4 JDK Providers Documentation

This document contains the technical details of the providers that are included in the JDK. It is assumed that readers have a strong understanding of the Java Cryptography Architecture and Provider Architecture.

Note:

The Java Security Standard Algorithm Names Specification contains more information about the standard names used in this document.

Introduction to JDK Providers

The Java platform defines a set of APIs spanning major security areas, including cryptography, public key infrastructure, authentication, secure communication, and access control. These APIs enable developers to easily integrate security mechanisms into their application code.

The Java Cryptography Architecture (JCA) and its Provider Architecture are core concepts of the Java Development Kit (JDK). It is assumed that readers have a solid understanding of this architecture.

Reminder: Cryptographic implementations in the JDK are distributed through several different providers ("SUN", "SunJSSE", "SunJCE", "SunRsaSign") for both historical reasons and by the types of services provided. General purpose applications SHOULD NOT request cryptographic services from specific providers. That is:

getInstance("...", "SunJCE");  // not recommended

versus

getInstance("...");            // recommended

Otherwise, applications are tied to specific providers that may not be available on other Java implementations. They also might not be able to take advantage of available optimized providers (for example, hardware accelerators via PKCS11 or native OS implementations such as Microsoft's MSCAPI) that have a higher preference order than the specific requested provider.

The following table lists the modules and the supported Java Cryptographic Service Providers:

Table 4-1 Modules and the Java Cryptographic Service Providers

Module Provider(s)

java.base

SUN, SunRsaSign, SunJSSE, SunJCEFoot 1, Apple

java.naming

JdkLDAP

java.security.jgss

SunJGSS

java.security.sasl

SunSASL

java.smartcardio

SunPCSC

java.xml.crypto

XMLDSig

jdk.crypto.cryptoki

SunPKCS11Footref 1

jdk.crypto.ec

SunECFootref 1

jdk.crypto.mscapi

SunMSCAPIFootref 1

jdk.crypto.ucrypto

OracleUcryptoFootref 1

jdk.security.jgss

JdkSASL

Footnote 1 Indicates JCE crypto providers previously distributed as signed JAR files (JCE providers contain Cipher/KeyAgreement/KeyGenerator/Mac/SecretKeyFactory implementations).

Import Limits on Cryptographic Algorithms

By default, an application can use cryptographic algorithms of any strength. However, due to import regulations in some locations, you may have to limit the strength of those algorithms. The JDK provides two different sets of jurisdiction policy files in the directory <java-home>/conf/security/policy that determine the strength of cryptographic algorithms. Information about jurisdiction policy files and how to activate them is available in Cryptographic Strength Configuration.

Consult your export/import control counsel or attorney to determine the exact requirements for your location.

For the "limited" configuration, the following table lists the maximum key sizes allowed by the "limited" set of jurisdiction policy files:

Table 4-2 Maximum Keysize of Cryptographic Algorithms

Algorithm Maximum Keysize
DES 64
DESede *
RC2 128
RC4 128
RC5 128
RSA *
all others 128

Cipher Transformations

The javax.crypto.Cipher.getInstance(String transformation) factory method generates Cipher objects using transformations of the form algorithm/mode/padding. If the mode/padding are omitted, the SunJCE and SunPKCS11 providers use ECB as the default mode and PKCS5Padding as the default padding for many symmetric ciphers.

It is recommended to use transformations that fully specify the algorithm, mode, and padding instead of relying on the defaults. The defaults are provider specific and can vary among providers.

Note:

ECB works well for single blocks of data and can be parallelized, but absolutely should not be used for multiple blocks of data.

SecureRandom Implementations

The following table lists the default preference order of the available SecureRandom implementations.

Table 4-3 Default SecureRandom Implementations

OS Algorithm Name Provider Name
Solaris 1. PKCS11Foot 2Foot 3 SunPKCS11
2. NativePRNGFoot 4 SUN
3. DRBG SUN
4. SHA1PRNGFootref 4 SUN
5. NativePRNGBlocking SUN
6. NativePRNGNonBlocking SUN
Linux 1. NativePRNGFootref 4 SUN
2. DRGB SUN
3. SHA1PRNGFootref 4 SUN
4. NativePRNGBlocking SUN
5. NativePRNGNonBlocking SUN
macOS 1. NativePRNGFootref 4 SUN
2. DRGB SUN
3. SHA1PRNGFootref 4 SUN
4. NativePRNGBlocking SUN
5. NativePRNGNonBlocking SUN
Windows 1. DRGB SUN
2. SHA1PRNG SUN
3. Windows-PRNGFoot 5 SunMSCAPI

Footnote 2 The SunPKCS11 provider is available on all platforms, but is only enabled by default on Solaris as it is the only OS with a native PKCS11 implementation automatically installed and configured. On other platforms, applications or deployers must specifically install and configure a native PKCS11 library, and then configure and enable the SunPKCS11 provider to use it.

Footnote 3 The PKCS11 SecureRandom implementation for Solaris has been disabled due to the performance overhead of small-sized requests (see JDK-8098581: SecureRandom.nextBytes() hurts performance with small size requests). Edit sunpkcs11-solaris.cfg to reenable.

Footnote 4 On Solaris, Linux, and OS X, if the entropy gathering device in java.security is set to file:/dev/urandom or file:/dev/random, then NativePRNG is preferred to SHA1PRNG. Otherwise, SHA1PRNG is preferred.

Footnote 5 There is currently no NativePRNG on Windows. Access to the equivalent functionality is via the SunMSCAPI provider.

The SunPKCS11 Provider

The Cryptographic Token Interface Standard (PKCS#11) provides native programming interfaces to cryptographic mechanisms, such as hardware cryptographic accelerators and Smart Cards. When properly configured, the SunPKCS11 provider enables applications to use the standard JCA/JCE APIs to access native PKCS#11 libraries. The SunPKCS11 provider itself does not contain cryptographic functionality, it is simply a conduit between the Java environment and the native PKCS11 providers. The Java PKCS#11 Reference Guide has a much more detailed treatment of this provider.

