[infinispan-dev] Netty SSL Context, was [Hot Rod secured by default]
Tristan Tarrant
ttarrant at redhat.com
Mon Jun 5 04:32:21 EDT 2017
We should use this:
https://github.com/wildfly/wildfly-openssl
Tristan
On 6/1/17 1:17 PM, Gustavo Fernandes wrote:
> On Thu, Jun 1, 2017 at 10:51 AM, Sebastian Laskawiec
> <slaskawi at redhat.com <mailto:slaskawi at redhat.com>> wrote:
>
> I think I've just found the reason why we can not migrate in OpenSSL
> by default :(
>
> In server scenario we obtain S*SL*Context (the one from JDK; Netty
> has similar S*sl*Context) from WildFly. It is already configured
> along with sercurity realms, domains etc. We then get into this
> branch of code [1].
>
> In order to do fancy things like SNI we need to remap JDK's
> SSLContext into Netty's SslContext and the only implementation that
> can consume SSLContext we have at hand is JdkSslContext.
>
> I honestly have no idea how we could refactor this... And that's a
> shame because OpenSSL is way faster...
>
>
>
> I tried migrating the SSL engine to Netty's in [1] and hit the same
> wall. What I was told is that the SSLContext in Wildfly is now (version
> 11?) a capability under 'org.wildfly.security.ssl-context' and
> can be replaced, but I did not try doing that.
>
>
> [1] https://issues.jboss.org/browse/ISPN-6990
> <https://issues.jboss.org/browse/ISPN-6990>
>
> Gustavo
>
>
> _______________________________________________
> infinispan-dev mailing list
> infinispan-dev at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/infinispan-dev
>
--
Tristan Tarrant
Infinispan Lead
JBoss, a division of Red Hat
More information about the infinispan-dev
mailing list