com.ibm.websphere.ssl

Class JSSEHelper

  1. java.lang.Object
  2. extended bycom.ibm.websphere.ssl.JSSEHelper

  1. public class JSSEHelper
  2. extends java.lang.Object

This class is for components and applications to utilize the SSL configuration framework for selecting SSL configurations and turning them into SSL objects such as SSLContext, Properties, URLStreamHandlers, and SocketFactories.

Since:
WAS 6.1
Version:
1.0

Field Summary

Modifier and Type Field and Description
  1. static
  2. java.lang.String
CONNECTION_INFO_CERT_MAPPING_HOST
Property used in the connection information Map to define the host which is being connected to for dynamic selection of the certificate map.
  1. static
  2. java.lang.String
CONNECTION_INFO_DIRECTION
Variable used for the connection information to determine SSLContext validation rules.
  1. static
  2. java.lang.String
CONNECTION_INFO_ENDPOINT_NAME
Property used in the connection information Map to define the endpoint for dynamic and group selection.
  1. static
  2. java.lang.String
CONNECTION_INFO_IS_WEB_CONTAINER_INBOUND
Property used to determine if the connection is a Web Container inbound connection.
  1. static
  2. java.lang.String
CONNECTION_INFO_REMOTE_HOST
Property used in the connection information Map to define the remote host which is being connected to for dynamic selection.
  1. static
  2. java.lang.String
CONNECTION_INFO_REMOTE_PORT
Property used in the connection information Map to define the remote port which is being connected to for dynamic selection.
  1. static
  2. java.lang.String
DIRECTION_INBOUND
Variable used when the direction of the SSLContext is inbound.
  1. static
  2. java.lang.String
DIRECTION_OUTBOUND
Variable used when the direction of the SSLContext is outbound.
  1. static
  2. java.lang.String
DIRECTION_UNKNOWN
Variable used when the direction of the SSLContext is not currently known.
  1. static
  2. java.lang.String
ENDPOINT_ADMIN_IPC
EndPoint name when using IPC protocol from the IPC connector for outbound connections.
  1. static
  2. java.lang.String
ENDPOINT_ADMIN_SOAP
EndPoint name when using SOAP protocol from the SOAP connector for outbound connections.
  1. static
  2. java.lang.String
ENDPOINT_BUS_CLIENT
EndPoint name when using BUS_CLIENT protocol for outbound connections.
  1. static
  2. java.lang.String
ENDPOINT_BUS_TO_BUS
EndPoint name when using ENDPOINT_BUS_TO_BUS protocol for outbound connections.
  1. static
  2. java.lang.String
ENDPOINT_BUS_TO_WEBSPHERE_MQ
EndPoint name when using ENDPOINT_BUS_TO_WEBSPHERE_MQ protocol for outbound connections.
  1. static
  2. java.lang.String
ENDPOINT_CLIENT_TO_WEBSPHERE_MQ
EndPoint name when using ENDPOINT_CLIENT_TO_WEBSPHERE_MQ protocol for outbound connections.
  1. static
  2. java.lang.String
ENDPOINT_HTTP
EndPoint name when using HTTP protocol for outbound connections.
  1. static
  2. java.lang.String
ENDPOINT_IIOP
EndPoint name when using IIOP protocol for outbound connections.
  1. static
  2. java.lang.String
ENDPOINT_JMS
EndPoint name when using JMS protocol for outbound connections.
  1. static
  2. java.lang.String
ENDPOINT_LDAP
EndPoint name when using LDAP (JNDI) protocol for outbound connections.
  1. static
  2. java.lang.String
ENDPOINT_SIP
EndPoint name when using SIP protocol for outbound connections.
  1. static
  2. int
SECURITY_MODE_FIPS_140_2
Variable indicating FIPS status - FIPS 140-2
  1. static
  2. int
SECURITY_MODE_FIPS_DISABLED
Variable indicating FIPS status - FIPS is disabled.
  1. static
  2. int
SECURITY_MODE_SP_800_131_STRICT
Variable indicating FIPS status - SP 800-131 Strict
  1. static
  2. int
SECURITY_MODE_SP_800_131_TRANSITION
Variable indicating FIPS status - SP 800-131 Transition
  1. static
  2. int
SECURITY_MODE_SUITE_B_128
Variable indicating FIPS status - SUITE B 128
  1. static
  2. int
SECURITY_MODE_SUITE_B_192
Variable indicating FIPS status - Suite B 192

