Re: [infinispan-dev] Netty SSL Context, was [Hot Rod secured by default]

On Thu, Jun 1, 2017 at 10:51 AM, Sebastian Laskawiec <slaskawi(a)redhat.com <mailto:slaskawi@redhat.com>> wrote: I think I've just found the reason why we can not migrate in OpenSSL by default :( In server scenario we obtain S*SL*Context (the one from JDK; Netty has similar S*sl*Context) from WildFly. It is already configured along with sercurity realms, domains etc. We then get into this branch of code [1]. In order to do fancy things like SNI we need to remap JDK's SSLContext into Netty's SslContext and the only implementation that can consume SSLContext we have at hand is JdkSslContext. I honestly have no idea how we could refactor this... And that's a shame because OpenSSL is way faster... I tried migrating the SSL engine to Netty's in [1] and hit the same wall. What I was told is that the SSLContext in Wildfly is now (version 11?) a capability under 'org.wildfly.security.ssl-context' and can be replaced, but I did not try doing that. [1] https://issues.jboss.org/browse/ISPN-6990 <https://issues.jboss.org/browse/ISPN-6990> Gustavo _______________________________________________ infinispan-dev mailing list infinispan-dev(a)lists.jboss.org https://lists.jboss.org/mailman/listinfo/infinispan-dev