I have seen Where to find Java 6 JSSE/JCE Source Code? and asked the question myself How to get JRE/JDK with matching source? but I don't either of these was specific enough to get the answer I was really after, so I'm going to try a way more specific version of the question.

Basically the problem that I am trying to solve is that I would like to be able to use my Eclipse debugger on Windows and step into the Java SSL classes (JSSE) to help me debug SSL issues as well as to just understand the SSL process better. BTW I am familiar with (and use) the javax.net.debug=ssl|all system property to get SSL tracing and, while this is very helpful, I'd still like to be able to step through that pesky code.

So what I think I specifically need is:

1. An executable JRE / JDK implementation (not wanting to build one)...
2. That runs on my Windows platform (XP)...
3. That includes source...
4. And that source includes the SSL "bits" (JSSE, etc.)...
5. And ideally the SSL implementation is Sun's or the OpenJDK version.

I think the closest thing (as noted in PW's answer StackOverflow: 87106) is the OpenJDK source openjdk-6-src-b12-28_aug_2008.tar.gz found at OpenJDK 6 Source Release, but I'm not sure there's a matching executable JDK / JRE for that that would run on Windows.

You can get the source code of JSSE lib (Open JDK implementation) here - http://hg.openjdk.java.net/jdk8u/jdk8u-dev/jdk/file/4d6c03fb1039/src/share/classes/sun/security/ssl

Steps to create a source jar file for attaching to an IDE for debugging.

1. Go a little above in the directory structure i.e. to http://hg.openjdk.java.net/jdk8u/jdk8u-dev/jdk/file/4d6c03fb1039/src/share/classes/ repo.
2. Download the source package by clicking on the "zip" or "gz" links that you see at the left pane.
3. But this package is huge and contains thousands of *.java files. You do not normally want all of these to just debug jsse.jar code.
4. So better copy only the sun.security.rsa , sun.security.ssl , sun.security.provider & com.sun.net.ssl packages to a new folder (lets say jsse-code) on your computer.
5. Go to that folder from command line & create the source jar on your own.
   e.g. jar -cvf jsse-src.jar *
6. You are done. You now have your jsse source lib that you can attach to your preferred IDE (e.g. - Eclipse) to debug the JSSE code.

Thanks
Ayas

I used the OpenJDK download for Java 6:

http://download.java.net/openjdk/jdk6/

To debug the JSSE/SSL code, I used the classes found in the sun.security.ssl and sun.security.ec packages and created a new library. Unfortunately, just having a library with all the source wasn't enough for me. I couldn't figure out how to get my IDE (Netbeans) to step into the JSSE code. Instead, it was calling the JSSE bundled with my JDK.

As a workaround, I ended up refactoring the ssl and ec packages into a new "Provider". Here's what I did:

1. Renamed the SunJSSE class to SSLProvider and replaced all references to "SunJSSE" in the code.
2. Refactored sun.security.ssl and sun.security.ec into 2 new packages: javaxt.ssl and javaxt.ec
3. Find/Replace all references to the original package names in the code. For example, in the SSLProvider.java class, replace "sun.security.ssl.SSLContextImpl" with "javaxt.ssl.SSLContextImpl".

Once I had a new security provider, I could reference it explicitly in my code. Example:

  java.security.Provider provider = new javaxt.ssl.SSLProvider();
  java.security.Security.addProvider(provider);
  SSLContext sslc = SSLContext.getInstance("TLS", "SSLProvider");

By explicitly setting the security provider, I can now drop breakpoints and throw out print statements to my heart's content :-)

If anyone is interested, I have posted a zip archive of the "SSLProvider" source here:

http://www.javaxt.com/download/?/jsse/SSLProvider.zip

You can get the source code of JSSE lib (Open JDK implementation) from its mercurial repository following these steps to create a source zip file for attaching to an IDE for debugging.

1. Get your java build version (in my case the build is 1.8.0_181-b13)

   java -version
   

   Probably you will get a result like this:

   java version "1.8.0_181"
   Java(TM) SE Runtime Environment (build 1.8.0_181-b13)
   Java HotSpot(TM) 64-Bit Server VM (build 25.181-b13, mixed mode)
   

2. Now we can find the node for our version in this the repository. In my case my tag will be jdk8u181-b13 because my build is 1.8.0_181-b13 and its node will be 0cb452d66676 remember that the java version is jdk8u. We can download the source package by clicking on the "zip" or "gz" links that you see at the left pane and manually repack it as a zip. Or select only the packages you need.

3. In this example I will download all the packages under the directory classes. To this end, replace the version jdk8u and node 0cb452d66676 in this script to download the source code, and repack it as a src zip file.

   version=jdk8u
   node=0cb452d66676
   mkdir ~/temp
   cd ~/temp
   wget http://hg.openjdk.java.net/$version/$version/jdk/archive/$node.zip/src/share/classes/
   unzip $node.zip -d $version-$node
   cd jdk-$node/src/share/classes/
   zip -r $version-$node-src.zip .
   

4. Add the source to your IDE and happy coding.

Notice: In this repository, the available versions are:

• jdk6
• jdk7
• jdk7u
• jdk8
• jdk8u
• jdk9
• jdk10

The Sun implementation is not open source as far as I know. You can download an open source JCE here:

http://www.bouncycastle.org/java.html

As a matter of fact, the SSL implementation is included in the OpenJDK sources, but for some reason not in the standard source Zip file. I have no clue why.

I don't know where one would normally fetch the OpenJDK sources; I got them on Debian via apt-get source openjdk-6. The SSL implementation sources are in jdk/src/share/classes/javax/net/ssl.

The JSSE source code for the Sun Java releases was formerly available via the Sun Community Source License Program. Since the Oracle takeover it appears to have disappeared, but I hope I'm wrong about that.

I ended up doing the following on Mac OS X High Sierra 10.13.4 running eclipse luna and javac 1.8.0_171

On a ubuntu machine also running open jdk and javac 1.8.0_171

apt-get install openjdk-8-source

cd tmp

unzip /usr/lib/jvm/openjdk-8/src.zip "sun/security/*"

zip -r jsse-src sun 

I didn't include the com/sun/net/ssl stuff but was good enough in my case.

I then copied jsse-src.zip to the mac at /Library/Java/JavaVirtualMachines/jdk1.8.0_171.jdk/Contents/Home/ and pointed eclipse to that.

Following up on this, you can download OpenJDK:

https://adoptopenjdk.net/

and match it up exactly to the source code from

https://github.com/AdoptOpenJDK/openjdk-jdk8u

Currently u172-b11 is the latest version, but they are in sync and will work on all platforms.