On 3/15/19 5:46 AM, Steve Groeger wrote:
Hi all,
Not sure whether something on this subject has been raised before but I
was unable to see anything in the mailing lists.
I don't think it has been discussed in any detail on this alias.
However, there are some other libraries and toolkits that allow OpenSSL
to be used for the crypto or TLS/SSL with Java applications, so it is
something that is not unreasonable to inquire about - i.e., whether it
would be useful to include something like this in the JDK.
We have been looking at adding support to Java to use the OpenSSL
libraries as a JCE security provider if available on the system that a
Java application is being run on (or to build and bundle the OpenSSL
libraries with the JDK).
If not found then the security drops back to using the built in security
that is part of the existing JDK.
The use of the OpenSSL libraries can be disabled entirely or specific
algorithms can be disabled by use of command line options,
i.e. Djdk.nativeCrypto=true | false and -Djdk.nativeDigest=true | false
Would this be something that might be useful to be contributed to OpenJDK.
Not sure w/o more information, but from a followup reply, it doesn't
seem to be a proper fit for the JDK since it is not a separate JCE provider.
But, if we want to explore this further, I think it first makes sense to
take a step back and focus more on what benefits an OpenSSL provider or
"native bridge" would provide. I think you would have to make a strong
case that the benefits outweigh the cost of maintaining a separate
provider with additional code, etc. There are probably licensing issues
as well that would need to be explored.
Anyway, happy to explore that in more detail if you like. One suggestion
is to use the JEP template [1] to provide more detail as it contains the
type of information that would be useful to start this type of discussion.
Thanks,
Sean
[1] https://openjdk.java.net/jeps/2
Thanks
Steve Groeger
IBM Runtime Technologies
Hursley, Winchester
Tel: (44) 1962 816911 Mobex: 279990 Mobile: 07718 517 129
Fax (44) 1962 816800
Lotus Notes: Steve Groeger/UK/IBM
Internet: groe...@uk.ibm.com
Unless stated otherwise above:
IBM United Kingdom Limited - Registered in England and Wales with number
741598.
Registered office: PO Box 41, North Harbour, Portsmouth, Hampshire PO6 3AU
Unless stated otherwise above:
IBM United Kingdom Limited - Registered in England and Wales with number
741598.
Registered office: PO Box 41, North Harbour, Portsmouth, Hampshire PO6 3AU
