<div dir="ltr">Hi Brad,<div><br></div><div>Thanks for sending me the link. I had just started going through the JCA document but did not finish reading the doc when i asked my original question :-). I will go through these docs in detail.</div><div><br></div><div>I saw this line <b>"<span style="color:rgb(0,0,0);font-family:Arial,Helvetica,FreeSans,Luxi-sans,'Nimbus Sans L',sans-serif;font-size:12px;line-height:18px">Cryptographic implementations in the JDK are distributed through several different providers ("Sun", "SunJSSE", "SunJCE", "SunRsaSign")</span></b><span style="color:rgb(0,0,0);font-family:Arial,Helvetica,FreeSans,Luxi-sans,'Nimbus Sans L',sans-serif;font-size:12px;line-height:18px"><b> </b>" in this doc - <a href="http://docs.oracle.com/javase/8/docs/technotes/guides/security/SunProviders.html">http://docs.oracle.com/javase/8/docs/technotes/guides/security/SunProviders.html</a>. This is a good piece of information.</span></div><div><br></div><div>So, now i am able to understand the JCA mechanism better now.</div><div><br></div><div>Thanks all for your replies.</div><div><br></div><div>I am now done with my queries.</div><div><br></div><div>Ayaskant</div><div><br></div></div><div class="gmail_extra"><br><div class="gmail_quote">On Thu, Jun 2, 2016 at 11:06 PM, Bradford Wetmore <span dir="ltr"><<a href="mailto:bradford.wetmore@oracle.com" target="_blank">bradford.wetmore@oracle.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">> So is *jsse.jar* the default security provider for Java? Can you also<br>
> give some examples of other security providers?<br>
><br>
> Is it the security providers who actually implement the underlying<br>
> Ciphers or crytographic Algorithms?<br>
<br>
There are many Oracle providers that provide different algorithms.<br>
<br>
I think you may not have grasped the Provider-based mechanism yet. Please see the documentation:<br>
<br>
<a href="http://docs.oracle.com/javase/8/docs/technotes/guides/security/" rel="noreferrer" target="_blank">http://docs.oracle.com/javase/8/docs/technotes/guides/security/</a><br>
<br>
Specifically:<br>
<br>
Java Cryptography Architecture (JCA) Reference Guide<br>
specifically the "Cryptographic Service Providers" section.<br>
Standard Algorithm Names<br>
Oracle Providers<br>
<br>
Brad<br>
<br>
<br>
<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<br>
Thanks<br>
Ayas<br>
<br>
On Thu, Jun 2, 2016 at 12:13 AM, Bradford Wetmore<br>
<<a href="mailto:bradford.wetmore@oracle.com" target="_blank">bradford.wetmore@oracle.com</a> <mailto:<a href="mailto:bradford.wetmore@oracle.com" target="_blank">bradford.wetmore@oracle.com</a>>> wrote:<br>
<br>
Hopefully this makes it clear.<br>
<br>
For JSSE, <a href="http://javax.net/javax.net.ssl" rel="noreferrer" target="_blank">javax.net/javax.net.ssl</a> <<a href="http://javax.net/javax.net.ssl" rel="noreferrer" target="_blank">http://javax.net/javax.net.ssl</a>><br>
(in rt.jar) contains the APIs which call into JSSE providers.<br>
sun.security.ssl (contained in jsse.jar) is one such provider. The<br>
JSSE implementation contains routines specific to TLS, but<br>
eventually calls into JCA/JCE for specific crypto algorithms (e.g.<br>
RSA/AES/SHA/DH/ECDH/etc). The JCA/JCE framework consults its list<br>
of installed providers, and finds the first available implementation<br>
of whatever is needed. If it can't find something, that ciphersuite<br>
has to be disabled.<br>
<br>
Going back to the followup question, on JDK 6, if JCA/JCE can't find<br>
a registered ECC provider, then it must disable the ECC-based<br>
suites. As Sean said, Solaris has ECC through PKCS11, so OOTB<br>
ECC-based suites should work on JDK 6 if you're on Solaris. If on<br>
something else, you need to install an ECC provider to get ECC-based<br>
suite.<br>
<br>
Brad<br>
<br>
<br>
<br>
<br>
On 6/1/2016 1:06 AM, Ayaskant Swain wrote:<br>
<br>
Hi All,<br>
<br>
