ITworld.com
  Search  
ITworld Home Page ITworld Webcasts ITworld White Papers ITworld Newsletters ITworld News ITworld Topics Careers ITworld Voices ITwhirled Changing the way you view IT
SSL for Free
JAVA SECURITY --- 08/16/2002

Todd Sundsted

SSL (Secure Sockets Layer) is at the heart of most online security. Sun Microsystems provides SSL as part of their JSSE (Java Secure Sockets Extension) reference implementation, which is now part of the standard JDK releases. However, Sun's reference implementation can be replaced by alternate implementations. 

On this topic
Get practical tips, IT news, how-tos, and the best in tech humor.
Disaster Recovery Simplified - iSCSI and VMware Site Recovery Manager Deliver Results
Data Protection and Disaster Recovery with iSCSI and VMware
Five Security Mistakes to Avoid
Osterman Report: The Advantages of a Hosted Messaging Security Solution
Top 10 Ways to Protect Against Web Threats
The Case and Criteria for Combining Application Acceleration and Security
DNS trouble knocks National Security Agency off Internet
EU raises privacy issue for Google Street View
Rent-a-botnet makes cyber crime a breeze
Hacker writes rootkit for Cisco's routers
Google blurs faces of those caught on Street View

If you're writing a commercial product and you need security backed by a recognized name, then you're looking for a commercial implementation. If you don't want to spend money licensing a commercial product, then Sun's reference implementation is available. It is solid and continually being improved, as is the version of JSSE included with IBM's JDK offering. However, if you are interested in learning about how SSL works at the source code level or you want an implementation that lets you play with the code, then you are out of luck.

Currently, I am aware of only one free implementation of SSL for Java currently still being developed: Claymore Systems' PureTLS. PureTLS supports both SSLv3 and TLSv1 and provides the source code under a Berkeley style license. As a bonus, you can use the optional GNP (GoNative Provider) library that replaces commonly used crypto operations in Java with native implementations for a significant performance improvement.

For more information, check out: http://www.rtfm.com/puretls/

 

 Todd Sundsted has been writing software since computers became available in desktop models. His interests include security, distributed computing, and the dynamics of massively fine-grained architectures. In addition to writing, Todd codes. Todd can be reached at Todd.Sundsted@itworld.com.
Advertisements
Sponsored links
Bring harmony to your mix of UNIX-Linux-Windows computing environments
Top 5 Reasons to Combine App Performance and Security
KODAK i1400 Series Scanners stand up to the challenge
Locate Hidden Software on business PCs with this free tool
Home  Newsletters JAVA SECURITY
www.itworld.com    open.itworld.com     security.itworld.com     smallbusiness.itworld.com
storage.itworld.com     utilitycomputing.itworld.com     wireless.itworld.com

 
Contact Us   About Us   Privacy Policy    Terms of Service   Reprints  

CIO   Computerworld   CSO   GamePro   Games.net   IDG Connect   IDG World Expo   Industry Standard   Infoworld   ITworld   JavaWorld   LinuxWorld  MacUser   Macworld   Network World   PC World   Playlist  

Copyright © Computerworld, Inc. All rights reserved

Reproduction in whole or in part in any form or medium without express written permission of Computerworld Inc. is prohibited. Computerworld and Computerworld.com and the respective logos are trademarks of International Data Group Inc.