ibm-information-center/dist/eclipse/plugins/i5OS.ic.rzaha_5.4.0.1/rzahajssenative.htm

122 lines
7.7 KiB
HTML
Raw Normal View History

2024-04-02 14:02:31 +00:00
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE html
PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html lang="en-us" xml:lang="en-us">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<meta name="security" content="public" />
<meta name="Robots" content="index,follow" />
<meta http-equiv="PICS-Label" content='(PICS-1.1 "http://www.icra.org/ratingsv02.html" l gen true r (cz 1 lz 1 nz 1 oz 1 vz 1) "http://www.rsac.org/ratingsv01.html" l gen true r (n 0 s 0 v 0 l 0) "http://www.classify.org/safesurf/" l gen true r (SS~~000 1))' />
<meta name="DC.Type" content="concept" />
<meta name="DC.Title" content="Using the native iSeries JSSE provider" />
<meta name="abstract" content="The native iSeries JSSE provider offers the full suite of JSSE classes and interfaces including implementations of the JSSE KeyStore class and the SSLConfiguration class." />
<meta name="description" content="The native iSeries JSSE provider offers the full suite of JSSE classes and interfaces including implementations of the JSSE KeyStore class and the SSLConfiguration class." />
<meta name="DC.Relation" scheme="URI" content="rzahajsseuse.htm" />
<meta name="DC.Relation" scheme="URI" content="rzahajsseconfig.htm" />
<meta name="DC.Relation" scheme="URI" content="rzahajsseexmpls.htm" />
<meta name="DC.Relation" scheme="URI" content="sslconfiguration.htm" />
<meta name="copyright" content="(C) Copyright IBM Corporation 2006" />
<meta name="DC.Rights.Owner" content="(C) Copyright IBM Corporation 2006" />
<meta name="DC.Format" content="XHTML" />
<meta name="DC.Identifier" content="rzahajssenative" />
<meta name="DC.Language" content="en-us" />
<!-- All rights reserved. Licensed Materials Property of IBM -->
<!-- US Government Users Restricted Rights -->
<!-- Use, duplication or disclosure restricted by -->
<!-- GSA ADP Schedule Contract with IBM Corp. -->
<link rel="stylesheet" type="text/css" href="./ibmdita.css" />
<link rel="stylesheet" type="text/css" href="./ic.css" />
<title>Using the native iSeries JSSE provider</title>
</head>
<body id="rzahajssenative"><a name="rzahajssenative"><!-- --></a>
<!-- Java sync-link --><script language="Javascript" src="../rzahg/synch.js" type="text/javascript"></script>
<h1 class="topictitle1">Using the native iSeries JSSE provider</h1>
<div><p>The native iSeries™ JSSE provider offers the full suite of JSSE
classes and interfaces including implementations of the JSSE KeyStore class
and the SSLConfiguration class.</p>
<p> To use the native iSeries provider effectively, use the information
in this topic, and also see <a href="sslconfiguration.htm#sslconfiguration">SSLConfiguration Javadoc information</a>.</p>
<div class="section"><h4 class="sectiontitle">Protocol values for the SSLContext.getInstance method</h4><p>The
following table identifies and describes the protocol values for the SSLContext.getInstance
method of the native iSeries JSSE provider.</p>
<div class="tablenoborder"><table cellpadding="4" cellspacing="0" summary="" width="100%" frame="border" border="1" rules="all"><thead align="left"><tr><th valign="top" id="d0e40">Protocol value</th>
<th valign="top" id="d0e42"> Supported SSL protocols</th>
</tr>
</thead>
<tbody><tr><td valign="top" headers="d0e40 "> SSL</td>
<td valign="top" headers="d0e42 ">SSL version 2, SSL version 3, and TLS version 1</td>
</tr>
<tr><td valign="top" headers="d0e40 ">SSLv2</td>
<td valign="top" headers="d0e42 ">SSL version 2</td>
</tr>
<tr><td valign="top" headers="d0e40 ">SSLv3</td>
<td valign="top" headers="d0e42 ">SSL version 3</td>
</tr>
<tr><td valign="top" headers="d0e40 ">TLS</td>
<td valign="top" headers="d0e42 ">SSL version 2, SSL version 3, and TLS version 1</td>
</tr>
<tr><td valign="top" headers="d0e40 ">TLSv1</td>
<td valign="top" headers="d0e42 ">TLS version 1</td>
</tr>
<tr><td valign="top" headers="d0e40 ">SSL_TLS</td>
<td valign="top" headers="d0e42 ">SSL version 2, SSL version 3, and TLS version 1</td>
</tr>
</tbody>
</table>
</div>
</div>
<div class="section"><h4 class="sectiontitle">Native iSeries KeyStore implementation</h4><p>The native iSeries provider
offers an implementation of the KeyStore class of type IbmISeriesKeyStore.
