Class SunJCESecurityProviderRegistrar

  • All Implemented Interfaces:
    NamedResource, OptionalFeature, PropertyResolver, SecurityProviderChoice, SecurityProviderRegistrar

    public class SunJCESecurityProviderRegistrar
    extends AbstractSecurityProviderRegistrar
    This is registrar ensures that even if other registrars are active, we still use the Java built-in security provider at least for some security entities.

    The problem is that if the Bouncy Castle registrar is present and enabled, we'll end up using the Bouncy Castle implementations for just about anything. But not all Bouncy Castle versions have native implementations of the algorithms. If BC AES is used and is implemented in Java, performance will be very poor. SunJCE's AES uses native code and is much faster.

    If no Bouncy Castle is registered, this extra registrar will not have an effect. Like all registrars, this one can be disabled via a system property org.apache.sshd.security.provider.SunJCEWrapper.enabled=false. Note that this does not disable the fallback to the platform provider; it only disables this wrapper which can be used to force the use of the "SunJCE" standard Java provider even if some other registrar also supports an algorithm (and would thus normally be preferred).

    The registrar can be configured as usual. By default it has only the AES cipher and the SHA macs enabled, everything else is disabled.