Code Note

by Xuelei Fan
  • The Trap of Case-Insensitive String

    Jul 7, 2011

    The String.toUpperCase() or String.toLowerCase() method is locale sensitive, and may produce unexpected results if used for strings that are intended to be interpreted locale independently.

  • Dump PKCS11 Slot Info

    Jul 19, 2009

    A tool to dumpl PKCS#11 slot information

  • Enable OCSP checking

    Jul 4, 2009

    If a certificate is issued with a authority information access extension which indicates the OCSP access method and location, one can enable the default implementation of OCSP checker during building or validating a certification path.

  • TLS and NIST'S Policy on Hash Functions

    Jun 18, 2009

    Federal agencies should stop using SHA-1 for digital signatures, digital time stamping and other applications that require collision resistance as soon as practical, and must use the SHA-2 family of hash functions for these applications after 2010.

  • Certificates Order in TLS Handshaking

    Jun 15, 2009

    Per the TLS specification (page 39, section 7.4.2, RFC2246), the certificate list passed to server Certificate message or client Certificate message "is a sequence (chain) of X.509v3 certificates. The sender's certificate must come first in the list. Each following certificate must directly certify the one preceding it."

  • RSA AlgorithmIdentifier of X.509 Certificate

    Jun 13, 2009

    there is a risk of interoperability problems between ITU-T X.509 compliant implementations and PKIX compliant implementations.

  • JSSE Debug Logging With Timestamp

    May 29, 2009

    Is there any way to enable JSSE debug logging with timestamp? Definitely, the answer is YES. It is straightforward.

  • Understanding Self-Issued Certificate

    May 28, 2009

    RFC5280 categorize certificate into two classes: CA certificates and end entity certificates, and CA certificates are divided into three classes: cross-certificates, self-issued certificates, and self-signed certificates.

  • FIPS 140 Compliant Mode for SunJSSE

    May 24, 2009

    The SunJSSE provider now supports an experimental FIPS 140 compliant mode. When enabled and used in combination with the SunPKCS11 provider and an appropriate FIPS 140 certified PKCS#11 token, SunJSSE is FIPS 140 compliant.

  • Java Security: SunJSSE and TLSAES

    May 24, 2009

    TLS AES ciphersuites for JSSE and the SunJSSE provider

Copyright © 2019 Xuelei Fan. All rights reserved.