Stack Overflow
Stack Overflow

Questions tagged [jsse]

JSSE is a Java implementation of Secure Sockets Layer (SSL) and Transport Layer Security (TLS) protocols. Its functionality includes data encryption, server authentication, message integrity, and optional client authentication.

JSSE stands for Java Secure Socket Extension. It is a Java implementation of Secure Sockets Layer (SSL) and Transport Layer Security (TLS) protocols. Its functionality includes data encryption, server authentication, message integrity, and optional client authentication.

It is so named because originally it was shipped as a separate extension to Java 1.2 and 1.3. Since Java 1.4 it has been part of the standard Java API.

This tag should be used for questions about TLS or SSL programming in Java.

288 questions
169
votes
5 answers

How can I use different certificates on specific connections?

A module I'm adding to our large Java application has to converse with another company's SSL-secured website. The problem is that the site uses a self-signed certificate. I have a copy of the certificate to verify that I'm not encountering a…
skiphoppy
  • 83,104
  • 64
  • 169
  • 214
121
votes
4 answers

Keystore type: which one to use?

By looking at the file java.security of my JRE, I see that the keystore type to use by default is set to JKS. Here, there is a list of the keystore types that can be used. Is there a recommended keystore type? What are the pros/cons of the different…
Mickael Marrache
  • 6,367
  • 11
  • 58
  • 109
118
votes
8 answers

Java client certificates over HTTPS/SSL

I am using Java 6 and am trying to create an HttpsURLConnection against a remote server, using a client certificate. The server is using an selfsigned root certificate, and requires that a password-protected client certificate is presented. I've…
Jan
  • 3,906
  • 6
  • 20
  • 21
83
votes
15 answers

scp via java

What is the best method of performing an scp transfer via the Java programming language? It seems I may be able to perform this via JSSE, JSch or the bouncy castle java libraries. None of these solutions seem to have an easy answer.
Lloyd Meinholz
  • 2,530
  • 1
  • 22
  • 20
53
votes
4 answers

Registering multiple keystores in JVM

I have two applications running in the same java virtual machine, and both use different keystores and truststores. A viable option would be use a single keystore and import all the other ones into the shared keystore (e.g. keytool -import), but it…
Raz
  • 820
  • 1
  • 9
  • 12
51
votes
3 answers

Why does java have both the cacerts and jssecacerts files?

I'm seriously confused on the differences between cacerts and jssecacerts files. I know that by default java looks for the jssecacerts file and then the cacerts file. But what is the point of the jssecacerts file? My understanding is that if a new…
hooknc
  • 4,253
  • 4
  • 30
  • 53
51
votes
5 answers

java - path to trustStore - set property doesn't work?

I've setup a self-signed certificate to test an ssl java connection - however, it is refusing to locate the java trustStore. I've saved copies of it in /Java/jre6/lib/security in addition to the folder where the classes are compiled to (im using…
oneAday
  • 1,163
  • 4
  • 13
  • 16
44
votes
4 answers

java.lang.SecurityException: The jurisdiction policy files are not signed by a trusted signer

In working on a different problem (related to RMI), I upgraded the system's "security folder" with the "unlimited strength" policy files and now my applicaiton fails in a different way. I get a long stack dump, of which following bits appear…
Richard T
  • 4,278
  • 5
  • 33
  • 43
43
votes
15 answers

javax.net.ssl.SSLException: Received fatal alert: protocol_version

Has anyone encountered this error before? I'm new to SSL, is there anything obviously wrong with my ClientHello that I'm missing? That exception is thrown with no ServerHello response. Any advice is appreciated. *** ClientHello,…
Matthias
  • 953
  • 2
  • 9
  • 15
33
votes
4 answers

Is there a way to load a different cacerts than the one specified in the java_home/jre/lib/security folder?

I have a single installation of java in a system that runs 2 or 3 applications. All the applications use the same runtime. Is there a way to specify a different keystores for the ca certs than the one in java_home/jre/lib/security. That is, is…
feniix
  • 1,408
  • 2
  • 21
  • 34
31
votes
2 answers

How should I do hostname validation when using JSSE?

I'm writing a client in Java (needs to work both on the desktop JRE and on Android) for a proprietary protocol (specific to my company) carried over TLS. I'm trying to figure out the best way to write a TLS client in Java, and in particular, make…
user2666524
  • 361
  • 1
  • 3
  • 7
29
votes
6 answers

Where to find Java 6 JSSE/JCE Source Code?

Where can I download the JSSE and JCE source code for the latest release of Java? The source build available at https://jdk6.dev.java.net/ does not include the javax.crypto (JCE) packages nor the com.sun.net.ssl.internal (JSSE) packages. Not being…
Kevin
28
votes
1 answer

Programmatically Obtain KeyStore from PEM

How can one programmatically obtain a KeyStore from a PEM file containing both a certificate and a private key? I am attempting to provide a client certificate to a server in an HTTPS connection. I have confirmed that the client certificate works…
Ryan
  • 6,548
  • 6
  • 47
  • 57
23
votes
2 answers

Why does Java's SSLSocket send a version 2 client hello?

The SSLSocket.getEnabledProtocols() method returns the following: [SSLv2Hello, SSLv3, TLSv1]. And indeed, when I call connect() and I have SSL debugging turned on, I see that a v2 client hello is used: main, WRITE: TLSv1 Handshake, length =…
Matt Solnit
  • 28,352
  • 8
  • 50
  • 56
21
votes
3 answers

Why does iOS 5 fail to connect to a server running JDK 1.6, but not JDK 1.5

We have a Java Socket Server listening on an SSLSocket (port 443) and an iOS application that connects with it. When running on iOS 5.1, the application stopped working when we upgraded the Java version of the server from JDK 1.5 to 1.6 (or 1.7).…
KC Baltz
  • 1,361
  • 1
  • 12
  • 19
1
2 3
19 20