Constructor Summary

Constructor and Description
JSSEHelper()

Method Summary

Modifier and Type Method and Description
  1. void
deregisterSSLConfigChangeListener(SSLConfigChangeListener listener)
This method removes the specific SSLConfigChangeListener from the list of active listeners.
  1. boolean
doesSSLConfigExist(java.lang.String sslAliasName)
This method checks to ensure the SSL configuration name is known in the management scope where the API is called.
  1. int
getFipsInfo()
This method provides current FIPS configuration information
  1. java.util.Map
getInboundConnectionInfo()
This method is used to obtain information about the connection on the thread of execution.
  1. static
  2. JSSEHelper
getInstance()
This method returns an instance of the JSSEHelper class.
  1. java.util.Map
getOutboundConnectionInfo()
This method is used to obtain information about the connection on the thread of execution.
  1. java.util.Properties
getProperties(java.lang.String sslAliasName)
This method returns the SSL properties given a specific SSL configuration alias.
  1. java.util.Properties
getProperties(java.lang.String sslAliasName,java.util.Map connectionInfo,SSLConfigChangeListener listener)
This method returns the effective SSL properties object for use by an SSL application or component.
  1. javax.net.ssl.SSLContext
getSSLContext(java.util.Map connectionInfo,java.util.Properties props)
This method creates an SSLContext given a specific direction ("inbound" or "outbound") and the SSL properties needed to create the SSLContext.
  1. javax.net.ssl.SSLContext
getSSLContext(java.lang.String sslAliasName,java.util.Map connectionInfo,SSLConfigChangeListener listener)
This method creates an SSLContext for use by an SSL application or component.
  1. java.util.Properties
getSSLPropertiesOnThread()
This method allows the retrieving of SSL properties on the thread of execution.
  1. javax.net.ssl.SSLServerSocketFactory
getSSLServerSocketFactory(java.util.Properties props)
This method creates an SSLServerSocketFactory given the SSL configuration properties specified.
  1. javax.net.ssl.SSLServerSocketFactory
getSSLServerSocketFactory(java.lang.String sslAliasName,java.util.Map connectionInfo,SSLConfigChangeListener listener)
This method creates an SSLSocketFactory for use by an SSL application or component.
  1. javax.net.ssl.SSLSocketFactory
getSSLSocketFactory(java.util.Map connectionInfo,java.util.Properties props)
This method creates an SSLContext based on the SSL properties specified.
  1. javax.net.ssl.SSLSocketFactory
getSSLSocketFactory(java.lang.String sslAliasName,java.util.Map connectionInfo,SSLConfigChangeListener listener)
This method creates an SSLSocketFactory for use by an SSL application or component.
  1. java.net.URLStreamHandler
getURLStreamHandler(java.util.Properties props)
This method creates a URLStreamHandler specific SSL properties.
  1. java.net.URLStreamHandler
getURLStreamHandler(java.lang.String sslAliasName,java.util.Map connectionInfo,SSLConfigChangeListener listener)
This method creates a URLStreamHandler for use by an SSL application or component.
  1. void
loadClientSSLPropertiesFromURL(java.lang.String configURL,boolean reinitialize)
This method loads a client-side SSL properties file in the exact same format as the "ssl.client.props".
  1. void
registerSSLConfigChangeListener(java.lang.String sslAliasName,java.util.Map connectionInfo,SSLConfigChangeListener listener)
This method registers an SSLConfigChangeListener for the specific SSL configuration chosen based upon the parameters passed in using the precedence logic described in the JavaDoc for the getSSLContext API.
  1. void
reinitializeClientDefaultSSLProperties()
This method causes a reinitialization of the SSL properties that are located in default locations for sas.client.props, soap.client.props or ssl.client.props.
  1. void
setInboundConnectionInfo(java.util.Map connectionInfo)
This method sets information about the connection on the thread of execution.
  1. void
setOutboundConnectionInfo(java.util.Map connectionInfo)
This method sets information about the connection on the thread of execution.
  1. void
setSSLPropertiesOnThread(java.util.Properties props)
This method allows the setting of SSL properties on the thread of execution.
  1. void
validateSSLProperties(java.util.Properties props)
This method attempts to create an SSLContext using the properties provided.
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Detail

DIRECTION_INBOUND

  1. public static final java.lang.String DIRECTION_INBOUND

Variable used when the direction of the SSLContext is inbound. This is associated to receiving requests or server-side sockets, etc. This helps with validation of the required SSL attributes.

