[prev in list] [next in list] [prev in thread] [next in thread] 

List:       wss4j-dev
Subject:    Re: NPE in COM.rsa.jsafe.SunJSSE_eq.a(DashoA6275)
From:       Hans Granqvist <hgranqvist () verisign ! com>
Date:       2006-10-23 16:51:42
Message-ID: 453CF31E.2000307 () verisign ! com
[Download RAW message or body]

Schmidlin, Franck wrote:
> Hans,
>  
> looking into this a bit more, it would seem that the JCE provider in the 
> JSSE.jar is indeed "RSA Security's old commercial JSAFE".
> I guess there is an agreement between SUN and RSA.
>  

Hi Franck,

The initial reason for my knee-jerk reaction was some issues with
"the old" RSA provider (as in pre-2000) that I have never seen
with the Sun one -- sorry for the confusion.

> I have tried examining a JADed version of the classes, but the problem 
> occurs too deep in the algorithm for me to pinpoint.
>  
> That said, when you ask
>  
>>  Do you get the same error on the customer site using non-jsafe provider?
>  
> which non-jsafe provider would you recommend?
>  
> I am going to run some tests with BouncyCastle, but maybe you can advise 
> me with other alternatives.

BouncyCastle is the one I'd test, too!

Apart from that, not sure of your choices unless you want to pay $$$.

-Hans

---------------------------------------------------------------------
To unsubscribe, e-mail: wss4j-dev-unsubscribe@ws.apache.org
For additional commands, e-mail: wss4j-dev-help@ws.apache.org

[prev in list] [next in list] [prev in thread] [next in thread]