This keystore implementation provides a wrapper around the Digital Certificate
Manager support. The contents of the keystore are based on a particular application
identifier or keyring file, password, and label. JSSE loads the keystore entries
from the Digital Certificate Manager. To load the entries, JSSE uses the appropriate
application identifier or keyring information when your application makes
the first attempt to access keystore entries or keystore information. You
cannot modify the keystore, and you must make all configuration changes
by using the Digital Certificate Manager.</p>
<p>For more information about
using the Digital Certificate Manager, see the following topic:</p>
<blockquote> <p><a href="../rzahu/rzahurazhudigitalcertmngmnt.htm" target="_blank">Digital
Certificate Manager</a></p>
</blockquote>
</div>
<div class="section"><h4 class="sectiontitle">Recommendations when using the native iSeries provider</h4><p>The following
are recommendations to make the native iSeries provider run as efficient as
possible.</p>
<ul><li>For the native iSeries JSSE provider to work, your JSSE application
must use only components from the native implementation. For example, your
native iSeries JSSE-enabled
application cannot use an X509KeyManager object created by using the pure Java™ JSSE
provider to successfully initialize an SSLContext object created by using
the native iSeries JSSE
provider.</li>
<li>Additionally, you have to initialize the implementations of X509KeyManager
and X509TrustManager in the native iSeries provider by using either an IbmISeriesKeyStore
object or a com.ibm.as400.SSLConfiguration object.</li>
</ul>
<div class="note"><span class="notetitle">Note:</span> The recommendations mentioned may change in future releases, so
that the native iSeries JSSE
provider could allow you to plug in non-native components (for example, JKS
KeyStore or IbmX509 TrustManagerFactory).</div>
</div>
</div>
<div>
<ul class="ullinks">
<li class="ulchildlink"><strong><a href="sslconfiguration.htm">SSLConfiguration Javadoc information</a></strong><br />
</li>
</ul>
<div class="familylinks">
<div class="parentlink"><strong>Parent topic:</strong> <a href="rzahajsseuse.htm" title="JSSE is like a framework that abstracts the underlying mechanisms of both SSL and TLS. By abstracting the complexity and peculiarities of the underlying protocols, JSSE enables programmers to use secure, encrypted communications while at the same time minimizing possible security vulnerabilities. This information applies only to using JSSE on iSeries servers that run J2SDK, version 1.4 and subsequent releases. Java Secure Socket Extension (JSSE) uses both the Secure Sockets Layer (SSL) protocol and the Transport Layer Security (TLS) protocol to provide secure, encrypted communications between your clients and servers.">Using Java Secure Socket Extension</a></div>
</div>
<div class="relconcepts"><strong>Related concepts</strong><br />
<div><a href="rzahajsseconfig.htm" title="Configure your iSeries server to use IBM JSSE. This topic includes software requirements, how to change JSSE providers, and the necessary security properties and system properties.">Configuring your iSeries server to support JSSE</a></div>
</div>
<div class="relref"><strong>Related reference</strong><br />
<div><a href="rzahajsseexmpls.htm" title="The JSSE examples show how a client and a server can use the native iSeries JSSE provider to create a context that enables secure communications.">Examples: IBM Java Secure Sockets Extension</a></div>
</div>
</div>
</body>
</html>