Return-Path: Delivered-To: apmail-xml-security-dev-archive@www.apache.org Received: (qmail 94121 invoked from network); 19 Sep 2007 13:52:08 -0000 Received: from hermes.apache.org (HELO mail.apache.org) (140.211.11.2) by minotaur.apache.org with SMTP; 19 Sep 2007 13:52:08 -0000 Received: (qmail 55749 invoked by uid 500); 19 Sep 2007 13:51:56 -0000 Delivered-To: apmail-xml-security-dev-archive@xml.apache.org Received: (qmail 55727 invoked by uid 500); 19 Sep 2007 13:51:56 -0000 Mailing-List: contact security-dev-help@xml.apache.org; run by ezmlm Precedence: bulk List-Post: List-Help: List-Unsubscribe: Reply-To: security-dev@xml.apache.org List-Id: Delivered-To: mailing list security-dev@xml.apache.org Received: (qmail 55696 invoked by uid 99); 19 Sep 2007 13:51:56 -0000 Received: from athena.apache.org (HELO athena.apache.org) (140.211.11.136) by apache.org (qpsmtpd/0.29) with ESMTP; Wed, 19 Sep 2007 06:51:56 -0700 X-ASF-Spam-Status: No, hits=-100.0 required=10.0 tests=ALL_TRUSTED X-Spam-Check-By: apache.org Received: from [140.211.11.4] (HELO brutus.apache.org) (140.211.11.4) by apache.org (qpsmtpd/0.29) with ESMTP; Wed, 19 Sep 2007 13:52:04 +0000 Received: by brutus.apache.org (Postfix, from userid 33) id E87B87141FE; Wed, 19 Sep 2007 06:51:43 -0700 (PDT) From: bugzilla@apache.org To: security-dev@xml.apache.org Subject: DO NOT REPLY [Bug 43414] - Cannot parse X509 cert with key size longer than 2048 (JRE 1.4) In-Reply-To: X-Bugzilla-Reason: AssignedTo Message-Id: <20070919135143.E87B87141FE@brutus.apache.org> Date: Wed, 19 Sep 2007 06:51:43 -0700 (PDT) X-Virus-Checked: Checked by ClamAV on apache.org DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG� RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT . ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND� INSERTED IN THE BUG DATABASE. http://issues.apache.org/bugzilla/show_bug.cgi?id=43414 sean.mullan@sun.com changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |NEEDINFO ------- Additional Comments From sean.mullan@sun.com 2007-09-19 06:51 ------- There are a couple of problems with the proposed solution. First, there are plenty of other places in the code in which other JCE/JCA engine classes are instantiated without specifying a specific provider. Second, one provider may not be the right provider for all of them (for example, they may not support all of the algorithms you need). A better solution, in my opinion, is to call the standard java.security.Security.insertProviderAt API from your application which will insert your preferred provider(s) at the preference you would like, ex: Security.insertProvider(new BouncyCastleProvider(), 1); This will allow the JRE to fallback and try other installed providers if the provider above does not support a requested algorithm or parameters, etc. Let me know if this works for you. -- Configure bugmail: http://issues.apache.org/bugzilla/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee.