Features and Benefits

JSSE includes the following important features:
  • Included as a standard component of the SDK.
  • Extensible, provider based architecture.
  • Implemented in 100% Java™.
  • Provides API support for SSL versions 2.0 and 3.0, and an implementation of SSL version 3.0.
  • Provides API support and an implementation for the following TLS versions: 1.0, 1.1, 1.2Start of changes for service refresh 6 fix pack 25, 1.3End of changes for service refresh 6 fix pack 25.
  • Includes classes that can be instantiated to create secure channels (SSLSocket, SSLServerSocket, and SSLEngine).
  • Provides support for cipher suite negotiation, which is part of the SSL handshaking used to initiate or verify secure communications.
  • Provides support for client and server authentication, which is part of the normal SSL handshaking.
  • Provides support for Hypertext Transfer Protocol (HTTP) encapsulated in the SSL protocol (HTTPS), which allows access to data such as web pages using HTTPS.
  • Provides server session management APIs to manage memory-resident SSL sessions.
  • Start of changes for service refresh 6 fix pack 25Provides support for the certificate status request extension (OCSP stapling), which saves client certificate validation round-trips and resources.End of changes for service refresh 6 fix pack 25
  • Provides support for the Server Name Indication (SNI) extension, which extends the TLS protocols to indicate what server name the client is attempting to connect to during handshaking.
  • Provides support for endpoint identification during handshaking, which prevents man-in-the-middle attacks.
  • Provides support for cryptographic algorithm constraints, which provides fine-grained control over algorithms negotiated by JSSE.
  • Provides support for several cryptographic algorithms commonly used in cipher suites, including those listed in the following table:

Cryptographic Functionality Available With JSSE

Table 1.
Cryptographic Algorithm * Cryptographic Process Key Lengths (Bits)
RSA Authentication and key exchange 512 and larger
RC4 Bulk encryption 128

128 (40 effective)
DES Bulk encryption 64 (56 effective)

64 (40 effective)
Triple DES Bulk encryption 192 (112 effective)
AES Bulk encryption 256 **

128
AES_GCM Bulk encryption 256 **

128
Diffie-Hellman Key agreement 1024

512
DSA Authentication 1024
Note: * The IBMJSSE2 implementation uses the IBM Java Cryptography Extension (JCE) family of providers for all of its cryptographic algorithms.
Note: ** Cipher suites that use AES_256 require the JCE Unlimited Strength Jurisdiction Policy Files.