JSSE providers

IBM^® JSSE includes a native iSeries™ JSSE provider, and two pure Java™ JSSE providers. The provider that you choose to use depends on the needs of your application.

All three providers adhere to the JSSE interface specification. They can communicate with each other and with any other SSL or TLS implementation, even non-Java implementations.

Pure Java JSSE provider

The pure Java JSSE provider offers the following features:

Works with any type of KeyStore object to control and configure digital certificates (for example, JKS, PKCS12, and so on).
Allows you to use any combination of JSSE components from multiple implementations together.

IBMJSSE is the provider name for the pure Java implementation. You need to pass this provider name, using the proper case, to the java.security.Security.getProvider() method or the various getInstance() methods for several of the JSSE classes.

Pure Java JSSE FIPS 140-2 provider

The pure Java JSSE FIPS 140-2 provider offers the following features:

Complies with Federal Information Processing Standards (FIPS) 140-2 for Cryptographic Modules.
Works with any type of KeyStore object to control and configure digital certificates.

Note: The pure Java JSSE FIPS 140-2 provider does not allow components from any other implementation to be plugged in to its implementation.

IBMJSSEFIPS is the provider name for the pure Java JSSE FIPS 140-2 implementation. You need to pass this provider name, using the proper case, to the java.security.Securirty.getProvider() method or the various getInstance() methods for several of the JSSE classes.

Native iSeries JSSE provider

The native iSeries JSSE provider offers the following features:

Uses the native iSeries SSL support.
Allows the use of the Digital Certificate Manager to configure and control digital certificates. This is provided via a unique iSeries type of KeyStore (IbmISeriesKeyStore).
Offers best performance.
Allows you to use any combination of JSSE components from multiple implementations together. However, to achieve the best possible performance use only JSSE native iSeries components.

IbmISeriesSslProvider is the name for the native iSeries implementation. You need to pass this provider name, using the proper case, to the java.security.Security.getProvider() method or the various getInstance() methods for several of the JSSE classes.

Changing the default JSSE provider

You can change the default JSSE provider by making the appropriate changes to your security properties. For more information, see the following topic:

JSSE security properties

After changing the JSSE provider, ensure that your system properties specify the proper configuration for digital certificate information (keystore) required by the new provider. For more information, see the following topic:

Java system properties