See Also:

DIRECTION_OUTBOUND

  1. public static final java.lang.String DIRECTION_OUTBOUND

Variable used when the direction of the SSLContext is outbound. This is associated to sending requests or client-side sockets, etc. This helps with validation of the required SSL attributes.

See Also:

DIRECTION_UNKNOWN

  1. public static final java.lang.String DIRECTION_UNKNOWN

Variable used when the direction of the SSLContext is not currently known. This will require that a TrustStore and KeyStore are both specified.

See Also:

ENDPOINT_IIOP

  1. public static final java.lang.String ENDPOINT_IIOP

EndPoint name when using IIOP protocol for outbound connections.

See Also:

ENDPOINT_HTTP

  1. public static final java.lang.String ENDPOINT_HTTP

EndPoint name when using HTTP protocol for outbound connections.

See Also:

ENDPOINT_SIP

  1. public static final java.lang.String ENDPOINT_SIP

EndPoint name when using SIP protocol for outbound connections.

See Also:

ENDPOINT_JMS

  1. public static final java.lang.String ENDPOINT_JMS

EndPoint name when using JMS protocol for outbound connections.

See Also:

ENDPOINT_BUS_CLIENT

  1. public static final java.lang.String ENDPOINT_BUS_CLIENT

EndPoint name when using BUS_CLIENT protocol for outbound connections.

See Also:

ENDPOINT_BUS_TO_WEBSPHERE_MQ

  1. public static final java.lang.String ENDPOINT_BUS_TO_WEBSPHERE_MQ

EndPoint name when using ENDPOINT_BUS_TO_WEBSPHERE_MQ protocol for outbound connections.

See Also:

ENDPOINT_BUS_TO_BUS

  1. public static final java.lang.String ENDPOINT_BUS_TO_BUS

EndPoint name when using ENDPOINT_BUS_TO_BUS protocol for outbound connections.

See Also:

ENDPOINT_CLIENT_TO_WEBSPHERE_MQ

  1. public static final java.lang.String ENDPOINT_CLIENT_TO_WEBSPHERE_MQ

EndPoint name when using ENDPOINT_CLIENT_TO_WEBSPHERE_MQ protocol for outbound connections.

See Also:

ENDPOINT_LDAP

  1. public static final java.lang.String ENDPOINT_LDAP

EndPoint name when using LDAP (JNDI) protocol for outbound connections.

See Also:

ENDPOINT_ADMIN_SOAP

  1. public static final java.lang.String ENDPOINT_ADMIN_SOAP

EndPoint name when using SOAP protocol from the SOAP connector for outbound connections.

See Also:

ENDPOINT_ADMIN_IPC

  1. public static final java.lang.String ENDPOINT_ADMIN_IPC

EndPoint name when using IPC protocol from the IPC connector for outbound connections.

See Also:

CONNECTION_INFO_DIRECTION

  1. public static final java.lang.String CONNECTION_INFO_DIRECTION

Variable used for the connection information to determine SSLContext validation rules.

See Also:

CONNECTION_INFO_ENDPOINT_NAME

  1. public static final java.lang.String CONNECTION_INFO_ENDPOINT_NAME

Property used in the connection information Map to define the endpoint for dynamic and group selection.

See Also:

CONNECTION_INFO_REMOTE_HOST

  1. public static final java.lang.String CONNECTION_INFO_REMOTE_HOST

Property used in the connection information Map to define the remote host which is being connected to for dynamic selection. The host can be in the DNS or IP formats. It is preferred to be in the DNS format. The format should match the com.ibm.ssl.dynamicSelectionInfo property information in order for a match to occur.

See Also:

CONNECTION_INFO_REMOTE_PORT

  1. public static final java.lang.String CONNECTION_INFO_REMOTE_PORT

Property used in the connection information Map to define the remote port which is being connected to for dynamic selection. The port should be the exact port being connected to so an accurate dynamic selection can be made.

