Security overview using Java Secure Socket Extension
The Java Secure Socket Extension (JSSE)
implements a Java version of SSL (Secure Sockets Layer) and TLS (Transport Layer
Security) protocols to ensure communication security. JSSE provides the
functionality for data encryption, server authentication, and client
authentication (optional). Using JSSE, allows for the secure passage of data
between a client and a server running any application protocol over TCP/IP.
The following configuration parameters
can be declared in a configuration file for JSEE authentication purposes:
- configuration: This
container and it's members will only load if this parameter is not specified,
or if it matches exactly what is specified in the AgentControllerConfiguration
element's activeConfiguration attribute.
- library: This refers to the
type of security associated with the connection. Currently, only JSSE is
supported.
- securityProvider: This
refers to the name of the class that is providing the JSSE implementation.
- keyManager: This refers
to the class that implements the
org.eclipse.haydes.execution.security.IKeyManager interface. The key manager
will be invoked to load the keystore and to get the KeyManager and
TrustManager implementations that will be used to authenticate incoming
connections.
- cipher suites: This
parameter refers to the cipher suites that should be used when establishing a
connection. It is a comma-separated list. If this is not specified, the cipher
suites will default to all of those which are supported by the provider.
- protocols: This
parameter refers to the allowable protocols that can be used when establishing
a connection. If no protocol is specified, it will default to SSL.
- clientAuthenticate:
This parameter indicates whether the client needs to fully authenticate with
the server during the SSL handshake. If this is TRUE then the client must be
properly authenticated to a trusted certificate root before a connection will
be allowed.
- aclEnabled: This
parameter indicates whether the acl definition child will be used to control
access to the Agent Controller.
- keystore - This refers to the
file which contains all of the keys and certificates that will be used for
connection management. With JSSE this must be a JKS format Java keystore.
- keystorePassword - This is
the password to access the keystore file. The password will appear
in this configuration file as open text and will not be encrypted.
- serverAlias - This refers to
which alias within the keystore to use to identify the server. If no alias is
specified, the first certificate instance in the file will be used.
Related concepts
Security overview
Related tasks
Creating security certificates
(C) Copyright IBM Corporation 2000, 2003. All Rights Reserved.