Supported Protocols

---

The ICEssl module is a client side implementation of the TLS standard, as specified by IETF standard 2246. It supports the SSL 3 and SSL 2 protocols, as specified by Netscape. The implementation is written in Java, and can be used and compiled under JDK 1.1, 1.2, and 1.3.

It can also be used in PersonalJava environments. PersonalJava is designed for embedded devices with limited memory, and the ICEssl module accordingly has low memory requirements. It can be run on devices with the minimal recommended memory size for a PersonalJava device, which is about 2 MB of memory.

The ICEssl module does not need any native libraries to work. It supports the RSA-based ciphers of the protocol.

The following protocol suites are supported:

For TLS and SSL 3:

• NULL_WITH_NULL_NULL
• RSA_WITH_NULL_MD5
• RSA_WITH_NULL_SHA
• RSA_EXPORT_WITH_IC4_40_MD5
• RSA_WITH_IC4_128_MD5
• RSA_WITH_IC4_128_SHA
• RSA_EXPORT_WITH_IC2_CBC_40_MD5
• RSA_EXPORT_WITH_DES40_CBC_SHA
• RSA_WITH_DES_CBC_SHA
• RSA_WITH_3DES_EDE_CBC_SHA

For SSL 2:

• IC4_128_WITH_MD5
• IC4_128_EXPORT40_WITH_MD5
• IC2_128_CBC_WITH_MD5
• IC2_128_CBC_EXPORT40_WITH_MD5
• DES_64_CBC_WITH_MD5
• DES_192_EDE3_CBC_WITH_MD5

You can choose which of these protocol versions and protocol suites are active.

The ICEssl module supports authentication of the server by verifying the server certificate, as mandated by the TLS standard, and is able to authenticate itself using a client/personal certificate. The installation contains interfaces for adding custom certificate handlers and an example implementation of such a handler.

The ICEssl module runs on all the "international" versions of Java that do not have built-in support for cryptography. The ICEssl module provides its own implementation of X.509 certificates and uses a subset of the Cryptix library for the cryptographic algorithms.

Copyright 2005. ICEsoft Technologies, Inc. http://www.icesoft.com