commons-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Berin Loritsch" <blorit...@apache.org>
Subject RE: [HttpClient] Dependancy on JSSE
Date Thu, 01 Aug 2002 16:48:31 GMT
> From: jsdever@www1.kc.aoindustries.com 
> [mailto:jsdever@www1.kc.aoindustries.com] On Behalf Of Jeff Dever
> 
> Mike,
> 
> I did not realize that this was a side effect of some recent 
> secury proxy authentication patches.  It used to be that ssl 
> was required to compile but could run without it.  A lot of 
> us have been using jdk1.4 for our private builds lately, 
> (which has ssl built in) so it was easy not to notice.
> 
> I guess the question is: how important is it for httpclient 
> to run in ann environment without ssl available?  (I'm a 
> Canadian which has quite a bit of freedom with encryption and 
> am not aware of what the export issues may be with ssl).

Some countries (usually those with history for harboring or
hiding terrorists) are not allowed to have really strong
encryption exported to them.  Nor are they alowed to have
really powerful computers exported to them.  (less of a
chance of them to be able to brute force break a session).

At least that is the reasoning behind it.  Whether it is
rational or not is beside the point--it is a U.S. export
law that we have to abide by (because our servers are
located in the U.S.).


If you are not using JDK 1.4+ then you cannot assume the
existence of JSSE or any compatible library.  There are more
issues than just export regulations.  Keep in mind that JSSE
and friends are a real PITA to install.  There are properties
you have to set in your JDK install, you have to put it in
${JAVA_HOME}/jre/lib/ext/, and if you need to support CA certs
from non standard or proprietary sources, it's a real PITA
to manage.

Having added the JSSE Certificate support to JMeter, I have
dealt with all of those issues and compounded the problem by
testing with more than just JSSE (IAIK has a JSSE compliant
SSL library).

Trust me, what you get for free in JDK 1.4+ costs an arm and
a leg in JDKs prior to that.


--
To unsubscribe, e-mail:   <mailto:commons-dev-unsubscribe@jakarta.apache.org>
For additional commands, e-mail: <mailto:commons-dev-help@jakarta.apache.org>


Mime
View raw message