See Also:

CONNECTION_INFO_CERT_MAPPING_HOST

  1. public static final java.lang.String CONNECTION_INFO_CERT_MAPPING_HOST

Property used in the connection information Map to define the host which is being connected to for dynamic selection of the certificate map. The host should be in the IP format.

See Also:

CONNECTION_INFO_IS_WEB_CONTAINER_INBOUND

  1. public static final java.lang.String CONNECTION_INFO_IS_WEB_CONTAINER_INBOUND

Property used to determine if the connection is a Web Container inbound connection.

See Also:

SECURITY_MODE_FIPS_DISABLED

  1. public static final int SECURITY_MODE_FIPS_DISABLED

Variable indicating FIPS status - FIPS is disabled.

See Also:

SECURITY_MODE_FIPS_140_2

  1. public static final int SECURITY_MODE_FIPS_140_2

Variable indicating FIPS status - FIPS 140-2

See Also:

SECURITY_MODE_SP_800_131_TRANSITION

  1. public static final int SECURITY_MODE_SP_800_131_TRANSITION

Variable indicating FIPS status - SP 800-131 Transition

See Also:

SECURITY_MODE_SP_800_131_STRICT

  1. public static final int SECURITY_MODE_SP_800_131_STRICT

Variable indicating FIPS status - SP 800-131 Strict

See Also:

SECURITY_MODE_SUITE_B_128

  1. public static final int SECURITY_MODE_SUITE_B_128

Variable indicating FIPS status - SUITE B 128

See Also:

SECURITY_MODE_SUITE_B_192

  1. public static final int SECURITY_MODE_SUITE_B_192

Variable indicating FIPS status - Suite B 192

See Also:

Constructor Detail

JSSEHelper

  1. public JSSEHelper()

Method Detail

getInstance

  1. public static JSSEHelper getInstance( )

This method returns an instance of the JSSEHelper class. This is the proper way to get a reference of this API class.

Returns:
JSSEHelper

setSSLPropertiesOnThread

  1. public void setSSLPropertiesOnThread( java.util.Properties props)

This method allows the setting of SSL properties on the thread of execution. This has the highest precedence in terms of selection rules. When the SSL runtime finds SSL properties on the thread, this should be used before anything else in the selection process.

It's important to clear the thread after use, especially where thread pools are used. It is not cleared up automatically. Pass in "null" to this API to clear it.

When Java 2 Security is enabled, access to call this method requires WebSphereRuntimePermission "setSSLConfig" to be granted.


getSSLPropertiesOnThread

  1. public java.util.Properties getSSLPropertiesOnThread( )

This method allows the retrieving of SSL properties on the thread of execution. This can be used for verification purposes or to communicate SSL properties among components running on the same thread.

When Java 2 Security is enabled, access to call this method requires WebSphereRuntimePermission "getSSLConfig" to be granted.

Returns:
java.util.Properties

getProperties

  1. public java.util.Properties getProperties( java.lang.String sslAliasName)
  2. throws SSLException

This method returns the SSL properties given a specific SSL configuration alias.

When Java 2 Security is enabled, access to call this method requires WebSphereRuntimePermission "getSSLConfig" to be granted.

Returns:
java.util.Properties
Throws:

getSSLContext

  1. public javax.net.ssl.SSLContext getSSLContext( java.util.Map connectionInfo,
  2. java.util.Properties props)
  3. throws SSLException

This method creates an SSLContext given a specific direction ("inbound" or "outbound") and the SSL properties needed to create the SSLContext. The properties can be retrieved from the SSL configuration using the getProperties API in this class.

Returns:
javax.net.ssl.SSLContext
Throws:

getURLStreamHandler

  1. public java.net.URLStreamHandler getURLStreamHandler( java.util.Properties props)
  2. throws SSLException

This method creates a URLStreamHandler specific SSL properties. The URLStreamHandler is used for outbound URL connections.

Returns:
java.net.URLStreamHandler
Throws:

getSSLServerSocketFactory

  1. public javax.net.ssl.SSLServerSocketFactory getSSLServerSocketFactory( java.util.Properties props)
  2. throws SSLException

This method creates an SSLServerSocketFactory given the SSL configuration properties specified. The properties can be retrieved from the SSL configuration using the getProperties API in this class.

