]
Darran Lofthouse resolved WFLY-3915.
------------------------------------
Assignee: Darran Lofthouse
Resolution: Out of Date
Marking as out of date, we have recently added support for setting the default SSLContext
- additionally we have other issues open to look at dynamically selecting a context based
on the destination.
Dynamic configuration of outbound SSL connections
-------------------------------------------------
Key: WFLY-3915
URL:
https://issues.jboss.org/browse/WFLY-3915
Project: WildFly
Issue Type: Feature Request
Components: Security
Reporter: James Livingston
Assignee: Darran Lofthouse
Priority: Major
WebSphere has a feature called "Dynamic outbound SSL configuration"
(
http://www-01.ibm.com/support/knowledgecenter/SSCKBL_8.5.5/com.ibm.websph...),
which allows the configuration of SSL parameters for connections which are not opened
directly by the container.
That can be useful for configuring the SSL usage of components such as resource adapters,
JDBC drivers, and application-packaged web service libraries. For example the
truststore/keystore could be configured different for all requests to the database host,
so that the global javax.net.ssl settings to not need to be modified if the driver does
not itself provide a way to configure it.
I believe that it is implemented by using javax.net.ssl.SSLContext.setDefault() to
replace the standard socket factory. The socket factory could then look at the passed
hostname/port, and potentially the calling application to configure the SSL socket
appropriately before returning it to the caller.