tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Michael Jeffrey Tucker <mtuc...@eecs.harvard.edu>
Subject Replacing the JCE provider
Date Tue, 18 Nov 2003 23:55:34 GMT
Hi,

  I have gone through the mailing list archives, but I haven't found
anything definitive on how to go about replacing the JCE provider for
Tomcat's version of JSSE. My project requires that extremely large keys be
used for SSL, beyond the size that is supported by the Sun implementation
(I need 4096bit RSA keys), and I haven't had any luck getting Cryptix to
play nicely with Tomcat. I've turned on JSSE debugging, but I don't
understand the results that I am seeing: using Cryptix breaks my ability
to establish client authenticated SSL connections.

With my normal setup, I see the following messages at the end of the SSL
handshake in catalina.out:

HttpProcessor[8443][4], READ: TLSv1 Handshake, length = 134
JsseJCE: Using JSSE internal implementation for cipher RSA/ECB/PKCS1Padding
RSA PreMasterSecret version: TLSv1
 ...

If I add Cryptix as my primary provider in my java.security file, and
update my classpaths appropriately (but leave everything else the same,
including client certificates), I get:

HttpProcessor[8443][4], READ: TLSv1 Handshake, length = 134
JsseJCE: Using JSSE internal implementation for cipher RSA/ECB/PKCS1Padding
RSA PreMasterSecret version: TLSv1
 ...

I have written a small test program that demonstrates that the Cryptix
libraries are working properly (it encrypts and then decrypts a string),
and I have verified that the Cryptix provider is being activated by
varying the key length to values greater than 2048. I am unsure if this is
a JSSE problem or a tomcat problem, but I was hoping that someone on this
list might be able to offer me some guidance in finding the root of the
issue. If you have any suggestions, please let me know!

Thanks,
Mike


---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org


Mime
View raw message