Differences between revisions 1 and 2
Revision 1 as of 2008-01-20 16:10:51
Size: 2748
Editor: RolandWeber
Comment: updated some links
Revision 2 as of 2009-09-20 21:44:16
Size: 2768
Editor: localhost
Comment: converted to 1.6 markup
Deletions are marked like this. Additions are marked like this.
Line 6: Line 6:
[http://hc.apache.org/httpclient-3.x/sslguide.html SSL/TLS guide] [[http://hc.apache.org/httpclient-3.x/sslguide.html|SSL/TLS guide]]
Line 8: Line 8:
The standard [http://java.sun.com/j2se/1.4.2/docs/guide/security/jsse/JSSERefGuide.html#KeyClasses Java API for SSL/TLS]
is called [http://java.sun.com/products/jsse/index.jsp JSSE (Java Secure Socket Extension)].
The standard [[http://java.sun.com/j2se/1.4.2/docs/guide/security/jsse/JSSERefGuide.html#KeyClasses|Java API for SSL/TLS]]
is called [[http://java.sun.com/products/jsse/index.jsp|JSSE (Java Secure Socket Extension)]].
Line 13: Line 13:
Some of the [http://hc.apache.org/httpclient-3.x/sslguide.html SSL code] Some of the [[http://hc.apache.org/httpclient-3.x/sslguide.html|SSL code]]
Line 31: Line 31:
[http://www-128.ibm.com/developerworks/java/jdk/security/142/secguides/jssedocs/JSSERefGuide.html documentation] [[http://www-128.ibm.com/developerworks/java/jdk/security/142/secguides/jssedocs/JSSERefGuide.html|documentation]]
Line 33: Line 33:
[http://www-128.ibm.com/developerworks/java/jdk/security/142/ here]. [[http://www-128.ibm.com/developerworks/java/jdk/security/142/|here]].
Line 38: Line 38:
[http://www.nongnu.org/jessie/ JESSIE] stands for ''JESSIE Executes Secure Sockets In Excess''. [[http://www.nongnu.org/jessie/|JESSIE]] stands for ''JESSIE Executes Secure Sockets In Excess''.
Line 43: Line 43:
[http://www.oracle.com/technology/products/id_mgmt/phaos/prod_doc.html#ssl Oracle Phaos SSLava] [[http://www.oracle.com/technology/products/id_mgmt/phaos/prod_doc.html#ssl|Oracle Phaos SSLava]]
Line 48: Line 48:
[http://jce.iaik.tugraz.at/products/02_isasilk/index.php iSaSiLk] [[http://jce.iaik.tugraz.at/products/02_isasilk/index.php|iSaSiLk]]
Line 50: Line 50:
[http://mail-archives.apache.org/mod_mbox/jakarta-httpcomponents-dev/200505.mbox/%3c20050525081051.GA11987@uml24.umlhosting.ch%3e Recommended by Oleg.] [[http://mail-archives.apache.org/mod_mbox/jakarta-httpcomponents-dev/200505.mbox/%3c20050525081051.GA11987@uml24.umlhosting.ch%3e|Recommended by Oleg.]]

JSSE Implementations

HttpClient does not come with support for SSL/TLS because it doesn't have to. Both security protocols are for the transport layer, while the HTTP protocol operates on top of the transport layer. You can mix and match HttpClient with any independent SSL/TLS implementation. Our SSL/TLS guide explains how to do this. The standard Java API for SSL/TLS is called JSSE (Java Secure Socket Extension). This page lists some JSSE providers, that is implementations of the API, which you can use. It starts with JSSE providers that are bundled with JDKs, then follow independent packages.

Some of the SSL code in the HttpClient contrib package is hard-coded against the SUN JSSE provider, since classes under com.sun.* are referenced. If you are using a different provider, you have to adapt the code to use the respective API of that provider. Problems you may encounter with some JSSE implementations are sometimes caused by the fact that the secure sockets provided not always correctly implement all socket operations used by HttpClient.

SUN JSSE

SUN JDKs since 1.4 are shipped with the SUN JSSE provider. There is a separate package that can be downloaded and installed for older JDKs. The SUN JSSE provider is reported to be stable for use with HttpClient since JDK 1.4.2. Older versions, and the separate download packages for older JDKs, are reported to cause problems.

IBM JSSE

IBM JDKs ship with an IBM JSSE provider replacing the one from SUN. Here is the documentation for the JSSE. Platform specific security information for the IBM JDK 1.4.2 is available here. Information about older JDKs seems to be unavailable or is well hidden.

JESSIE

JESSIE stands for JESSIE Executes Secure Sockets In Excess. It is a free implementation of JSSE with a relaxed GNU license.

SSLava

Oracle Phaos SSLava

iSaSiLk

Developed at the Technical University of Graz, iSaSiLk is not a cheap, but a good SSL/TLS implementation. Recommended by Oleg.

AlternativeJSSE (last edited 2009-09-20 21:44:16 by localhost)