when javax.net

NOULS David (david.nouls@swift.com)
Wed, 11 Aug 1999 15:23:46 +0200

Date: Wed, 11 Aug 1999 15:23:46 +0200
From: NOULS David <david.nouls@swift.com>
Subject: when javax.net
To: java-security@java.sun.com

Dear,

I am currently working on a project at SWIFT where we need SSL to
contact our LDAP server (using JNDI).

Browsing through all the security archives and documentation on the
subject of SSL, I found out that SSL is still not natively supported by
Java. In the documentation there are referals to the
javax.net.ssl.SSLSocketFactory interface that we should implement if we
want to use a third party SSL implementation.

The biggest problem ofcourse is that this package is not freely
available and that it duplicates the Certification classes of JDK 1.2.2.
So I guess this interface is still a draft specification.

I've downloaded Java Web Server which has an implementation of the ssl
classes, but I can't seem to get them to work correctly. Also, this
might give us licensing problems since it is not official available nor
is there a license agreement. We are not interested in the Web Server
since we already are using another one, we just need the javax.net
package with decent documentation so that we can plugin a SSL provider.

So, my question is:
When will there be a release of the javax.net package that we can use
and that is updated for JDK1.2.2 ?

I know that cryptography is a problematic issue for international use,
but why isn't it released like the java.security package where the
actual service providers should be plugged in externally ?

David Nouls, S.W.I.F.T.