JSSE Implementations

HttpClient does not come with support for SSL/TLS because it doesn't have to. Both security protocols are for the transport layer, while the HTTP protocol operates on top of the transport layer. You can mix and match HttpClient with any independent SSL/TLS implementation. Our SSL/TLS guide explains how to do this. The standard Java API for SSL/TLS is called JSSE (Java Secure Socket Extension). This page lists some JSSE providers, that is implementations of the API, which you can use. It starts with JSSE providers that are bundled with JDKs, then follow independent packages.

Some of the SSL code in the HttpClient contrib package is hard-coded against the SUN JSSE provider, since classes under com.sun.* are referenced. If you are using a different provider, you have to adapt the code to use the respective API of that provider. Problems you may encounter with some JSSE implementations are sometimes caused by the fact that the secure sockets provided not always correctly implement all socket operations used by HttpClient.


SUN JDKs since 1.4 are shipped with the SUN JSSE provider. There is a separate package that can be downloaded and installed for older JDKs. The SUN JSSE provider is reported to be stable for use with HttpClient since JDK 1.4.2. Older versions, and the separate download packages for older JDKs, are reported to cause problems.


IBM JDKs ship with an IBM JSSE provider replacing the one from SUN. Here is the documentation for the JSSE. Platform specific security information for the IBM JDK 1.4.2 is available here. Information about older JDKs seems to be unavailable or is well hidden.


JESSIE stands for JESSIE Executes Secure Sockets In Excess. It is a free implementation of JSSE with a relaxed GNU license.


Oracle Phaos SSLava


Developed at the Technical University of Graz, iSaSiLk is not a cheap, but a good SSL/TLS implementation. Recommended by Oleg.

  • No labels