On Thu, Jun 1, 2017 at 10:51 AM, Sebastian Laskawiec
<slaskawi(a)redhat.com <mailto:slaskawi@redhat.com>> wrote:
I think I've just found the reason why we can not migrate in OpenSSL
by default :(
In server scenario we obtain S*SL*Context (the one from JDK; Netty
has similar S*sl*Context) from WildFly. It is already configured
along with sercurity realms, domains etc. We then get into this
branch of code [1].
In order to do fancy things like SNI we need to remap JDK's
SSLContext into Netty's SslContext and the only implementation that
can consume SSLContext we have at hand is JdkSslContext.
I honestly have no idea how we could refactor this... And that's a
shame because OpenSSL is way faster...
I tried migrating the SSL engine to Netty's in [1] and hit the same
wall. What I was told is that the SSLContext in Wildfly is now (version
11?) a capability under 'org.wildfly.security.ssl-context' and
can be replaced, but I did not try doing that.
[1]
https://issues.jboss.org/browse/ISPN-6990
<
https://issues.jboss.org/browse/ISPN-6990>
Gustavo
_______________________________________________
infinispan-dev mailing list
infinispan-dev(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/infinispan-dev