Re: [Jessie-discuss] Re: Future of Jessie & JDK1.5

[Casey Marshall]

On Mar 19, 2007, at 2:12 PM, chinmaya wrote:

> Hi,
>
> I am trying to use Jessie as a replacement to Sun's SSL provider.
> I can't replace Jessie in JDK 1.4 as due to restrictions (read this
> link http://java.sun.com/j2se/1.5.0/docs/guide/security/jsse/ 
> JSSERefGuide.html#PLUG)
> -- snippet --
> JSSE in J2SE 1.4.x does not allow use of third party JSSE providers
> due to U.S. government export restrictions. However, with the latest
> U.S. government export regulations, JSSE in J2SE 5 allows any JSSE
> provider be used as long as it supports only the following cipher
> suites.
> -- snippet --

You can also try replacing the javax.net.ssl classes with a free  
version. Jessie comes with these, written from scratch.

> I don't have any choice but to go for JDK 1.5.
> I think following (minimal) changes are required in Jessie,
> * Need addition of SSLEngine (but a skeliton code will do as its an
> alternative IO support.)
> * Changes/Addition to APIs in SSLContext implementation class
> * Changes/Addition to APIs in SSLSession implementation class
>
> Has anyone attempted/successfully using Jessie with JDK 1.5.
>
> Is Jessie project still alive, I do not see much of activity though, I
> see no release after Oct 05 !
> Are there any development plans for Jessie?

No. We merged Jessie into GNU Classpath, and are maintaining it  
there. The current CVS code of Jessie should be compatible with Java  
1.5, and it includes a real, non-stub implementation of SSLEngine.

> Should I use Jessie release or GNU Classpath release if I have to use
> latest of Jessie!

You should use the version in GNU Classpath. The SSL provider is  
reasonably self-contained in the package gnu.javax.net.ssl.

Hope this helps.