The SUN Provider

JDK 1.1 introduced the Provider architecture. The first JDK provider was named SUN, and contained two types of cryptographic services (MessageDigestand Signature). In later releases, other mechanisms were added (SecureRandom, KeyPairGenerator, KeyFactory, and so on).

United States export regulations in effect at the time placed significant restrictions on the type of cryptographic functionality that could be made available internationally in the JDK. For this reason, the SUN provider has historically contained cryptographic engines that did not directly encrypt or decrypt data.

The following algorithms are available in the SUN provider:

Table 4-4 Algorithms in SUN provider

Engine Algorithm Names
AlgorithmParameterGenerator DSA
AlgorithmParameters DSA
CertificateFactory X.509
CertPathBuilder PKIX
CertPathValidator PKIX
CertStore Collection
Configuration JavaLoginConfig
KeyFactory DSA
KeyPairGenerator DSA
KeyStore

PKCS12Foot 6

JKS

DKS

CaseExactJKS

MessageDigest

MD2

MD5

SHA-1

SHA-224

SHA-256

SHA-384

SHA-512

SHA-512/224

SHA-512/256

SHA3-224

SHA3-256

SHA3-384

SHA3-512

Policy JavaPolicy
SecureRandom

DRBG

(The following mechanisms and algorithms are supported: Hash_DRBG and HMAC_DRBG with SHA-224, SHA-512/224, SHA-256, SHA-512/256, SHA-384 and SHA-512. CTR_DRBG (both use derivation function and not use) with AES-128, AES-192 and AES-256. Prediction resistance and reseeding supported for each combination, and security strength can be requested from 112 up to the highest strength one supports.)

SHA1PRNG

(Initial seeding is currently done via a combination of system attributes and the java.security entropy gathering device.)

NativePRNG

(nextBytes() uses /dev/urandom, generateSeed() uses /dev/random)

NativePRNGBlocking

(nextBytes() and generateSeed() use /dev/random)

NativePRNGNonBlocking

(nextBytes() and generateSeed() use /dev/urandom)

Signature

NONEwithDSA

SHA1withDSA

SHA224withDSA

SHA256withDSA

NONEwithDSAinP1363Format

SHA1withDSAinP1363Format

SHA224withDSAinP1363Format

SHA256withDSAinP1363Format

Footnote 6 The PKCS12 KeyStore implementation does not support the KeyBag type.

The following table lists OIDs associated with SHA Message Digests:

Table 4-5 OIDs associated with SHA Message Digests

SHA Message Digest OID
SHA-224 2.16.840.1.101.3.4.2.4
SHA-256 2.16.840.1.101.3.4.2.1
SHA-384 2.16.840.1.101.3.4.2.2
SHA-512 2.16.840.1.101.3.4.2.3
SHA-512/224 2.16.840.1.101.3.4.2.5
SHA-512/256 2.16.840.1.101.3.4.2.6
SHA3-224 2.16.840.1.101.3.4.2.7
SHA3-256 2.16.840.1.101.3.4.2.8
SHA3-384 2.16.840.1.101.3.4.2.9
SHA3-512 2.16.840.1.101.3.4.2.10

The following table lists OIDs associated with DSA Signatures:

Table 4-6 OIDs associated with DSA Signatures

DSA Signature OID
SHA1withDSA

1.2.840.10040.4.3

1.3.14.3.2.13

1.3.14.3.2.27

SHA224withDSA 2.16.840.1.101.3.4.3.1
SHA256withDSA 2.16.840.1.101.3.4.3.2

Keysize Restrictions

The SUN provider uses the following default keysizes (in bits) and enforces the following restrictions:

KeyPairGenerator

Alg. Name Default Keysize Restrictions/Comments
DSA 1024 Keysize must be a multiple of 64, ranging from 512 to 1024, plus 2048 and 3072.

AlgorithmParameterGenerator

Alg. Name Default Keysize Restrictions/Comments
DSA 1024 Keysize must be a multiple of 64, ranging from 512 to 1024, plus 2048 and 3072.

CertificateFactory/CertPathBuilder/CertPathValidator/CertStore Implementations

Additional details on the SUN provider implementations for CertificateFactory, CertPathBuilder, CertPathValidator and CertStore are documented in Appendix B: CertPath Implementation in SUN Provider of the PKI Programmer's Guide.

The SunRsaSign Provider

The SunRsaSign provider was introduced in JDK 1.3 as an enhanced replacement for the RSA signature in the SunJSSE provider.

The following algorithms are available in the SunRsaSign provider:

Table 4-7 The SunRsaSign Provider Algorithm Names for Engine Classes

Engine Algorithm Names
KeyFactory RSA
KeyPairGenerator RSA
Signature

MD2withRSA

MD5withRSA

SHA1withRSA

SHA224withRSA

SHA256withRSA

SHA384withRSA

SHA512withRSA

Keysize Restrictions

The SunRsaSign provider uses the following default keysize (in bits) and enforces the following restriction:

KeyPairGenerator

Table 4-8 The SunRsaSign Provider Keysize Restrictions

Alg. Name Default Keysize Restrictions/Comments
RSA 2048 Keysize must range between 512 and 16384 bits. If the key size exceeds 3072, then the public exponent length cannot exceed 64 bits.

The SunJSSE Provider

Algorithms

The Java Secure Socket Extension (JSSE) was originally released as a separate "Optional Package" (also briefly known as a "Standard Extension"), and was available for JDK 1.2.n and 1.3.n. The SunJSSE provider was introduced as part of this release.

