Document published: SunJSSE FIPS 140 Complient Mode
If you review the online JSSE Reference Guide recently, you would found that in the section, Related Documentation, there is a new link to the just published document FIPS 140 Compliant Mode for SunJS...
Dump PKCS11 Slot Info
Recently, I needed a tool to show the detailed PKCS11 slot information. Cryptoadm is a good utility to display cryptographic provider information for a system, but it does not show me the "ulMaxSessio...
An Aggregate of Feeds: Top Influencers on IT Security
An aggregate of feeds, http://feeds.feedburner.com/influenceronsec, from Bruce Schneier, Alan Shimel, and more....
Enable OCSP checking
If a certificate is issued with a authority information access extension which indicates the OCSP access method and location, one can enable the default implementation of OCSP checker during building ...
An Aggregate of Feeds on Java Security and Networking
To facilitate keeping track of blogs on java security and networking, I just created an aggregate of feeds, http://feeds.feedburner.com/javasec, and subscribed it to my feed reader, thunderbird. If yo...
TLS and NIST'S Policy on Hash Functions
NIST'S Policy on Hash Functions
March 15, 2006: The SHA-2 family of hash functions (i.e., SHA-224, SHA-256, SHA-384 and SHA-512) may be used by Federal agencies for all applications using secure hash ...
Publicly Accessible LDAP Servers
In order to learn JNDI, one needs a LDAP server for various purpose. In the JNDI tutorial, there are a few of publicly accessible servers documented[1]. However, the list is too old, and those ser...
JSSE Troubleshooting: Certificates Order in TLS Handshaking
Issue:
Failed with a exception: java.security.cert.CertPathValidatorException: subject/issuer name chaining check failed.
Example:
Test case:
1 //
2 // JSSE Troubleshooting: Di...
RSA AlgorithmIdentifier of X.509 Certificate
By far, RSA is a most wide used cryptography algorithm. Both ITU-T
X.509 and IETF PKIX WG define the RSA algorithm identifier, however,
they are not identical.
ITU-T X.509[1] defines the algorithm as...
JSSE Debug Logging With Timestamp
These days, I was asked about a strange network delay of input/output stream when migrating a TLS protected application to a new platform. The application is built on top of SunJSSE. They enabled debu...
Understanding Self-Issued Certificate
Certificate Types
RFC5280 categorize certificate into two classes: CA certificates and end entity certificates, and CA certificates are divided into three classes: cross-certificates, self-issued ...
SunJSSE and TLSAES
TLSAES defines AES ciphersuites for TLS, and from TLS version 1.1, the AES cipher suites are merged in TLS specification. The AES supports key lengths of 128, 192 and 256 bits. However...
FIPS 140 Compliant Mode for SunJSSE
In the Java™ 6 Security Enhancements, it says that "The SunJSSE provider now supports an experimental FIPS 140 compliant mode. When enabled and used in combination with the SunPKCS11...
Please remove the unsafe dependence on Permission.toString()
Recently,
we made a correction on the implement of
java.security.Permission.toString(). The specification says, "Returns a
string describing this Permission. The convention is to speci...
Patch Solaris system from the Command-Line Interface
It is midnight, and I have to get my solaris platform patched in order to build a OpenJDK project. I'm working remotely with no-gui terminal, so I have to find a command line approaches. Thanks to Sun...
Understanding TLS protocol -- Client Certificate URLs
For better understanding TLS protocol extensions, I draw a few sequence diagrams of TLS handshaking with extension, and marked the differences from the normal handshaking processes. Share them now.&nb...
Understanding TLS protocol -- Certificate Status Request
For better understanding TLS protocol extensions, I draw a few sequence diagrams of TLS handshaking with extension, and marked the differences from the normal handshaking processes. Share them now.&nb...
Understanding TLS protocol -- Maximum Fragment Length Negotiation
For better understanding TLS protocol extensions, I draw a few sequence diagrams of TLS handshaking with extension, and marked the differences from the normal handshaking processes. Share them now.&nb...
Understanding TLS protocol -- Truncated HMAC
For better understanding TLS protocol extensions, I draw a few sequence diagrams of TLS handshaking with extension, and marked the differences from the normal handshaking processes. Share them now.&nb...
Understanding TLS protocol -- Trusted CA Indication
For better understanding TLS protocol extensions, I draw a few sequence diagrams of TLS handshaking with extension, and marked the differences from the normal handshaking processes. Share them now.&nb...
Understanding TLS protocol -- Server Name Indication
For better understanding TLS protocol extensions, I draw a few sequence diagrams of TLS handshaking with extension, and marked the differences from the normal handshaking processes. Share them now.&n...
Understanding TLS protocol -- connection states
The TLS connection states diagram, which is not a standard UML state diagram, but I think it help to illustrate the connection state clearly.
...
Understanding TLS protocol -- handshaking renew
For better understanding TLS protocol, I draw a few sequence diagrams of TLS handshaking, along with the connection states. Share them now. This is the sequence diagram of handshaking renew,...
Understanding TLS protocol -- handshaking resume
For better understanding TLS protocol, I draw a few sequence diagrams of TLS handshaking, along with the connection states. Share them now. This is the sequence diagram of handshaking resume, fo...
Understanding TLS protocol -- handshaking kickoff
For better understanding TLS protocol, I draw a few sequence diagrams of TLS handshaking, along with the connection states. Share them now. This is the sequence diagram of handshaking kickoff,&n...
Fine granularity diagnosis on security
You're supposed to familiar with the java.security.debug property, otherwise please refer to the sample chapter of "Java Security".
Before Java 6, if the security debug property, ja...
keystore alias -- case sensitive or not
A KeyStore manages different types of entries, including cryptographic keys and certificates. Each entry in a keystore is identified by an "alias" string.Before Java SE 6, the java spec didn...