From: Michael Kirk <mkirk@cisco.com>
Message-Id: <199703120047.LAA01054@metaplex-ss10.cisco.com>
Subject: Re: Do you have a X509 implementation ?
To: David.Brownell@Eng (David Brownell -- JavaSoft)
Date: Wed, 12 Mar 97 11:47:51 EST
In-Reply-To: <199703110639.WAA14201@argon.eng.sun.com>; from "David Brownell -- JavaSoft" at Mar 10, 97 10:39 pm
>
> > Since you're interested in SSL primarily and you're willing to work
> > with APIs that will change, check out the Java Web Server beta
> > http://jeeves.javasoft.com/products/java-server/webserver/beta1.0/doc/index.html
> >
> > If you have questions about using the Java Web Server, contact that
> > team via the java-server-feedback@java.sun.com alias.
>
> Note that that web page does include the javadox for the
> sun.server.x509 package, not available with JDK 1.1 (though
> that package is in JDK 1.1).
>
>
> > > and whether
> > > there is any documentation as to how to use them. I am writing
> > > experimental rather than release software, so I don't mind if this
> > > stuff changes. If the classes are there and can be used, however,
> > > this would be helpful to me (in that I wouldn't have to write this
> > > stuff myself).
> > >
> > > > Please do let us know how you want to use the X509v3 APIs from Java,
> > > > so if there is a particular profile you require, we learn of that
> > > > sooner rather than later
>
> Likewise, if you have feedback about the current X509v1 support!
>
>
> > > I'm trying to write an SSL client in JAVA. (I'd prefer that to be
> > > supported by core Java classes but that's another issue). I can
> > > send a client hallo to an SSL server and get back a server hallo, and
> > > a server certificate. I need to be able to decode this certificate to
> > > continue the dialog.
> > >
> > > If you have any software to do this, or to support SSL generally, I
> > > would be happy to trial it and give feedback.
>
> Try the SSL APIs in the US domestic release of the Java Web Server,
> as noted above. Again, API feedback is solicited ... :-)
Hi,
Good to see some progress on this.
Well the obvious feedback is that we need the client authentication and the
security context to be sorted out.
What is the 'basic policy validation' done on certificate chains when they
are created, is there an interface to set the policy ? What if an SSLSocket
wants to specify it's own policy for authentication the server ?
I'm not sure what the point of getEnabledCipherSuites and setEnabledCipherSuites
is. All the SSLSocket constructors presumably establish the SSL connection. There
isn't a setActiveCipherSuite so you can't change the CipherSuite on an established
connection, what then, is the use of setting the Enabled Cipher Suites ?
Michael
>
> - Dave
>
>