In earlier JDK releases, there were no RSA signature providers available in the JDK, therefore SunJSSE had to provide its own RSA implementation in order to use commonly available RSA-based certificates. JDK 5 introduced the SunRsaSign provider, which provides all the functionality (and more) of the SunJSSE provider. Applications targeted at JDK 5.0 and later should request instances of the SunRsaSign provider instead. For backward compatibility, the RSA algorithms are still available through this provider, but are actually implemented in the SunRsaSign provider.

The following algorithms are available in the SunJSSE provider:

Engine Algorithm Name(s)
KeyFactory

RSA

Note: The SunJSSE provider is for backwards compatibility with older releases, and should no longer be used for KeyFactory.

KeyManagerFactory

PKIX: A factory for X509ExtendedKeyManager instances that manage X.509 certificate-based key pairs for local side authentication according to the rules defined by the IETF PKIX working group in RFC 5280. This KeyManagerFactory currently supports initialization using a KeyStore object or javax.net.ssl.KeyStoreBuilderParameters.

SunX509: A factory for X509ExtendedKeyManager instances that manage X.509 certificate-based key pairs for local side authentication, but with less strict checking of certificate usage/validity and chain verification. This KeyManagerFactory supports initialization using a Keystore object, but does not currently support initialization using the class javax.net.ssl.ManagerFactoryParameters.

Note: The SunX509 factory is for backwards compatibility with older releases, and should no longer be used.

KeyPairGenerator

RSA

Note: The SunJSSE provider is for backwards compatibility with older releases, and should no longer be used for KeyPairGenerator.

KeyStore

PKCS12

Note: The SunJSSE provider is for backwards compatibility with older releases, and should no longer be used for KeyStore.

Signature

MD2withRSA

MD5withRSA

SHA1withRSA

Note: The SunJSSE provider is for backwards compatibility with older releases, and should no longer be used for Signature.

SSLContext

SSLv3

TLSv1

TLSv1.1

TLSv1.2

DTLSv1.0

DTLSv1.2

TrustManagerFactory

PKIX: A factory for X509ExtendedTrustManager instances that validate certificate chains according to the rules defined by the IETF PKIX working group in RFC 5280. This TrustManagerFactory currently supports initialization using a KeyStore object or javax.net.ssl.CertPathTrustManagerParameters.

SunX509: A factory for X509ExtendedTrustManager instances that validate certificate chains, but with less strict checking of certificate usage/validity and chain verification. This TrustManagerFactory supports initialization using a Keystore object, but does not currently support initialization using the class javax.net.ssl.ManagerFactoryParameters.

Note: The SunX509 factory is for backwards compatibility with older releases, and should no longer be used.

SunJSSE Provider Protocol Parameters

The SunJSSE provider supports the following protocol parameters:

Table 4-9 SunJSSE Provider Protocol Parameters

Protocol Enabled by Default for Client Enabled by Default for Server

SSLv3

No (UnavailableFoot 7 ) No (UnavailableFootref 7)
TLSv1 Yes Yes
TLSv1.1 Yes Yes
TLSv1.2 Yes Yes
SSLv2HelloFoot 8 No Yes
DTLSv1.0 Yes Yes
DTLSv1.2Foot 9 Yes Yes

Footnote 7 SSLv3 is enabled:

  • Starting with JDK 8u31, the SSLv3 protocol (Secure Socket Layer) has been deactivated and is not available by default. See the java.security.Security property jdk.tls.disabledAlgorithms in the <java_home>/conf/security/java.security file.

  • If SSLv3 is absolutely required, the protocol can be reactivated by removing "SSLv3" from the jdk.tls.disabledAlgorithms property in the java.security file or by dynamically setting this Security Property before JSSE is initialized.

  • To enable SSLv3 protocol at deploy level, after following the above steps, edit the deployment.properties file and add the following: deployment.security.SSLv3=true

Footnote 8 The SSLv3, TLSv1, TLSv1.1 and TLSv1.2 protocols allow you to send SSLv3, TLSv1, TLSv1.1 and TLSv1.2 ClientHellos encapsulated in an SSLv2 format hello by using the SSLv2Hello psuedo-protocol.

Footnote 9 Both DTLSv1.0 and DTLSv1.2 are enabled.

The following table illustrates which connection combinations are possible when using SSLv2Hellos:

Table 4-10 Connections Possible Using SSLv2Hellos

Client Server Connection Possible?
Enabled Enabled Yes
Not enabled Enabled Yes (most interoperable: SunJSSE default)
Enabled Not enabled No
Not enabled Not enabled Yes

Cipher Suites

SunJSSE supports a large number of cipher suites. Table 4-11 lists the cipher suites supported by SunJSSE, whether they are enabled or disabled by default, and the release in which they were introduced. A value of N/A means that the cipher suite hasn't been implemented for that release.

Note:

According to DTLS Version 1.0 and DTLS Version 1.2, RC4 cipher suites must not be used with DTLS connections.

Cipher suites that use Elliptic Curve Cryptography (ECDSA, ECDH, ECDHE, ECDH_anon) require a JCE cryptographic provider that meets the following requirements:

  • The provider must implement ECC as defined by the classes and interfaces in the packages java.security.spec and java.security.interfaces. The getAlgorithm() method of elliptic curve key objects must return the string "EC".

  • The provider must support the Signature algorithms SHA1withECDSA and NONEwithECDSA, the KeyAgreement algorithm ECDH, and a KeyPairGenerator and a KeyFactory for algorithm EC. If one of these algorithms is missing, SunJSSE does not allow EC cipher suites to be used.

  • The provider must support all the SECG curves referenced in RFC 4492 specification, section 5.1.1 (see also Appendix A, "Equivalent Curves (Informative)"). In certificates, points should be encoded using the uncompressed form and curves should be encoded using the namedCurve choice, that is, using an object identifier.

If these requirements are not met, EC cipher suites may not be negotiated correctly.

