ibm-information-center/dist/eclipse/plugins/i5OS.ic.rzaha_5.4.0.1/rzahajsseproviders.htm

96 lines
5.7 KiB
HTML
Raw Permalink Normal View History

2024-04-02 14:02:31 +00:00
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE html
PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html lang="en-us" xml:lang="en-us">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<meta name="security" content="public" />
<meta name="Robots" content="index,follow" />
<meta http-equiv="PICS-Label" content='(PICS-1.1 "http://www.icra.org/ratingsv02.html" l gen true r (cz 1 lz 1 nz 1 oz 1 vz 1) "http://www.rsac.org/ratingsv01.html" l gen true r (n 0 s 0 v 0 l 0) "http://www.classify.org/safesurf/" l gen true r (SS~~000 1))' />
<meta name="DC.Type" content="concept" />
<meta name="DC.Title" content="JSSE providers" />
<meta name="abstract" content="IBM JSSE includes a native iSeries JSSE provider, and two pure Java JSSE providers. The provider that you choose to use depends on the needs of your application." />
<meta name="description" content="IBM JSSE includes a native iSeries JSSE provider, and two pure Java JSSE providers. The provider that you choose to use depends on the needs of your application." />
<meta name="DC.Relation" scheme="URI" content="rzahajsseconfig.htm" />
<meta name="copyright" content="(C) Copyright IBM Corporation 2006" />
<meta name="DC.Rights.Owner" content="(C) Copyright IBM Corporation 2006" />
<meta name="DC.Format" content="XHTML" />
<meta name="DC.Identifier" content="rzahajsseproviders" />
<meta name="DC.Language" content="en-us" />
<!-- All rights reserved. Licensed Materials Property of IBM -->
<!-- US Government Users Restricted Rights -->
<!-- Use, duplication or disclosure restricted by -->
<!-- GSA ADP Schedule Contract with IBM Corp. -->
<link rel="stylesheet" type="text/css" href="./ibmdita.css" />
<link rel="stylesheet" type="text/css" href="./ic.css" />
<title>JSSE providers</title>
</head>
<body id="rzahajsseproviders"><a name="rzahajsseproviders"><!-- --></a>
<!-- Java sync-link --><script language="Javascript" src="../rzahg/synch.js" type="text/javascript"></script>
<h1 class="topictitle1">JSSE providers</h1>
<div><p>IBM<sup>®</sup> JSSE
includes a native iSeries™ JSSE provider, and two pure Java™ JSSE
providers. The provider that you choose to use depends on the needs of your
application.</p>
<p>All three providers adhere to the JSSE interface specification. They can
communicate with each other and with any other SSL or TLS implementation,
even non-Java implementations. </p>
<div class="section"><h4 class="sectiontitle">Pure Java JSSE provider</h4><p>The pure Java JSSE
provider offers the following features:</p>
<ul><li>Works with any type of KeyStore object to control and configure digital
certificates (for example, JKS, PKCS12, and so on).</li>
<li>Allows you to use any combination of JSSE components from multiple implementations
together.</li>
</ul>
<p>IBMJSSE is the provider name for the pure Java implementation. You need to pass this
provider name, using the proper case, to the java.security.Security.getProvider()
method or the various getInstance() methods for several of the JSSE classes.</p>
</div>
<div class="section"><h4 class="sectiontitle">Pure Java JSSE FIPS 140-2 provider </h4><p>The
pure Java JSSE
FIPS 140-2 provider offers the following features:</p>
<ul><li>Complies with Federal Information Processing Standards (FIPS) 140-2 for
Cryptographic Modules.</li>
<li>Works with any type of KeyStore object to control and configure digital
certificates. </li>
</ul>
<div class="note"><span class="notetitle">Note:</span> The pure Java JSSE FIPS 140-2 provider does not allow
components from any other implementation to be plugged in to its implementation. </div>
<p>IBMJSSEFIPS
is the provider name for the pure Java JSSE FIPS 140-2 implementation. You
need to pass this provider name, using the proper case, to the java.security.Securirty.getProvider()
method or the various getInstance() methods for several of the JSSE classes. </p>
</div>
<div class="section"><h4 class="sectiontitle">Native iSeries JSSE provider</h4><p>The native iSeries JSSE
provider offers the following features:</p>
<ul><li>Uses the native iSeries SSL support.</li>
<li>Allows the use of the Digital Certificate Manager to configure and control
digital certificates. This is provided via a unique iSeries type of KeyStore (IbmISeriesKeyStore). </li>
<li>Offers best performance.</li>
<li>Allows you to use any combination of JSSE components from multiple implementations
together. However, to achieve the best possible performance use only JSSE
native iSeries components. </li>
</ul>
<p>IbmISeriesSslProvider is the name for the native iSeries implementation.
You need to pass this provider name, using the proper case, to the java.security.Security.getProvider()
method or the various getInstance() methods for several of the JSSE classes.</p>
</div>
<div class="section"><h4 class="sectiontitle">Changing the default JSSE provider</h4><p>You can change
the default JSSE provider by making the appropriate changes to your security
properties. For more information, see the following topic:</p>
<ul><li><a href="rzahajssesecprops.htm">JSSE security properties</a></li>
</ul>
<p>After changing the JSSE provider, ensure that your system properties
specify the proper configuration for digital certificate information (keystore)
required by the new provider. For more information, see the following topic:</p>
<ul><li><a href="rzahajssesysprops.htm">Java system properties</a> </li>
</ul>
</div>
</div>
<div>
<div class="familylinks">
<div class="parentlink"><strong>Parent topic:</strong> <a href="rzahajsseconfig.htm" title="Configure your iSeries server to use IBM JSSE. This topic includes software requirements, how to change JSSE providers, and the necessary security properties and system properties.">Configuring your iSeries server to support JSSE</a></div>
</div>
</div>
</body>
</html>