- 所有已实现的接口:
- Serializable, Cloneable, Map<Object,Object>
- 直接已知子类:
- Provider
public abstract class SunJSSE
extends Provider
The JSSE provider.
The RSA implementation has been removed from JSSE, but we still need to
register the same algorithms for compatibility. We just point to the RSA
implementation in the SunRsaSign provider. This works because all classes
are in the bootclasspath and therefore loaded by the same classloader.
SunJSSE now supports an experimental FIPS compliant mode when used with an
appropriate FIPS certified crypto provider. In FIPS mode, we:
. allow only TLS 1.0 or later
. allow only FIPS approved ciphersuites
. perform all crypto in the FIPS crypto provider
It is currently not possible to use both FIPS compliant SunJSSE and
standard JSSE at the same time because of the various static data structures
we use.
However, we do want to allow FIPS mode to be enabled at runtime and without
editing the java.security file. That means we need to allow
Security.removeProvider("SunJSSE") to work, which creates an instance of
this class in non-FIPS mode. That is why we delay the selection of the mode
as long as possible. This is until we open an SSL/TLS connection and the
data structures need to be initialized or until SunJSSE is initialized in
FIPS mode.
- 另请参阅:
- 序列化表格