Table 4-11 Cipher Suites Supported by SunJSSE

Cipher Suite JDK 6 JDK 7 JDK 8 JDK 9

SSL_DH_anon_EXPORT_WITH_DES40_CBC_SHA

Disabled

DisabledFoot 10

Disabled

Disabled

SSL_DH_anon_EXPORT_WITH_RC4_40_MD5

Disabled

DisabledFootref 10

Disabled

Disabled

SSL_DH_anon_WITH_3DES_EDE_CBC_SHA

Disabled

Disabled

Disabled

Disabled

SSL_DH_anon_WITH_DES_CBC_SHA

Disabled

DisabledFoot 11

Disabled

Disabled

SSL_DH_anon_WITH_RC4_128_MD5

Disabled

Disabled

Disabled

Disabled

SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA

Disabled

DisabledFootref 10

Disabled

Disabled

SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA

Enabled

Enabled

Enabled

Enabled

SSL_DHE_DSS_WITH_DES_CBC_SHA

Disabled

DisabledFootref 11

Disabled

Disabled

SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA

Disabled

DisabledFootref 10

Disabled

Disabled

SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA

Enabled

Enabled

Enabled

Enabled

SSL_DHE_RSA_WITH_DES_CBC_SHA

Disabled

DisabledFootref 11

Disabled

Disabled

SSL_RSA_EXPORT_WITH_DES40_CBC_SHA

Disabled

DisabledFootref 10

Disabled

Disabled

SSL_RSA_EXPORT_WITH_RC4_40_MD5

Disabled

DisabledFootref 10

Disabled

Disabled

SSL_RSA_WITH_3DES_EDE_CBC_SHA

Enabled

Enabled

Enabled

Enabled

SSL_RSA_WITH_DES_CBC_SHA

Disabled

DisabledFootref 11

Disabled

Disabled

SSL_RSA_WITH_NULL_MD5

Disabled

Disabled

Disabled

Disabled

SSL_RSA_WITH_NULL_SHA

Disabled

Disabled

Disabled

Disabled

SSL_RSA_WITH_RC4_128_MD5

Enabled

Enabled

Enabled

Disabled

SSL_RSA_WITH_RC4_128_SHA

Enabled

Enabled

Enabled

N/A

TLS_DH_anon_WITH_AES_128_CBC_SHA

Disabled

Disabled

Disabled

Disabled

TLS_DH_anon_WITH_AES_128_CBC_SHA256

N/A

Disabled

Disabled

Disabled

TLS_DH_anon_WITH_AES_128_GCM_SHA256

N/A

N/A

Disabled

Disabled

TLS_DH_anon_WITH_AES_256_CBC_SHA

Disabled

Disabled

Disabled

Disabled

TLS_DH_anon_WITH_AES_256_CBC_SHA256

N/A

Disabled

Disabled

Disabled

TLS_DH_anon_WITH_AES_256_GCM_SHA384

N/A

N/A

Disabled

Disabled

TLS_DHE_DSS_WITH_AES_128_CBC_SHA

Enabled

Enabled

Enabled

Enabled

TLS_DHE_DSS_WITH_AES_128_CBC_SHA256

N/A

EnabledFoot 12

Enabled

Enabled

TLS_DHE_DSS_WITH_AES_128_GCM_SHA256

N/A

N/A

Enabled

Enabled

TLS_DHE_DSS_WITH_AES_256_CBC_SHA

Enabled

Enabled

Enabled

Enabled

TLS_DHE_DSS_WITH_AES_256_CBC_SHA256

N/A

N/A

N/A

Enabled

TLS_DHE_DSS_WITH_AES_256_CBC_SHA256

N/A

N/A

N/A

Enabled

TLS_DHE_DSS_WITH_AES_256_CBC_SHA256

N/A

N/A

N/A

Enabled

TLS_DHE_DSS_WITH_AES_256_CBC_SHA256

N/A

N/A

N/A

Enabled

TLS_DHE_DSS_WITH_AES_256_GCM_SHA384

N/A

N/A

Enabled

Enabled

TLS_DHE_RSA_WITH_AES_128_CBC_SHA

Enabled

Enabled

Enabled

Enabled

TLS_DHE_RSA_WITH_AES_128_CBC_SHA256

N/A

EnabledFootref 12

Enabled

Enabled

TLS_DHE_RSA_WITH_AES_128_GCM_SHA256

N/A

N/A

Enabled

Enabled

TLS_DHE_RSA_WITH_AES_256_CBC_SHA

Enabled

Enabled

Enabled

Enabled

TLS_DHE_RSA_WITH_AES_256_CBC_SHA256

N/A

EnabledFootref 12

Enabled

Enabled

TLS_DHE_RSA_WITH_AES_256_GCM_SHA384

N/A

N/A

Enabled

Enabled

TLS_ECDH_anon_WITH_3DES_EDE_CBC_SHA

Disabled

Disabled

Disabled

Disabled

TLS_ECDH_anon_WITH_AES_128_CBC_SHA

Disabled

Disabled

Disabled

Disabled

TLS_ECDH_anon_WITH_AES_256_CBC_SHA

Disabled

Disabled

Disabled

Disabled

TLS_ECDH_anon_WITH_NULL_SHA

Disabled

Disabled

Disabled

Disabled

TLS_ECDH_anon_WITH_RC4_128_SHA

Disabled

Disabled

Disabled

Disabled

TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA

Enabled

Enabled

Enabled

Enabled

TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA

Enabled

Enabled

Enabled

Enabled

TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256

N/A

EnabledFootref 12

Enabled

Enabled

TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256

N/A

N/A

Enabled

Enabled

TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA

Enabled

Enabled

Enabled

Enabled

TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384

N/A

EnabledFootref 12

Enabled

Enabled

TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384

N/A

N/A

Enabled

Enabled

TLS_ECDH_ECDSA_WITH_NULL_SHA

Disabled

Disabled

Disabled

Disabled

TLS_ECDH_ECDSA_WITH_RC4_128_SHA

Enabled

Enabled

Enabled

Enabled

TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA

Enabled

Enabled

Enabled

Enabled

TLS_ECDH_RSA_WITH_AES_128_CBC_SHA

Enabled

Enabled

Enabled

Enabled

TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256

N/A

EnabledFootref 12

Enabled

Enabled

TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256

N/A

N/A

Enabled

Enabled

