How safe is to exchange encrypted sensitive data over unsecured network
Hi All:
We have developed a signed applet to display sensitive data. The applet communicates with Server over SSL connection. Applet is developed with SUN JDK 1.4.2_06 and uses JSSE to communicate with the Server, which is using openSSL. After we deployed the applet to end customers, we found that there exists a SocketTimeOut issue with JSSE bundled with SUN 14.2_06 JRE. We reported it to SUN and they told us that it is going to be fixed in a new release 1.4.2_11 that is going to come out by this month end.
In the mean time we are exploring different options. Just wondering whether it is safe to use thirdy party libraries such as one from BouncyCastle, RSA (RSA-BSAFE C/J),etc. to encrypt the sensitive data and exchange the same over unsecured communication channels? We are for sure want to use asymmetric keys for encryption. We are not experts in security related matters. We would like to get some valuable inputs from you.
Thanks a lot in advance....
