JSSE providers

IBM® JSSE includes a native IBM i JSSE provider and an IBM pure Java™ JSSE provider. The provider that you choose to use depends on the needs of your application.

All providers adhere to the JSSE interface specification. They can communicate with each other and with any other TLS implementation, even non-Java implementations.

IBM pure Java JSSE provider

The IBM pure Java JSSE provider offers the following features:

  • Works with any type of KeyStore object to control and configure digital certificates (for example, JKS, PKCS12, and so on).
  • Allows you to use any combination of JSSE components from multiple implementations together.

IBMJSSEProvider2 is the provider name for the pure Java implementation. You need to pass this provider name, using the proper case, to the java.security.Security.getProvider() method or the various getInstance() methods for several of the JSSE classes.

Native IBM i JSSE provider

The native IBM i JSSE provider offers the following features:

  • Uses the native IBM i TLS support.
  • Allows the use of the Digital Certificate Manager to configure and control digital certificates. This is provided via a unique IBM i type of KeyStore (IbmISeriesKeyStore).
  • Allows you to use any combination of JSSE components from multiple implementations together.

IBMi5OSJSSEProvider is the name for the native IBM i implementation. You need to pass this provider name, using the proper case, to the java.security.Security.getProvider() method or the various getInstance() methods for several of the JSSE classes.

Changing the default JSSE provider

You can change the default JSSE provider by making the appropriate changes to your security properties.

After changing the JSSE provider, ensure that your system properties specify the proper configuration for digital certificate information (keystore) required by the new provider.

For more information, see JSSE security properties.