TLS_ECDH_RSA_WITH_AES_256_CBC_SHA

Enabled

Enabled

Enabled

Enabled

TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384

N/A

EnabledFootref 12

Enabled

Enabled

TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384

N/A

N/A

Enabled

Enabled

TLS_ECDH_RSA_WITH_NULL_SHA

Disabled

Disabled

Disabled

Disabled

TLS_ECDH_RSA_WITH_RC4_128_SHA

Enabled

Enabled

Enabled

 

TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA

Enabled

Enabled

Enabled

Enabled

TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA

Enabled

Enabled

Enabled

Enabled

TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256

N/A

EnabledFootref 12

Enabled

Enabled

TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256

N/A

N/A

Enabled

Enabled

TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA

Enabled

Enabled

Enabled

Enabled

TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384

N/A

EnabledFootref 12

Enabled

Enabled

TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384

N/A

N/A

N/A

Enabled

TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384

N/A

N/A

N/A

Enabled

TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384

N/A

N/A

Enabled

Enabled

TLS_ECDHE_ECDSA_WITH_NULL_SHA

Disabled

Disabled

Disabled

Disabled

TLS_ECDHE_ECDSA_WITH_RC4_128_SHA

Enabled

Enabled

Enabled

Disabled

TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA

Enabled

Enabled

Enabled

Enabled

TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA

Enabled

Enabled

Enabled

Enabled

TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256

N/A

EnabledFootref 12

Enabled

Enabled

TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256

N/A

N/A

Enabled

Enabled

TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA

Enabled

Enabled

Enabled

Enabled

TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384

N/A

EnabledFootref 12

Enabled

Enabled

TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384

N/A

N/A

Enabled

N/A

TLS_ECDHE_RSA_WITH_NULL_SHA

Disabled

Disabled

Disabled

Disabled

TLS_ECDHE_RSA_WITH_RC4_128_SHA

Enabled

Enabled

Enabled

Enabled

TLS_ECDHE_RSA_WITH_RC4_128_SHA

N/A

N/A

N/A

Disabled

TLS_EMPTY_RENEGOTIATION_INFO_SCSVFoot 13

u22+

Enabled

Enabled

N/A

TLS_KRB5_EXPORT_WITH_DES_CBC_40_MD5

Disabled

DisabledFootref 10

Disabled

Disabled

TLS_KRB5_EXPORT_WITH_DES_CBC_40_SHA

Disabled

DisabledFootref 10

Disabled

Disabled

TLS_KRB5_EXPORT_WITH_RC4_40_MD5

Disabled

DisabledFootref 10

Disabled

Disabled

TLS_KRB5_EXPORT_WITH_RC4_40_SHA

Disabled

DisabledFootref 10

Disabled

Disabled

TLS_KRB5_WITH_3DES_EDE_CBC_MD5

Disabled

Disabled

Disabled

Disabled

TLS_KRB5_WITH_3DES_EDE_CBC_SHA

Disabled

Disabled

Disabled

Disabled

TLS_KRB5_WITH_DES_CBC_MD5

Disabled

DisabledFootref 11

Disabled

Disabled

TLS_KRB5_WITH_DES_CBC_SHA

Disabled

DisabledFootref 11

Disabled

Disabled

TLS_KRB5_WITH_RC4_128_MD5

Disabled

Disabled

Disabled

Disabled

TLS_KRB5_WITH_RC4_128_SHA

Disabled

Disabled

Disabled

Disabled

TLS_RSA_WITH_AES_128_CBC_SHA

Enabled

Enabled

Enabled

Enabled

TLS_RSA_WITH_AES_128_CBC_SHA256

N/A

EnabledFootref 12

Enabled

Enabled

TLS_RSA_WITH_AES_128_GCM_SHA256

N/A

N/A

Enabled

Enabled

TLS_RSA_WITH_AES_256_CBC_SHA

Enabled

Enabled

Enabled

Enabled

TLS_RSA_WITH_AES_256_CBC_SHA256

N/A

EnabledFootref 12

Enabled

Enabled

TLS_RSA_WITH_AES_256_GCM_SHA384

N/A

N/A

Enabled

Enabled

TLS_RSA_WITH_NULL_SHA256

N/A

Disabled

Disabled

Disabled

Footnote 10 RFC 4346 TLS 1.1 forbids the use of these suites. These can be used in the SSLv3/TLS1.0 protocols, but cannot be used in TLS 1.1 and later.

Footnote 11 RFC 5246 TLS 1.2 forbids the use of these suites. These can be used in the SSLv3/TLS1.0/TLS1.1 protocols, but cannot be used in TLS 1.2 and later.

Footnote 12 Cipher suites with SHA384 and SHA256 are available only for TLS 1.2 or later.

Footnote 13 TLS_EMPTY_RENEGOTIATION_INFO_SCSV is a pseudo-cipher suite that supports RFC 5746. See Transport Layer Security (TLS) Renegotiation Issue in Java Secure Socket Extension (JSSE) Reference Guide.

Tighter Checking of EncryptedPreMasterSecret Version Numbers

Prior to the JDK 7 release, the SSL/TLS implementation did not check the version number in PreMasterSecret, and the SSL/TLS client did not send the correct version number by default. Unless the system property com.sun.net.ssl.rsaPreMasterSecretFix is set to true, the TLS client sends the active negotiated version, but not the expected maximum version supported by the client.

