问题
AFAIK Android javax.net.ssl classes uses openSSL/BoringSSL library at C/Low level for any SSL/TLS.
Intention: Load FIPS compliance openSSL libaray in my application and make javax.net.ssl(okhttp) classes use the that library?
Simlilar to WolfSSL provider,but its not JSSE compatible.
is this feasible with FIPS openSSL+ android, what are configuration at android java level ?
Thanks
回答1:
This is untested because my Android toolchain is currently down, but I believe that you should be able to bundle a FIPS-compliant OpenSSL library, construct a java.security.Provider that uses JNI to call out to the bundled library, and then use java.security.Security.insertProviderAt to install that Provider as the preferred provider. There is more information about how to write one of these Providers and use it at http://docs.oracle.com/javase/8/docs/technotes/guides/security/crypto/HowToImplAProvider.html and http://docs.oracle.com/javase/8/docs/technotes/guides/security/crypto/CryptoSpec.html#Provider, since Android's javax.net.SSL uses the regular Java Cryptography Architecture.
回答2:
Modified OKHTTP and OKIO code to use the WolfSSL java wrappers and made it work.
Now any https requests made will go to WolfSSL layer instead of stock android BoringSSL/OpenSSL.
来源:https://stackoverflow.com/questions/38630184/android-javax-net-ssl-and-fips-compliance-openssl