[ACCEPTED]-create an SSLContext instance using a Bouncy Castle provider-sslengine
I know this is kind of an old question, but 4 I needed an answer (so I am creating one):
- [Is it possible to] create an SSLContext instance using a Bouncy Castle provider [?]
Debugging 3 this line of code:
Provider  providers = Security.getProviders();
- the default SunJSSE version 1.7 implements the following SSLContext values:
- using bcprov-jdk15on-152.jar and adding a new BouncyCastleProvider() to Security, one can observe that there are no SSLContext values available.
This 2 should make sense since Bouncy Castle is 1 a JCE implementation, not a JSSE implementation.
Bouncy Castle actually provides a JSSE implementation 4 as of version 1.56. Just make sure to configure 3 it with a higher priority at the application 2 startup:
Security.insertProviderAt(new BouncyCastleJsseProvider(), 1);
or, as alternative, in global
security.provider.1=org.bouncycastle.jsse.provider.BouncyCastleJsseProvider ... security.provider.6=com.sun.net.ssl.internal.ssl.Provider
You 1 can use it then with the standard API:
SSLContext context = SSLContext.getInstance("TLS");
Bouncy Castle implements two types of providers 25 for JSSE:
- An ordinary DTLS/TLS and JSSE provider package
- A FIPS-compliant (D)TLS API and JSSE Provider
Current documentation for each 24 provider can be found here: ordinary and FIPS-compliant.
The JAR 23 files for these differ from the JAR file 22 for Bouncy Castle JCE provider. At the time 21 of these writing, the JSSE provider JAR 20 files are called
bctls-fips-1.0.9.jar, whereas the JCE 19 provider is
Here's an excerpt from the 18 documentation:
2.1 BCJSSE Provider installation into the JRE
Once the bctls jar is installed, the 17 provider class BouncyCastleJsseProvider 16 may need to be installed if it is required 15 in the application globally.
Installation 14 of the provider can be done statically in 13 the JVM by adding it to the provider definition 12 to the
java.securityfile in in the
jre/lib/securitydirectory for your 11 JRE/JDK.
The provider can also be added during 10 execution. If you wish to add the provider 9 to the JVM globally during execution you 8 can add the following imports to your code:
import java.security.Security import org.bouncycastle.jsse.provider.BouncyCastleJsseProvider
Then 7 insert the line
The provider can then be 6 used by referencing the name
BCJSSE, for example:
SSLContext clientContext = SSLContext.getInstance("TLS", "BCJSSE");
Alternately 5 if you do not wish to install the provider 4 globally, but use it locally instead, it 3 is possible to pass the provider to the 2
getInstance()method on the JSSE class you are creating 1 an instance of.
SSLContext clientContext = SSLContext.getInstance("TLS", new BouncyCastleJsseProvider());
More Related questions