[infinispan-dev] Netty SSL Context, was [Hot Rod secured by default]
Gustavo Fernandes
gustavo at infinispan.org
Thu Jun 1 07:17:47 EDT 2017
On Thu, Jun 1, 2017 at 10:51 AM, Sebastian Laskawiec <slaskawi at redhat.com>
wrote:
> I think I've just found the reason why we can not migrate in OpenSSL by
> default :(
>
> In server scenario we obtain S*SL*Context (the one from JDK; Netty has
> similar S*sl*Context) from WildFly. It is already configured along with
> sercurity realms, domains etc. We then get into this branch of code [1].
>
> In order to do fancy things like SNI we need to remap JDK's SSLContext
> into Netty's SslContext and the only implementation that can consume
> SSLContext we have at hand is JdkSslContext.
>
> I honestly have no idea how we could refactor this... And that's a shame
> because OpenSSL is way faster...
>
I tried migrating the SSL engine to Netty's in [1] and hit the same wall.
What I was told is that the SSLContext in Wildfly is now (version 11?) a
capability under 'org.wildfly.security.ssl-context' and
can be replaced, but I did not try doing that.
[1] https://issues.jboss.org/browse/ISPN-6990
Gustavo
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/infinispan-dev/attachments/20170601/3c911072/attachment.html
More information about the infinispan-dev
mailing list