For compatibility, this behavior is preserved for SSL version 3.0 and TLS version 1.0. However, for TLS version 1.1 or later, the implementation tightens checking the PreMasterSecret version numbers as required by RFC 5246. Clients always send the correct version number, and servers check the version number strictly. The system property, com.sun.net.ssl.rsaPreMasterSecretFix, is not used in TLS 1.1 or later.

The SunJCE Provider

As described briefly in The SUN Provider, US export regulations at the time restricted the type of cryptographic functionality that could be available in the JDK. A separate API and reference implementation was developed that allowed applications to encrypt/decrypt date. The Java Cryptographic Extension (JCE) was released as a separate ”Optional Package” (also briefly known as a “Standard Extension”), and was available for JDK 1.2x and 1.3x. During the development of JDK 1.4, regulations were relaxed enough that JCE (and SunJSSE) could be bundled as part of the JDK.

The following algorithms are available in the SunJCE provider:

Table 4-12 The SunJCE Provider Algorithm Names for Engine Classes

Engine Algorithm Names
AlgorithmParameterGenerator DiffieHellman
AlgorithmParameters

AESBlowfish

DES

DESede

DiffieHellman

GCM

OAEP

PBE

PBES2

PBEWithHmacSHA1AndAES_128

PBEWithHmacSHA224AndAES_128

PBEWithHmacSHA256AndAES_128

PBEWithHmacSHA384AndAES_128

PBEWithHmacSHA512AndAES_128

PBEWithHmacSHA1AndAES_256

PBEWithHmacSHA224AndAES_256

PBEWithHmacSHA256AndAES_256

PBEWithHmacSHA384AndAES_256

PBEWithHmacSHA512AndAES_256

PBEWithMD5AndDES

PBEWithMD5AndTripleDES

PBEWithSHA1AndDESede

PBEWithSHA1AndRC2_40

PBEWithSHA1AndRC2_128

PBEWithSHA1AndRC4_40

PBEWithSHA1AndPC4_128

RC2

Cipher See Table 4-13
KeyAgreement DiffieHellman
KeyFactory DiffieHellman
KeyGenerator

AES

ARCFOUR

Blowfish

DES

DESede

HmacMD5

HmacSHA1

HmacSHA224

HmacSHA256

HmacSHA384

HmacSHA512

RC2

KeyPairGenerator DiffieHellman
KeyStore JCEKS
Mac

HmacMD5

HmacSHA1

HmacSHA224

HmacSHA384

HmacSHA512

HmacSHA256

HmacSHA512/224

HmacSHA512/256

HmacPBESHA1

PBEWithHmacSHA1

PBEWithHmacSHA224

PBEWithHmacSHA256

PBEWithHmacSHA384

PBEWithHmacSHA512

SecretKeyFactory

DES

DESede

PBEWithMD5AndDES

PBEWithMD5AndTripleDES

PBEWithSHA1AndDESede

PBEWithSHA1AndRC2_40

PBEWithSHA1AndRC2_128

PBEWithSHA1AndRC4_40

PBEWithSHA1AndRC4_128

PBKDF2WithHmacSHA1

PBKDF2WithHmacSHA224

PBKDF2WithHmacSHA256

PBKDF2WithHmacSHA384

PBKDF2WithHmacSHA512

PBEWithHmacSHA1AndAES_128

PBEWithHmacSHA224AndAES_128

PBEWithHmacSHA256AndAES_128

PBEWithHmacSHA384AndAES_128

PBEWithHmacSHA512AndAES_128

PBEWithHmacSHA1AndAES_256

PBEWithHmacSHA224AndAES_256

PBEWithHmacSHA256AndAES_256

PBEWithHmacSHA384AndAES_256

PBEWithHmacSHA512AndAES_256

The following table lists cipher transformations available in the SunJCE provider.

Table 4-13 The SunJCE Provider Cipher Transformations

Algorithm Names Modes Paddings
AES ECB, CBC, PCBC, CTR, CTS, CFBFoot 14, CFB8..CFB128, OFBFootref 14, OFB8..OFB128 NoPadding, PKCS5Padding, ISO10126Padding
AES GCM NoPadding
AESWrap ECB NoPadding
AESWrap_128 ECB NoPadding
AESWrap_192 ECB NoPadding
AESWrap_256 ECB NoPadding
ARCFOUR ECB NoPadding
Blowfish, DES, DESede, RC2 ECB, CBC, PCBC, CTR, CTS, CFBFootref 14, CFB8..CFB64, OFBFootref 14, OFB8..OFB64 NoPadding, PKCS5Padding, ISO10126Padding
DESedeWrap CBC NoPadding

PBEWithMD5AndDES, PBEWithMD5AndTripleDESFoot 15, BEWithSHA1AndDESede, BEWithSHA1AndRC2_40, BEWithSHA1AndRC2_128, BEWithSHA1AndRC4_40, BEWithSHA1AndRC4_128, BEWithHmacSHA1AndAES_128, BEWithHmacSHA224AndAES_128, BEWithHmacSHA256AndAES_128, BEWithHmacSHA384AndAES_128, BEWithHmacSHA512AndAES_128, BEWithHmacSHA1AndAES_256, BEWithHmacSHA224AndAES_256, BEWithHmacSHA256AndAES_256, BEWithHmacSHA384AndAES_256, BEWithHmacSHA512AndAES_256

CBC PKCS5Padding
RSA ECB

NoPadding,PKCS1Padding, AEPPadding, AEPWithMD5AndMGF1Padding, AEPWithSHA1AndMGF1Padding, AEPWithSHA-1AndMGF1Padding, AEPWithSHA-224AndMGF1Padding, AEPWithSHA-256AndMGF1Padding, AEPWithSHA-384AndMGF1Padding, AEPWithSHA-512AndMGF1Padding

Footnote 14 CFB/OFB with no specified value defaults to the block size of the algorithm. (i.e. AES is 128; Blowfish, DES, DESede, and RC2 are 64.)

