On 3/19/07, Casey Marshall <address@hidden> wrote:
On Mar 19, 2007, at 2:12 PM, chinmaya wrote:
> Hi,
>
> I am trying to use Jessie as a replacement to Sun's SSL provider.
> I can't replace Jessie in JDK 1.4 as due to restrictions (read this
> link http://java.sun.com/j2se/1.5.0/docs/guide/security/jsse/
> JSSERefGuide.html#PLUG)
> -- snippet --
> JSSE in J2SE 1.4.x does not allow use of third party JSSE providers
> due to U.S. government export restrictions. However, with the latest
> U.S. government export regulations, JSSE in J2SE 5 allows any JSSE
> provider be used as long as it supports only the following cipher
> suites.
> -- snippet --
>
You can also try replacing the javax.net.ssl classes with a free
version. Jessie comes with these, written from scratch.
> I don't have any choice but to go for JDK 1.5.
> I think following (minimal) changes are required in Jessie,
> * Need addition of SSLEngine (but a skeliton code will do as its an
> alternative IO support.)
> * Changes/Addition to APIs in SSLContext implementation class
> * Changes/Addition to APIs in SSLSession implementation class
>
> Has anyone attempted/successfully using Jessie with JDK 1.5.
>
> Is Jessie project still alive, I do not see much of activity
though, I
> see no release after Oct 05 !
> Are there any development plans for Jessie?
>
No. We merged Jessie into GNU Classpath, and are maintaining it
there. The current CVS code of Jessie should be compatible with Java
1.5, and it includes a real, non-stub implementation of SSLEngine.
> Should I use Jessie release or GNU Classpath release if I have to
use
> latest of Jessie!
>
You should use the version in GNU Classpath. The SSL provider is
reasonably self-contained in the package gnu.javax.net.ssl.
gnu.javax.net.ssl package depends on lot of other classpath packages
like gnu.java.security.*, gnu.classpath.debug.*, gnu.javax.crypto.* .
And they in-turn depend on rest of classpath.