create an SSLContext instance using a Bouncy Castle provider

java ssl bouncycastle sslengine
Sebastian Schmitt picture Sebastian Schmitt · May 28, 2014 · Viewed 10.2k times · Source

I'm stuck at the creation of an SSLContext (which I want to use to instantiate an SSLEngine to handle encrypted transport via the java-nio):

The code 

String protocol = "TLSv1.2";
Provider provider = new BouncyCastleProvider();
Security.addProvider(provider);
sslContext = SSLContext.getInstance(protocol,provider.getName());

throws the following exception:

Exception in thread "main" java.lang.RuntimeException: java.security.NoSuchAlgorithmException: no such algorithm: SSL for provider BC
at org.bitmash.network.tcp.ssl.SslTransferFactory.<init>(SslTransferFactory.java:43)
at org.bitmash.network.http.HttpsServer.<init>(HttpsServer.java:19)

I attached Bouncy Castle's current provider package 'bcprov-jdk15on-150.jar' (which I got from here) to the applications classpath as well as to its bootclasspath (via VM-Option -Xbootclasspath/p), but neither solved the problem. I also tried different values for protocol (i. e. 'SSL' and 'TLSv1') without any effect.

Also, I found people with similar problems here and here. But in contrast to them, I'm targeting (and I'm using) Java 7 (or greater), but I still have this problem. Is it -in general- even feasible to use Bouncy Castle this way, or do I have to rewrite my protocol using their respective API instead of oracle's NIO via SSLEngine (which is the way I'm doing it right now)?

Thank you so much for any help here.

Answer

k2zinger picture k2zinger · May 22, 2015

I know this is kind of an old question, but I needed an answer (so I am creating one):

  • [Is it possible to] create an SSLContext instance using a Bouncy Castle provider [?]
  • No

Why not?

Debugging this line of code:

Provider [] providers = Security.getProviders();
  • the default SunJSSE version 1.7 implements the following SSLContext values:

    Alg.Alias.SSLContext.SSL=TLSv1
    Alg.Alias.SSLContext.SSLv3=TLSv1
    SSLContext.Default=sun.security.ssl.SSLContextImpl$DefaultSSLContext
    SSLContext.TLSv1=sun.security.ssl.SSLContextImpl$TLS10Context
    SSLContext.TLSv1.1=sun.security.ssl.SSLContextImpl$TLS11Context
    SSLContext.TLSv1.2=sun.security.ssl.SSLContextImpl$TLS12Context

  • using bcprov-jdk15on-152.jar and adding a new BouncyCastleProvider() to Security, one can observe that there are no SSLContext values available.

This should make sense since Bouncy Castle is a JCE implementation, not a JSSE implementation.

Related questions

How to load public certificate from pem file?

I was trying to extract RES public key from the file below -----BEGIN CERTIFICATE----- MIIGwTCCBamgAwIBAgIQDlV4zznmQiVeF45Ipc0k7DANBgkqhkiG9w0BAQUFADBmMQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3d3cuZGlnaWNlcnQuY29tMSUwIwYDVQQDExxEaWdpQ2VydCBIaWdoIEFzc3VyYW5jZSBDQS0zMB4XDTEyMTAzMDAwMDAwMFoXDTE1MTEwNDEyMDAwMFowgYIxCzAJBgNVBAYTAlVTMQ4wDAYDVQQIEwVUZXhhczEQMA4GA1UEBxMHSG91c3RvbjEpMCcGA1UEChMgVmFsZXJ1cyBDb21wcmVzc2…

Read More
How do I do TLS with BouncyCastle?

Does anybody know about examples of TLS with BouncyCastle? I was surprised by the lack of them on Internet. If there are really none, let's collect them as answers.

Read More
Programmatically Obtain KeyStore from PEM

How can one programmatically obtain a KeyStore from a PEM file containing both a certificate and a private key? I am attempting to provide a client certificate to a server in an HTTPS connection. I have confirmed that the client …

Read More