Footnote 15 PBEWithMD5AndTripleDES is a proprietary algorithm that has not been standardized.

Keysize Restrictions

The SunJCE provider uses the following default key sizes (in bits) and enforces the following restrictions:

KeyGenerator

Table 4-14 The SunJCE Provider Key Size Restrictions

Algorithm Name Default Key size Restrictions/Comments
AES 128 Key size must be equal to 128, 192, or 256.
ARCFOUR (RC4) 128 Key size must range between 40 and 1024 (inclusive).
Blowfish 128 Key size must be a multiple of 8, ranging from 32 to 448 (inclusive).
DES 56 Key size must be equal to 56.
DESede (Triple DES) 168

Key size must be equal to 112 or 168.

A key size of 112 will generate a Triple DES key with 2 intermediate keys, and a key size of 168 will generate a Triple DES key with 3 intermediate keys.

Due to the "Meet-In-The-Middle" problem, even though 112 or 168 bits of key material are used, the effective key size is 80 or 112 bits respectively.

HmacMD5 512 No key size restriction.
HmacSHA1 512 No key size restriction.
HmacSHA224 224 No key size restriction.
HmacSHA256 256 No key size restriction.
HmacSHA384 384 No key size restriction.
HmacSHA512 512 No key size restriction.
RC2 128 Key size must range between 40 and 1024 (inclusive).

Note:

The various Password-Based Encryption (PBE) algorithms use various algorithms to generate key data, and ultimately depends on the targeted Cipher algorithm. For example,

”PBEWithMD5AndDES” will always generate 56–bit keys.

Table 4-15 KeyPairGenerator

Algorithm Name Default Key size Restrictions/Comments
Diffie-Hellman (DH) 2048 Key size must be a multiple of 64, ranging from 512 to 1024, plus 1536, 2048, 3072, 4096, 6144, 8192.

Table 4-16 AlgorithmParameterGenerator

Algorithm Name Default Key size Restrictions/Comments
Diffie-Hellman (DH) 2048 Key size must be a multiple of 64, ranging from 512 to 1024, plus 2048 and 3072.

The SunJGSS Provider

The following algorithms are available in the SunJGSS provider:

Table 4-17 The SunJGSS Provider

OID Name
1.2.840.113554.1.2.2 Kerberos v5
1.3.6.1.5.5.2 SPNEGO

The SunSASL Provider

The following algorithms are available in the SunSASL provider:

Table 4-18 The SunSASL Provider Algorithm Names for Engine Classes

Engine Algorithm Names
SaslClient

CRAM-MD5

DIGEST-MD5

EXTERNAL

NTLM

PLAIN

SaslServer

CRAM-MD5

DIGEST-MD5

NTLM

The XMLDSig Provider

The following algorithms are available in the XMLDSig provider:

Table 4-19 The XMLDSig Provider Algorithm Names for Engine Classes

Engine Algorithm Names
KeyInfoFactory DOM
TransformService

http://www.w3.org/TR/2001/REC-xml-c14n-20010315 - (CanonicalizationMethod.INCLUSIVE)

http://www.w3.org/TR/2001/REC-xml-c14n-20010315#WithComments - (CanonicalizationMethod.INCLUSIVE_WITH_COMMENTS)

http://www.w3.org/2001/10/xml-exc-c14n# - (CanonicalizationMethod.EXCLUSIVE)

http://www.w3.org/2001/10/xml-exc-c14n#WithComments - (CanonicalizationMethod.EXCLUSIVE_WITH_COMMENTS)

http://www.w3.org/2000/09/xmldsig#base64 - (Transform.BASE64)

http://www.w3.org/2000/09/xmldsig#enveloped-signature - (Transform.ENVELOPED)

http://www.w3.org/TR/1999/REC-xpath-19991116 - (Transform.XPATH)

http://www.w3.org/2002/06/xmldsig-filter2 - (Transform.XPATH2)

http://www.w3.org/TR/1999/REC-xslt-19991116 - (Transform.XSLT)

XMLSignatureFactory DOM

The SunPCSC Provider

The SunPCSC provider enables applications to use the Java Smart Card I/O API to interact with the PC/SC Smart Card stack of the underlying operating system. Consult your operating system documentation for details.

On Solaris and Linux platforms, SunPCSC accesses the PC/SC stack via the libpcsclite.so library. It looks for this library in the directories /usr/$LIBISA and /usr/local/$LIBISA, where $LIBISA is expanded to lib/64 on 64-bit Solaris platforms and lib64 on 64-bit Linux platforms. The system property sun.security.smartcardio.library may also be set to the full filename of an alternate libpcsclite.so implementation. On Windows platforms, SunPCSC always calls into winscard.dll and no Java-level configuration is necessary or possible.

If PC/SC is available on the host platform, the SunPCSC implementation can be obtained via TerminalFactory.getDefault() and TerminalFactory.getInstance("PC/SC"). If PC/SC is not available or not correctly configured, a getInstance() call will fail with a NoSuchAlgorithmException and getDefault() will return a JRE built-in implementation that does not support any terminals.

The following algorithms are available in the SunPCSC provider:

Table 4-20 The SunPCSC Provider Algorithm Names for Engine Classes

Engine Algorithm Names
TerminalFactory PC/SC

The SunMSCAPI Provider

The SunMSCAPI provider enables applications to use the standard JCA/JCE APIs to access the native cryptographic libraries, certificates stores and key containers on the Microsoft Windows platform. The SunMSCAPI provider itself does not contain cryptographic functionality, it is simply a conduit between the Java environment and the native cryptographic services on Windows.

