Scribd
Upload
140 views

Java Secure Socket Extension (JSSE) API: Brad R. Wetmore

The Java Secure Socket Extension (JSSE) API provides secure networking communications for Java applications through data encryption, authentication, and message integrity. The presentation discusses the JSSE API and reference implementation, including an overview of how JSSE fits into the TCP/IP stack, code examples of using the JSSE API, and details on Sun's reference implementation such as supported algorithms and how to replace components. Support resources are also provided for using and feeding back on the JSSE API and reference implementation.

Uploaded by

Anonymous NSeuaS
Copyright
© © All Rights Reserved
Available Formats
Download as PDF, TXT or read online on Scribd
140 views

Java Secure Socket Extension (JSSE) API: Brad R. Wetmore

The Java Secure Socket Extension (JSSE) API provides secure networking communications for Java applications through data encryption, authentication, and message integrity. The presentation discusses the JSSE API and reference implementation, including an overview of how JSSE fits into the TCP/IP stack, code examples of using the JSSE API, and details on Sun's reference implementation such as supported algorithms and how to replace components. Support resources are also provided for using and feeding back on the JSSE API and reference implementation.

Uploaded by

Anonymous NSeuaS
Copyright
© © All Rights Reserved
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 15

BOF 1206, Java Networking/Java Secure Socket Extension (JSSE) API 1

Java Secure Socket


Extension (JSSE) API
Brad R. Wetmore
Java Security Engineer
Sun Microsystems, Inc.
BOF 1206, Java Networking/Java Secure Socket Extension (JSSE) API 2
Agenda
Overview of problem
High-level JSSE/SSL/TLS overview
JSSE API
JSSE Reference Implementation (RI)
RI FAQs
Export Issues/Futures
Q&A
BOF 1206, Java Networking/Java Secure Socket Extension (JSSE) API 3
What Is JSSE?
Provides for secure networking
communications
Data encryption
Authentication
Message integrity
http://java.sun.com/products/jsse
API
RI, Ver. 1.0.1, March 2000
Distribution:
domestic, global, docs-only, sample code
BOF 1206, Java Networking/Java Secure Socket Extension (JSSE) API 4
Where JSSE fits into TCP/IP
Ether
IP
TCP
JSSE
Alice Bob
Ether
IP
TCP
JSSE
z6f
abc abc
z6f
z6f
BOF 1206, Java Networking/Java Secure Socket Extension (JSSE) API 5
API Overview
SSLSocket
Factory
SSLServer
SocketFactory
Server
Socket
SSLServer
Socket
SSLSocket
Socket
SSLSession SSLSession
Session ID
Cipher Suite
Peer ID
Session Context
BOF 1206, Java Networking/Java Secure Socket Extension (JSSE) API 6
JSSE Client Code Example
/*
* Use SSL, a non-SSL socket would use:
* Socket socket = new Socket (www.sun.com, 80);
*/
SSLSocketFactory factory = (SSLSocketFactory) SSLSocketF
SSLSocket socket = (SSLSocket) factory.createSocket(
"www.sun.com", 443);
PrintWriter out = new PrintWriter(
new BufferedWriter(
new OutputStreamWriter(
socket.getOutputStream())));
out.println("GET http://www.sun.com/index.html HTTP/1.1"
out.flush();
BOF 1206, Java Networking/Java Secure Socket Extension (JSSE) API 7
Other JSSE (javax) Entities
SSLSessionContext
Group of SSLSessions available for an entity
SSLBindingEvent
notification of objects bound to SSL Session
HandshakeCompletedEvent
Duplication of Certificate Classes
Code was written before Java SDK 2
Most are wrapper classes to Java 2 certs.
BOF 1206, Java Networking/Java Secure Socket Extension (JSSE) API 8
Suns RI Details
100% Java
Requires JDK 1.2.1
Free for commercial deployment
Check licensing for details
Supports SSL v3.0, TLS v1.0
Various algorithms built-in
RSA, RC4, DES, 3DES, DH, DSA, SHA, MD5
Apps. can not access algs. directly (JCA)
https support
BOF 1206, Java Networking/Java Secure Socket Extension (JSSE) API 9
Suns RI Details (#2)
com.sun.net.ssl
Internal package, subject to change
SSLContext
Secure socket protocol information
Source of SSLSocketFactories
KeyManager
Source of key material
TrustManager
Makes trust decisions
All use the JCA SPI mechanism
Can replace SSLContext, KeyManager, TrustManager
BOF 1206, Java Networking/Java Secure Socket Extension (JSSE) API 10
FAQs
[email protected] archives
Installation problems
Visual Cafes certificate file
untrusted ____ cert chain
Cert not found in cacerts
Date outside validity period
Server Client
cert Srvrcert
I dont
trust
Srvrcert
certs
BOF 1206, Java Networking/Java Secure Socket Extension (JSSE) API 11
Export Issues/Futures
Hasnt the US relaxed export
restrictions? How come JSSE
Not an easy or quick process
Minor mods to RI needed
JSSE 1.0.2
Support for strong global crypto.
Will also support PJava 3.1
Move JSSE RI into Merlin
BOF 1206, Java Networking/Java Secure Socket Extension (JSSE) API 12
Feedback & Support
For feedback on the JSSE API
[email protected]
For business questions
[email protected]
For support with the JSSE RI
http://www.sun.com/developer/support/
BOF 1206, Java Networking/Java Secure Socket Extension (JSSE) API 13
Various URLS
http://java.sun.com/products/jsse
http://archives.java.sun.com/archives/java-security.html
http://www.epic.org/crypto/export_controls
http://developer.netscape.com/docs/manuals/security.html
http://home.netscape.com/eng/ssl3/ssl-toc.html
http://www.ietf.org/rfc/rfc2246.txt
BOF 1206, Java Networking/Java Secure Socket Extension (JSSE) API 14
Q & A
BOF 1206, Java Networking/Java Secure Socket Extension (JSSE) API 15

You might also like