Sreedhar Kamishetti wrote on 2009-01-29 16:28 PST: > I just started to use JSS/NSS. So, if hope some one will reply to this > post. > > We use SSL_DH_anon_WITH_3DES_EDE_CBC_SHA” as cipher suite for > communication between SSL Peers. Client is in Java and Server is in C > (uses OpenSSL). > > I am trying to use JSS/NSS for Client side SSL Provider for supporting > FIPS, but I am not able to do it easily as Diffie Hellman protocol for > Key exchange is not implemented by JSS/NSS.
That's not exactly correct. NSS implements DH for SSL clients, but it does not implement *anonymous* cipher suites at all, not for Diffie Hellman or any other flavor of key agreement algorithm. > We are having problems communicating to Server by writing Java SSL Client > from scratch using JSS API. Can I use the Sun JSSE provider along with > Mozilla-JSS provider so that my existing code will not change except for > initializing the Mozilla-JSS provider so that SSL Context from Sun JSSE > provider internally uses all the services of Mozilla-JSS provider? > > Which Cipher suite is recommended with minimal changes to use between > JSS/NSS client and OpenSSL Server. I think that any cipher suites that are supported by both NSS/JSS and Java's SSL classes will require about the same amount of adaptation to switch from one implementation to the other. But I don't know how much that will be. Hopefully one of this list's Java gurus can help answer that. You'll find the list of cipher suites supported by NSS at http://mxr.mozilla.org/security/source/security/nss/lib/ssl/sslenum.c#48 -- dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
