris has ECC through PKCS11, so OOTB ECC-based suites should work on JDK 6 if you're on Solaris. If on something else, you need to install an ECC provider to get ECC-based suite.<br>
<br>
Brad<span class=""><br>
<br>
<br>
<br>
<br>
On 6/1/2016 1:06 AM, Ayaskant Swain wrote:<br>
</span><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><span class="">
Hi All,<br>
<br>
My question was not specific to those two cipher suites that I had<br>
pasted in my query. I had just pasted them as examples. Rather my<br>
question was generic.<br>
<br>
I want to know which library or packages in JDK implement the<br>
Algorithms/Ciphers that are used for SSL communication?<br>
<br>
If java provides the implementation of those cryptographic Algos through<br></span>
the *java.security , java.net.ssl & javax.crypto* packages then what is<br>
the role of the *jsse.jar* library that ships in as part of the<br>
*JAVA_HOME/ jre/lib* directory?<br>
<br>
I could clearly see the *jsse.jar *has classes like *Handshaker.class,<br>
SSLContextImpl.class, HandShakeMessage.class* inside the<span class=""><br>
sun.security.ssl package which do the actual SSL Handshake. There are<br>
many more classes inside this package.<br>
<br>
So wanted clarification on this.<br>
<br>
Thanks<br>
Ayas<br>
<br>
On Wed, Jun 1, 2016 at 1:22 PM, Seán Coffey <<a href="mailto:sean.coffey@oracle.com" target="_blank">sean.coffey@oracle.com</a><br></span><span class="">
<mailto:<a href="mailto:sean.coffey@oracle.com" target="_blank">sean.coffey@oracle.com</a>>> wrote:<br>
<br>
<br>
On 01/06/2016 03:42, Jim Manico wrote:<br>
</span><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><span class="">
<br>
I think this is the right answer.<br>
<br>
From<br>
<a href="https://stackoverflow.com/questions/27323858/java-6-ecdhe-cipher-suite-support" rel="noreferrer" target="_blank">https://stackoverflow.com/questions/27323858/java-6-ecdhe-cipher-suite-support</a><br>
<br>
The SSL/TLS implementation "JSSE" in Java 1.6 and later supports<br></span>
ECDHE suites *IF there is an available (JCE) provider* for needed<br>
ECC primitives. *Java 1.6 OOTB does NOT* include such an ECC<br>
provider, but you can add one. *Java 7 and 8 do* include SunECC<br>
provider.<br>
<br>
</blockquote><span class="">
I don't believe Ayaskant's query was specific to ECC. In any case,<br>
the above answer isn't accurate. ECC support is available OOTB in JDK<br>
6 for Solaris. It's provided via the SunPKCS11 provider. SunEC<br>
provider was added in JDK 7:<br>
<a href="http://docs.oracle.com/javase/7/docs/technotes/guides/security/SunProviders.html#SunEC" rel="noreferrer" target="_blank">http://docs.oracle.com/javase/7/docs/technotes/guides/security/SunProviders.html#SunEC</a><br>
<br>
regards,<br>
Sean.<br>
</span><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><span class="">
<br>
- Jim<br>
<br>
<br>
On 5/29/16 8:02 PM, Ayaskant Swain wrote:<br>
</span><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><span class="">
Hi,<br>
<br>
Can anyone please help me know about this - Does JSSE library<br>
implement the Ciphers or Algorithms of a SSL protocol ? I see the<br>
jsse.jar library shipped with the JDK. I read the the Oracle<br>
document about JSSE<br></span>
- <<a href="http://docs.oracle.com/javase/8/docs/technotes/guides/security/jsse/JSSERefGuide.html#Introduction" rel="noreferrer" target="_blank">http://docs.oracle.com/javase/8/docs/technotes/guides/security/jsse/JSSERefGuide.html#Introduction</a>><a href="http://docs.oracle.com/javase/8/docs/technotes/guides/security/jsse/JSSERefGuide.html#Introduction" rel="noreferrer" target="_blank">http://docs.oracle.com/javase/8/docs/technotes/guides/security/jsse/JSSERefGuide.html#Introduction</a><span class=""><br>
<br>
So my question is - does the JSSE implement the Ciphers or<br>
Algorithms that are used for a successful SSL handshake , server<br>
authentication, data integrity & data confidentiality<br>
(Application data encryption).<br>
<br></span><span class="">
Example of cipher suites - *TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256<br>
or **TLS_DHE_RSA_WITH_AES_128_GCM_SHA256*<br>
*<br>
*<br></span><span class="">
So is the coding of the above ciphers have been done in the JSSE<br>
library?<br>
<br>
Thanks<br>
Ayaskant<br>
Bangalore<br>
</span></blockquote>
<br>
</blockquote>
<br>
<br>
</blockquote>
</blockquote></div><br></div>