Questions about SSL

Bruno Gillet - Sun France (Bruno.Gillet@France)
Thu, 18 Jun 1998 17:06:28 +0200 (MET DST)

Message-Id: <199806181500.RAA14970@sybille.France.Sun.COM>
Date: Thu, 18 Jun 1998 17:06:28 +0200 (MET DST)
From: Bruno Gillet - Sun France <Bruno.Gillet@France>
Subject: Questions about SSL
To: java-security@java0.javasoft.com

Anything thereafter is regarding SSL in global version.

I am a Sun Internal from France and I need informations about
the SSL packages for Java. Being in charge of technical files with the
SCSSI (french institution to validate crypto. tools for "legal" use in fr.),
we try to obtain an authorisation, not only for developpers to use it,
but also so that any Java code using our SSL component could be authorized
in France by default. ( That could be an advantage in a country were crypto
tools are especially hard to find legally:-( and declare - The main condition
is that code have to be forged (native methods sound OK) )

I have started to study the API doc, but now I need to go a little bit
too far. So just two questions :

- We use in our Java products an SSL component (HJB, JWS, etc..).
are the cipher suites in the Java API the same than for those products ?
In fact, any crypto stuff should be native for as far I understand.
So I suppose the native lib are the same, is that right ?

- If it is right, why is this API not yet available on the early access
JDC section ? Pb. in export declaration from the US ?

What I would need is to have as well informations on the timeline for
Java SSL packages, and if possible to have a more precise and complete doc
than just the API doc. The problem is not so much the understanding of it
than the fact I really need to be sure of things before writing theim.

In another hand, the final file will have to include the API and some source
exemple of use. So if this API won't be available soon enough for me to
work on it tell it to me so I could work on other declaration files.

Any help would be greatly appreciated.

Bruno.