santuario-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Raul Benito" <>
Subject Re: [Fwd: [VOTE] Put Apache Juice into dormant status]
Date Mon, 16 Jul 2007 15:51:29 GMT
On 7/16/07, Scott Cantor <> wrote:
> > Juice uses openSSL as its engine, this provides a 3-6 time
> > improvement when compared to BouncyCastle.
> It is a matter of opinion whether that is enough to bother. As a
> participant
> in the project that gave birth to that code, it wasn't enough to deal with
> the hassles, it's hard enough supporting people using Java alone, believe
> it
> or not.
> (When the difference was a factor of 20, it definitely mattered.)
> > As for the deployers:
> > I just sent an e-mail to the list that asks for Juice being
> > FIPS certified :-). openSSL is FIPS certified, Juice
> > is a JCE compliant front-end to openSSL thus quite some
> > people seem to like Juice also beeing FIPS certified.
> A specific version of OpenSSL when built as a static library is certified.
> Somebody would probably need to do some integration work on that, I
> imagine.
> > OpenSSL may use HW acceleration if configured and setup for
> > this, thus with Juice you immediatly have this benefit as well.
> In theory, but I'm unaware of anybody having proved this works when you
> combine all the pieces. One of the problems all along has been the
> messiness
> of getting alternative JCE provider code used by xmlsec and configuring
> things properly. I would say that a lot of that needs to be looked at if
> Juice is to be made viable.

The last time I do this wasn't so difficult, setProvider in first possition
or using setProvider in Init.

But it is a good point and a HOWTO should be written.

-- Scott


View raw message