Returns:
javax.net.ssl.SSLServerSocketFactory
Throws:

getSSLSocketFactory

  1. public javax.net.ssl.SSLSocketFactory getSSLSocketFactory( java.util.Map connectionInfo,
  2. java.util.Properties props)
  3. throws SSLException

This method creates an SSLContext based on the SSL properties specified. The properties can be retrieved from the SSL configuration using the getProperties API in this class. The connectionInfo can be used by a custom TrustManager for further trust evaluation.

Returns:
javax.net.ssl.SSLSocketFactory
Throws:

getSSLContext

  1. public javax.net.ssl.SSLContext getSSLContext( java.lang.String sslAliasName,
  2. java.util.Map connectionInfo,
  3. SSLConfigChangeListener listener)
  4. throws SSLException

This method creates an SSLContext for use by an SSL application or component. Precedence logic will determine which parameters are used for creating the SSLContext. The selection precendence rules are:

1. Programmatic - The SSL properties have been set on the thread of execution using the setPropertiesOnThread API. This is used for "outbound" directions only.

2. Dynamic - The remoteHost/remotePort String(s) will contain the target host DNS, host, or host/port. A configuration panel and command task for making the SSL configuration association with this target information is provided.

3. Direct - The sslAliasName parameter, when specified, will be used to choose the alias directly from the SSL configurations.

4. Grouping - Finally, the management scope which this API is called from will be the deciding factor in choosing an SSL configuration. A topology view is provided in the AdminConsole for associating SSL configurations with management scopes. Inheritance plays a role so associations at higher levels will be inherited at lower levels, unless overridden at the lower levels. The endPoint parameter is used in combination with the scope which this API is calling from. If the endPoint is not specified, the API will look at the server, cluster, node, nodegroup, and finally cell. There will always be an SSL configuration associated with the Cell, so this API guarantees selecting an SSL configuration.

When Java 2 Security is enabled, access to call this method requires WebSphereRuntimePermission "getSSLConfig" to be granted.

Returns:
javax.net.ssl.SSLContext
Throws:

getURLStreamHandler

  1. public java.net.URLStreamHandler getURLStreamHandler( java.lang.String sslAliasName,
  2. java.util.Map connectionInfo,
  3. SSLConfigChangeListener listener)
  4. throws SSLException

This method creates a URLStreamHandler for use by an SSL application or component. Precedence logic will determine which parameters are used for creating the URLStreamHandler. See the JavaDoc for getSSLContext with the same parameters for more info on the behavior of this API.

When Java 2 Security is enabled, access to call this method requires WebSphereRuntimePermission "getSSLConfig" to be granted.

Returns:
java.net.URLStreamHandler
Throws:

getSSLSocketFactory

  1. public javax.net.ssl.SSLSocketFactory getSSLSocketFactory( java.lang.String sslAliasName,
  2. java.util.Map connectionInfo,
  3. SSLConfigChangeListener listener)
  4. throws SSLException

This method creates an SSLSocketFactory for use by an SSL application or component. Precedence logic will determine which parameters are used for creating the SSLSocketFactory. See the JavaDoc for getSSLContext with the same parameters for more info on the behavior of this API.

When Java 2 Security is enabled, access to call this method requires WebSphereRuntimePermission "getSSLConfig" to be granted.

Returns:
javax.net.ssl.SSLSocketFactory
Throws:

getSSLServerSocketFactory

  1. public javax.net.ssl.SSLServerSocketFactory getSSLServerSocketFactory( java.lang.String sslAliasName,
  2. java.util.Map connectionInfo,
  3. SSLConfigChangeListener listener)
  4. throws SSLException

This method creates an SSLSocketFactory for use by an SSL application or component. Precedence logic will determine which parameters are used for creating the SSLSocketFactory. See the JavaDoc for getSSLContext with the same parameters for more info on the behavior of this API.

When Java 2 Security is enabled, access to call this method requires WebSphereRuntimePermission "getSSLConfig" to be granted.

Returns:
javax.net.ssl.SSLServerSocketFactory
Throws:

getProperties

  1. public java.util.Properties getProperties( java.lang.String sslAliasName,
  2. java.util.Map connectionInfo,
  3. SSLConfigChangeListener listener)
  4. throws SSLException

This method returns the effective SSL properties object for use by an SSL application or component. Precedence logic will determine which parameters are used for creating the Properties. See the JavaDoc for getSSLContext with the same parameters for more info on the behavior of this API. If the SSLConfigChangeListener is non null, it must be deregistered by deregisterSSLConfigChangeListener when it is no longer needed.

