The JavaTM Secure Socket Extension (JSSE) is a Java package that enables secure Internet communications. It implements a Java version of SSL (Secure Sockets Layer) and TLS (Transport Layer Security) protocols and includes function for data encryption, server authentication, message integrity, and optional client authentication.
By abstracting the complex underlying security algorithms and "handshaking" mechanisms, JSSE minimizes the risk of creating subtle but dangerous security vulnerabilities. Furthermore, it simplifies application development by serving as a building block which developers can integrate directly into their applications. Using JSSE, developers can provide for the secure passage of data between a client and a server running any application protocol (such as HTTP, Telnet, NNTP, and FTP) over TCP/IP.
To download a copy of the documentation for the IBMJSSE provider, download the
jssedocs.jar file.
The
jssedocs.jar files contain the following documents:
To extract the documentation from the downloaded .jar file, place the .jar file at the directory location where you would like the documentation (for instance the
${java-home}/docs/jsseDocs directory) and issue the following command:
jar -xvf jssedocs.jar
Note that the
jssedocs.jar file is actually a Java Archive (.jar) file that contains documentation only and no executable code. The
jar command above will work whether the file type is .tar or .jar.
The ibmjsse.jar file is pre-installed in the
${java-home}/lib/ext directory.
The OS390 version of JSSE does NOT provide support for PKCS11.
IBMJSSE uses
KeyTool rather than
iKeyman to
create,
import, etc. keys and certificates.
KeyTool can
create certificate requests for, and
import certificates from the
gskkyman utility provided
The Java JSSE APIs are based on the cryptographic service provider architecture, which means you must install JSSE as a service provider before you use it. To install JSSE as a service provider, specify the following in your
java.security file in the
${java-home}/lib/security.
- security.provider.1=sun.security.provider.Sun
- security.provider.2=com.ibm.jsse.JSSEProvider
Note that the IBM JSSE provider must be placed after the default Sun provider.
The sample programs that demonstrate how to use the IBMJSSE are located in the
${java-home}/demo/jsse directory:
- The ServerJsse and ClientJsse applications demonstrate a simple Client/Server interaction using JSSE. For simplicity, the ServerJsse and ClientJsse use the same KeyStore files. In a real application, the client and server should each have their own KeyStore files. When starting ClientJsse you may optionally specify the name of the host running ServerJsse (the default is localhost). ServerJsse should be started with no parameters.
- HTTPTest is a command line version of HTTPSPanel. It requires one parameter, the URL of a web site. If you need help for this application, you can start this application with no parameters.
- UseHTTPs accesses a specified Web server. You may optionally specify a socks server and socks port number. If you need help for this application, you can start this application with no parameters.
When you run the sample applications, make sure that the
testkeys file is in the current directory.
| 
