[ACCEPTED]-create an SSLContext instance using a Bouncy Castle provider-sslengine

I know this is kind of an old question, but 4 I needed an answer (so I am creating one):

• [Is it possible to] create an SSLContext instance using a Bouncy Castle provider [?]
• No

Why not?

Debugging 3 this line of code:

Provider [] providers = Security.getProviders();

• the default SunJSSE version 1.7 implements the following SSLContext values:

  Alg.Alias.SSLContext.SSL=TLSv1
  Alg.Alias.SSLContext.SSLv3=TLSv1
  SSLContext.Default=sun.security.ssl.SSLContextImpl$DefaultSSLContext
  SSLContext.TLSv1=sun.security.ssl.SSLContextImpl$TLS10Context
  SSLContext.TLSv1.1=sun.security.ssl.SSLContextImpl$TLS11Context
  SSLContext.TLSv1.2=sun.security.ssl.SSLContextImpl$TLS12Context
  

• using bcprov-jdk15on-152.jar and adding a new BouncyCastleProvider() to Security, one can observe that there are no SSLContext values available.

This 2 should make sense since Bouncy Castle is 1 a JCE implementation, not a JSSE implementation.

Bouncy Castle actually provides a JSSE implementation 4 as of version 1.56. Just make sure to configure 3 it with a higher priority at the application 2 startup:

Security.insertProviderAt(new BouncyCastleJsseProvider(), 1);

or, as alternative, in global <JRE_HOME>/lib/security/java.security file:

security.provider.1=org.bouncycastle.jsse.provider.BouncyCastleJsseProvider
...
security.provider.6=com.sun.net.ssl.internal.ssl.Provider

You 1 can use it then with the standard API:

SSLContext context = SSLContext.getInstance("TLS");

Bouncy Castle implements two types of providers 25 for JSSE:

• An ordinary DTLS/TLS and JSSE provider package
• A FIPS-compliant (D)TLS API and JSSE Provider

Current documentation for each 24 provider can be found here: ordinary and FIPS-compliant.

The JAR 23 files for these differ from the JAR file 22 for Bouncy Castle JCE provider. At the time 21 of these writing, the JSSE provider JAR 20 files are called bctls-jdk15on-1.64.jar and bctls-fips-1.0.9.jar, whereas the JCE 19 provider is bcprov-jdk15on-1.64.jar.

Here's an excerpt from the 18 documentation:

2.1 BCJSSE Provider installation into the JRE

Once the bctls jar is installed, the 17 provider class BouncyCastleJsseProvider 16 may need to be installed if it is required 15 in the application globally.

Installation 14 of the provider can be done statically in 13 the JVM by adding it to the provider definition 12 to the java.security file in in the jre/lib/security directory for your 11 JRE/JDK.

The provider can also be added during 10 execution. If you wish to add the provider 9 to the JVM globally during execution you 8 can add the following imports to your code:

import java.security.Security
import org.bouncycastle.jsse.provider.BouncyCastleJsseProvider

Then 7 insert the line

Security.addProvider(new BouncyCastleJsseProvider());

The provider can then be 6 used by referencing the name BCJSSE, for example:

SSLContext clientContext = SSLContext.getInstance("TLS", "BCJSSE");

Alternately 5 if you do not wish to install the provider 4 globally, but use it locally instead, it 3 is possible to pass the provider to the 2 getInstance() method on the JSSE class you are creating 1 an instance of.

For example:

SSLContext clientContext = SSLContext.getInstance("TLS",
       new BouncyCastleJsseProvider());