Message-Id: <199908120433.VAA05499@shorter.eng.sun.com>
Date: Wed, 11 Aug 1999 21:33:18 -0700 (PDT)
From: Maxine Erlund <Maxine.Erlund@eng.sun.com>
Subject: Re: when javax.net
To: java-security@java.sun.com, david.nouls@swift.com
David,
The Java Secure Socket Extension (JSSE) implements a Java version of SSL (Secure
Socket Layer) and TLS (Transport Layer Security) protocols and includes
functionality for data encryption, server authentication, message integrity, and
optional client authentication.
There should be an announcement soon, but the JSSE 1.0 EA1 release has just been
made available at
http://developer.java.sun.com/developer/earlyAccess/index.html.
Maxine
>Date: Wed, 11 Aug 1999 15:23:46 +0200
>From: NOULS David <david.nouls@swift.com>
>Subject: when javax.net
>To: java-security@java.sun.com
>MIME-version: 1.0
>Content-transfer-encoding: 7bit
>X-Accept-Language: en
>
>Dear,
>
>I am currently working on a project at SWIFT where we need SSL to
>contact our LDAP server (using JNDI).
>
>Browsing through all the security archives and documentation on the
>subject of SSL, I found out that SSL is still not natively supported by
>Java. In the documentation there are referals to the
>javax.net.ssl.SSLSocketFactory interface that we should implement if we
>want to use a third party SSL implementation.
>
>The biggest problem ofcourse is that this package is not freely
>available and that it duplicates the Certification classes of JDK 1.2.2.
>So I guess this interface is still a draft specification.
>
>I've downloaded Java Web Server which has an implementation of the ssl
>classes, but I can't seem to get them to work correctly. Also, this
>might give us licensing problems since it is not official available nor
>is there a license agreement. We are not interested in the Web Server
>since we already are using another one, we just need the javax.net
>package with decent documentation so that we can plugin a SSL provider.
>
>So, my question is:
>When will there be a release of the javax.net package that we can use
>and that is updated for JDK1.2.2 ?
>
>I know that cryptography is a problematic issue for international use,
>but why isn't it released like the java.security package where the
>actual service providers should be plugged in externally ?
>
>
>David Nouls, S.W.I.F.T.