The following algorithms are available in the SunMSCAPI provider:

Table 4-21 The SunMSCAPI Algorithm Names for Engine Classes

Engine Algorithm Names
Cipher RSA RSA/ECB/PKCS1Padding only
KeyPairGenerator RSA
KeyStore

Windows-MY : The keystore type that identifies the native Microsoft Windows MY keystore. It contains the user's personal certificates and associated private keys.

Windows-ROOT: The keystore type that identifies the native Microsoft Windows ROOT keystore. It contains the certificates of Root certificate authorities and other self-signed trusted certificates.

SecureRandom

Windows-PRNG : The name of the native pseudo-random number generation (PRNG) algorithm.

Signature

MD5withRSA

MD2withRSA

NONEwithRSA

SHA1withRSA

SHA256withRSA

SHA384withRSA

SHA512withRSA

Keysize Restrictions

The SunMSCAPI provider uses the following default keysizes (in bits) and enforce the following restrictions:

KeyGenerator

Table 4-22 The SunMSCAPI Provider Keysize Restrictions

Alg. Name Default Keysize Restrictions/Comments
RSA 2048 Keysize ranges from 512 bits to 16,384 bits (depending on the underlying Microsoft Windows cryptographic service provider).

The SunEC Provider

The SunEC provider implements Elliptical Curve Cryptography (ECC). Compared to traditional cryptosystems such as RSA, ECC offers equivalent security with smaller key sizes, which results in faster computations, lower power consumption, and memory and bandwidth savings.

Applications can now use the standard JCA/JCE APIs to access ECC functionality without the dependency on external ECC libraries (via SunPKCS11), as was the case in the JDK 6 release.

The following algorithms are available in the SunEC provider:

Table 4-23 The SunEC Provider Names for Engine Classes

Engine Algorithm Name(s)
AlgorithmParameters EC
KeyAgreement ECDH
KeyFactory EC
KeyPairGenerator EC
Signature

NONEwithECDSA

SHA1withECDSA

SHA224withECDSA

SHA256withECDSA

SHA384withECDSA

SHA512withECDSA

NONEwithECDSAinP1363Format

SHA1withECDSAinP1363Format

SHA224withECDSAinP1363Format

SHA256withECDSAinP1363Format

SHA384withECDSAinP1363Format

SHA512withECDSAinP1363Format

Keysize Restrictions

The SunEC provider uses the following default keysizes (in bits) and enforces the following restrictions:

KeyPairGenerator

Table 4-24 The SunEC Provider Keysize Restrictions

Alg. Name Default Keysize Restrictions/Comments
EC 256 Keysize must range from 112 to 571 (inclusive).

The OracleUcrypto Provider

The Solaris-only security provider OracleUcrypto leverages the Solaris Ucrypto library to offload and delegate cryptographic operations supported by the Oracle SPARC T4 based on-core cryptographic instructions. The OracleUcrypto provider itself does not contain cryptographic functionality; it is simply a conduit between the Java environment and the Solaris Ucrypto library.

If the underlying Solaris Ucrypto library does not support a particular algorithm, then the OracleUcrypto provider will not support it either. Consequently, at runtime, the supported algorithms consists of the intersection of those that the Solaris Ucrypto library supports and those that the OracleUcrypto provider recognizes.

The following algorithms are available in the OracleUcrypto provider:

Table 4-25 The OracleUcrypto Provider Algorithm Names for Engine Classes

Engine Algorithm Name(s)
Cipher

AES

RSA

AES/ECB/NoPadding

AES/ECB/PKCS5Padding

AES/CBC/NoPadding

AES/CBC/PKCS5Padding

AES/CTR/NoPadding

AES/GCM/NoPadding

AES/CFB128/NoPadding

AES/CFB128/PKCS5Padding

AES_128/ECB/NoPadding

AES_192/ECB/NoPadding

AES_256/ECB/NoPadding

AES_128/CBC/NoPadding

AES_192/CBC/NoPadding

AES_256/CBC/NoPadding

AES_128/GCM/NoPadding

AES_192/GCM/NoPadding

AES_256/GCM/NoPadding

RSA/ECB/PKCS1Padding

RSA/ECB/NoPadding

Signature

MD5withRSA

SHA1withRSA

SHA256withRSA

SHA384withRSA

SHA512withRSA

MessageDigest

MD5

SHA

SHA-224

SHA-256

SHA-384

SHA-512

SHA3–224

SHA3–256

SHA3–384

SHA3–512

Keysize Restrictions

The OracleUcrypto provider does not specify any default keysizes or keysize restrictions; these are specified by the underlying Solaris Ucrypto library.

OracleUcrypto Provider Configuration File

The OracleUcrypto provider has a configuration file named ucrypto-solaris.cfg that resides in the $JAVA_HOME/conf/security directory. Modify this configuration file to specify which algorithms to disable by default. For example, the following configuration file disables AES with CFB128 mode by default:
#
# Configuration file for the OracleUcrypto provider
#
disabledServices = {
  Cipher.AES/CFB128/PKCS5Padding
  Cipher.AES/CFB128/NoPadding
}

The Apple Provider

The Apple provider implements a java.security.KeyStore that provides access to the macOS Keychain.

The following algorithms are available in the Apple provider:

Table 4-26 The Apple Provider Algorithm Name for Engine Classes

Engine Algorithm Name(s)
KeyStore KeychainStore

The JdkLDAP Provider

The JdkLDAP provider was introduced in JDK 9 as a replacement for the LDAP CertStore implementation in the SUN provider.

The following algorithms are available in the JdkLDAP provider:

Table 4-27 The JdkLDAP Provider Algorithm Names for Engine Classes

Engine Algorithm Names
CertStore

LDAP

The JdkSASL Provider

The following algorithms are available in the JdkSASL provider:

Table 4-28 The JdkSASL Provider Algorithm Names for Engine Classes

Engine Algorithm Names
SaslClient

GSSAPI

SaslServer

GSSAPI