"Java Security Technology Exploration Path series: Java Extensible Security Architecture" XI.: JSSE (a): JSSE architecture Introduction

Source: Internet
Author: User

Guo Jia
Email: [Email protected]
Blog: http://blog.csdn.net/allenwells
Github:https://github.com/allenwell

In network communication, the protection of the integrity and confidentiality of the exchanged data is one of the most important challenges in network security. In the communication process, the potential threat is that the data exchanged may be accessed or modified by a malicious attacker or unintended recipient. Secure Sockets Layer (Securesocket layer, SSL) and Transport Layer Security (Transport layer safety, TLS) are application-independent protocols developed by the IETF that protect the privacy and integrity of the data exchanged, Provides important security features for end-to-end application communication and establishes authenticity, trustworthiness, and reliability among the communicating parties. Ssl/ils runs on the TCP/IP protocol stack to secure communications through data encryption, server authentication, message integrity, and optional client authentication. For data encryption, SSL supports the use of public key encryption algorithms and secret key encryption algorithms, where the key encryption algorithm is used to encrypt a large amount of data exchanged between two applications.

Because Jsse provides a standard API framework and mechanism for customer-to-server communication, it provides end-to-end security for network traffic based on client-side and servers. The Jsse supports SSL and TLS protocols and provides functions related to data encryption, message integrity, and peer authentication.
Client and server applications that use the following secure transport protocols can be developed by Jsse:

    • Secure HTTP protocol (HTTP over SSL)
    • Secure Shell protocol (Telnet over SSL)
    • Secure SMTP Protocol (SMTP~SSL)
    • IPSec protocol (secure IP protocol)
    • Secure RMI or RMI/IIOP (RMI over SSL)

Jsse-based client applications and server-side applications secure communication flow as shown in:

Jsse is also a provider-based architecture that can use the default Sunjce to satisfy all of its cryptographic algorithm requirements, or use the Java_home/jre/lib/security/java.serurity file to statically register other vendors jca/ JCE providers, which are placed in front of the SUNJCE provider to use them.

The default SUNJCE provider provides the following features:

    • Implement the SSL3.0 and TLS1.0 protocols.
    • Implements the ssl/i ' LS state machine (sslengine), which allows the processing of buffer data to generate ssl/i ' LS encoded data
      (J2SE 5.0 and later).
    • Implements the key factory and key generator used to support the RSA algorithm.
    • Implement the most common SSL and TLS cryptographic algorithm suite to support authentication, key negotiation, encryption, and integrity protection.
    • Implements a key manager based on the Siujsse that manages the keys for the JCA keystore that is supported for the.
    • Implement a trust manager that is based on the ".", which supports verification and validation of the certificate chain.
    • Support for the Kerberos cryptographic algorithm suite, provided the underlying operating system can provide the suite (J2SE 5.0 and later).
    • The hardware accelerator and smart card tokens (J2SE 5.0 and later) are supported by the JCE PKCS # 11 provider.

"Java Security Technology Exploration Path series: Java Extensible Security Architecture" XI.: JSSE (a): JSSE architecture Introduction

Related Article

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.