My question was not specific to those two cipher suites that I had<br>
pasted in my query. I had just pasted them as examples. Rather my<br>
question was generic.<br>
<br>
I want to know which library or packages in JDK implement the<br>
Algorithms/Ciphers that are used for SSL communication?<br>
<br>
If java provides the implementation of those cryptographic Algos<br>
through<br>
the *java.security , java.net.ssl & javax.crypto* packages then<br>
what is<br>
the role of the *jsse.jar* library that ships in as part of the<br>
*JAVA_HOME/ jre/lib* directory?<br>
<br>
I could clearly see the *jsse.jar *has classes like<br>
*Handshaker.class,<br>
SSLContextImpl.class, HandShakeMessage.class* inside the<br>
sun.security.ssl package which do the actual SSL Handshake.<br>
There are<br>
many more classes inside this package.<br>
<br>
So wanted clarification on this.<br>
<br>
Thanks<br>
Ayas<br>
<br>
On Wed, Jun 1, 2016 at 1:22 PM, Seán Coffey<br>
<<a href="mailto:sean.coffey@oracle.com" target="_blank">sean.coffey@oracle.com</a> <mailto:<a href="mailto:sean.coffey@oracle.com" target="_blank">sean.coffey@oracle.com</a>><br>
<mailto:<a href="mailto:sean.coffey@oracle.com" target="_blank">sean.coffey@oracle.com</a> <mailto:<a href="mailto:sean.coffey@oracle.com" target="_blank">sean.coffey@oracle.com</a>>>><br>
wrote:<br>
<br>
<br>
On 01/06/2016 03:42, Jim Manico wrote:<br>
<br>
<br>
I think this is the right answer.<br>
<br>
From<br>
<br>
<a href="https://stackoverflow.com/questions/27323858/java-6-ecdhe-cipher-suite-support" rel="noreferrer" target="_blank">https://stackoverflow.com/questions/27323858/java-6-ecdhe-cipher-suite-support</a><br>
<br>
The SSL/TLS implementation "JSSE" in Java 1.6 and later<br>
supports<br>
ECDHE suites *IF there is an available (JCE) provider*<br>
for needed<br>
ECC primitives. *Java 1.6 OOTB does NOT* include such an ECC<br>
provider, but you can add one. *Java 7 and 8 do* include<br>
SunECC<br>
provider.<br>
<br>
I don't believe Ayaskant's query was specific to ECC. In any<br>
case,<br>
the above answer isn't accurate. ECC support is available<br>
OOTB in JDK<br>
6 for Solaris. It's provided via the SunPKCS11 provider. SunEC<br>
provider was added in JDK 7:<br>
<br>
<a href="http://docs.oracle.com/javase/7/docs/technotes/guides/security/SunProviders.html#SunEC" rel="noreferrer" target="_blank">http://docs.oracle.com/javase/7/docs/technotes/guides/security/SunProviders.html#SunEC</a><br>
<br>
regards,<br>
Sean.<br>
<br>
<br>
- Jim<br>
<br>
<br>
On 5/29/16 8:02 PM, Ayaskant Swain wrote:<br>
<br>
Hi,<br>
<br>
Can anyone please help me know about this - Does<br>
JSSE library<br>
implement the Ciphers or Algorithms of a SSL<br>
protocol ? I see the<br>
jsse.jar library shipped with the JDK. I read the<br>
the Oracle<br>
document about JSSE<br>
-<br>
<<a href="http://docs.oracle.com/javase/8/docs/technotes/guides/security/jsse/JSSERefGuide.html#Introduction" rel="noreferrer" target="_blank">http://docs.oracle.com/javase/8/docs/technotes/guides/security/jsse/JSSERefGuide.html#Introduction</a>><a href="http://docs.oracle.com/javase/8/docs/technotes/guides/security/jsse/JSSERefGuide.html#Introduction" rel="noreferrer" target="_blank">http://docs.oracle.com/javase/8/docs/technotes/guides/security/jsse/JSSERefGuide.html#Introduction</a><br>
<br>
So my question is - does the JSSE implement the<br>
Ciphers or<br>
Algorithms that are used for a successful SSL<br>
handshake , server<br>
authentication, data integrity & data confidentiality<br>
(Application data encryption).<br>
<br>
Example of cipher suites -<br>
*TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256<br>
or **TLS_DHE_RSA_WITH_AES_128_GCM_SHA256*<br>
*<br>
*<br>
So is the coding of the above ciphers have been done<br>
in the JSSE<br>
library?<br>
<br>
Thanks<br>
Ayaskant<br>
Bangalore<br>
<br>
<br>
<br>
<br>
<br>
</blockquote>
</blockquote></div><br></div>