Folks, As J2SDK v1.4.x made changes including the SSL/TLS related APIs, we are no longer in need to embed the SUN's provider package, e.g.,
import com.sun.net.ssl.KeyManagerFactory; import com.sun.net.ssl.SSLContext; import com.sun.net.ssl.TrustManagerFactory; as defined in the org.apache.catalina.net.SSLServerSocketFactory. We now more use the javax.net.ssl.* package with J2SDK v4.x and a good sample is the "RMI Using SSL" The sample came with J2SDK v1.3.x and J2SDK v1.4.x are good example for the differences. I am thinking that it would be better for international users and more usability as well as acceptability, if TOMCAT can externalize the definitions of configurable info. e.g., provider name, type of key store, etc. Would it be possble to ask you, especially Harish Prabandham, Costin Manolache, and Craig McClanahan, to add this in the future release. + Support for "PKCS12" key store type in addition to JKS + Ability to define the security provier package in the external configuration file. This can be one of three ways we can define the 1. Use the "java.security" 2. Use the command-line to deifne the sytem properties 3. Embed it in the code as the TOMCAT does. In this way we can continuously use the SUN's provider package as well as other packages based on the USER's prference. BouncyCastle can be one of packages other than SUN's package. Please note that I am not againsnt any specifc vendor not package, but just think that it would create ore flexibility. I for one am very happy with you folks' work. And thank you always. Any comments on this are welcome and will be appreciated. Regards, Pae