When Java 2 Security is enabled, access to call this method requires WebSphereRuntimePermission "getSSLConfig" to be granted.

Returns:
java.util.Properties
Throws:

registerSSLConfigChangeListener

  1. public void registerSSLConfigChangeListener( java.lang.String sslAliasName,
  2. java.util.Map connectionInfo,
  3. SSLConfigChangeListener listener)
  4. throws SSLException

This method registers an SSLConfigChangeListener for the specific SSL configuration chosen based upon the parameters passed in using the precedence logic described in the JavaDoc for the getSSLContext API. The SSLConfigChangeListener must be deregistered by deregisterSSLConfigChangeListener when it is no longer needed.

Throws:

deregisterSSLConfigChangeListener

  1. public void deregisterSSLConfigChangeListener( SSLConfigChangeListener listener)
  2. throws SSLException

This method removes the specific SSLConfigChangeListener from the list of active listeners.

Throws:

doesSSLConfigExist

  1. public boolean doesSSLConfigExist( java.lang.String sslAliasName)

This method checks to ensure the SSL configuration name is known in the management scope where the API is called. It will return true if the SSL configuration name is found in the scope. Otherwise, false will be returned.


loadClientSSLPropertiesFromURL

  1. public void loadClientSSLPropertiesFromURL( java.lang.String configURL,
  2. boolean reinitialize)

This method loads a client-side SSL properties file in the exact same format as the "ssl.client.props". The reinitialize flag should be set to "true" if this file has already been loaded once and you intend the changes to send notifications to listeners interested in knowing about changes to the SSL configurations. If this is the first time loading this configURL, set reinitialize to "false".

See Also:
com.ibm.websphere.ssl.JSSEHelper.reinitializeClientDefaultSSLProperties

reinitializeClientDefaultSSLProperties

  1. public void reinitializeClientDefaultSSLProperties( )

This method causes a reinitialization of the SSL properties that are located in default locations for sas.client.props, soap.client.props or ssl.client.props. Additional SSL configurations can be specified in the ssl.client.props.

See Also:
com.ibm.websphere.ssl.JSSEHelper.loadClientSSLPropertiesFromURL

validateSSLProperties

  1. public void validateSSLProperties( java.util.Properties props)
  2. throws SSLException

This method attempts to create an SSLContext using the properties provided. It is assumed the API is called on the node where the KeyStore information specified in the properties resides.

Throws:

getInboundConnectionInfo

  1. public java.util.Map getInboundConnectionInfo( )

This method is used to obtain information about the connection on the thread of execution. This connection information can then be used from Custom Key and Trust Managers.

Returns:
java.util.Map

setInboundConnectionInfo

  1. public void setInboundConnectionInfo( java.util.Map connectionInfo)

This method sets information about the connection on the thread of execution. This connection information can then be used from Custom Key and Trust Managers. This method is invoked prior to an SSL handshake.

It's important to clear the thread after use, especially where thread pools are used. It is not cleared up automatically. Pass in "null" to this API to clear it.


getOutboundConnectionInfo

  1. public java.util.Map getOutboundConnectionInfo( )

This method is used to obtain information about the connection on the thread of execution. This connection information can then be used to set the connection information prior to creating and SSL socket.

Returns:
java.util.Map

setOutboundConnectionInfo

  1. public void setOutboundConnectionInfo( java.util.Map connectionInfo)

This method sets information about the connection on the thread of execution. This method is invoked prior to creating an SSL socket.

It's important to clear the thread after use, especially where thread pools are used. It is not cleared up automatically. Pass in "null" to this API to clear it.


getFipsInfo

  1. public int getFipsInfo()

This method provides current FIPS configuration information

Returns:
integer that represents current FIPS status JSSEHelper.SECURITY_MODE_FIPS_DISABLED = 0 JSSEHelper.SECURITY_MODE_FIPS_140_2 = 1; JSSEHelper.SECURITY_MODE_SP_800_131_TRANSITION = 2; JSSEHelper.SECURITY_MODE_SP_800_131_STRICT = 3; JSSEHelper.SECURITY_MODE_SUITE_B_128 = 4; JSSEHelper.SECURITY_MODE_SUITE_B_192 = 5;