Our Entrust Authority Security Toolkit for the Java platform also contains a FIPS 140-2 certified provider, and we add pluggable crypto ability to provide FIPS 140-2 crypto using the TLS protocol available in the JVM (when our FIPS 140-2 certified provider is being used).
Cheers, John Gray Entrust Datacard -----Original Message----- From: security-dev [mailto:security-dev-boun...@openjdk.java.net] On Behalf Of coderaptor Sent: Friday, April 12, 2019 1:15 PM To: Simone Bordet <simone.bor...@gmail.com> Cc: OpenJDK Dev list <security-dev@openjdk.java.net> Subject: [EXTERNAL]Re: Use of OpenSSL as JCE security provider if available on system WARNING: This email originated outside of Entrust Datacard. DO NOT CLICK links or attachments unless you trust the sender and know the content is safe. I may be off-mark here (since I did not go over the mail thread with a fine comb), but one possible use is to satisfy cases where FIPS 140-2 validated library is a requirement. Currently, there are very few options in the market (BouncyCastle is FIPS 140-2, RSA BSAFE has exited), so the ability to use OpenSSL as a JCE provided would be immensely beneficial. Thanks. -ag On Thu, Mar 21, 2019 at 8:43 AM Simone Bordet <simone.bor...@gmail.com> wrote: > > Hi, > > On Thu, Mar 21, 2019 at 3:43 PM Sean Mullan <sean.mul...@oracle.com> wrote: > > But, if we want to explore this further, I think it first makes > > sense to take a step back and focus more on what benefits an OpenSSL > > provider or "native bridge" would provide. > > Benchmarked 3x-10x performance improvements. > https://nbsoftsolutions.com/blog/dropwizard-1-3-upcoming-tls-improveme > nts > > I guess the memory allocation/footprint has similar improvements, with > the JDK insisting at requiring ~17 KiB buffers to read HTTP requests > in the order of <1 KiB. > > -- > Simone Bordet > --- > Finally, no matter how good the architecture and design are, to > deliver bug-free software with optimal performance and reliability, > the implementation technique must be flawless. Victoria Livschitz
