SSLContext construction for SSL in Netty

"이희승 (Trustin Lee)" trustin at gmail.com
Mon Jul 20 01:47:03 EDT 2009 

I did a preliminary test with SSLContext.getDefault() using the
SecureChat example, and it seems to work fine.  The following describes
how I initialized SSLEngine in SecureChatPipelineFactory:

        SSLEngine engine;
        if (handler instanceof SecureChatClientHandler) {
            engine = SSLContext.getDefault().createSSLEngine();
            engine.setEnabledCipherSuites(new String[] {
"TLS_DH_anon_WITH_AES_128_CBC_SHA" });
            engine.setUseClientMode(true);
        } else {
            engine = SSLContext.getDefault().createSSLEngine();
            engine.setEnabledCipherSuites(new String[] {
"TLS_DH_anon_WITH_AES_128_CBC_SHA" });
            engine.setUseClientMode(false);
        }

Using the default SSLContext on only one side also works fine.

One interesting issue was that SSL handshake fails with the default
SSLContext unless I set the 'enabledCipherSuites' explicitly.  On
handshake failure, exceptionCaught event is triggered so that you can
close the failed connection.

If you still believe that there is a problem with the default
SSLContext, please post a test application that reproduces your problem.

HTH,
Trustin

On 07/18/2009 12:24 AM, Jason Stevens wrote:
> I'm using v3.1.0 CR1.  Just tried the latest build and I'm experiencing
> the same issue with it.
> 
> Thanks,
> Jason
> 
> -----Original Message-----
> From: netty-users-bounces at lists.jboss.org
> [mailto:netty-users-bounces at lists.jboss.org] On Behalf Of "??? (Trustin
> Lee)"
> Sent: Thursday, July 16, 2009 6:25 PM
> To: Netty -Users List
> Subject: Re: SSLContext construction for SSL in Netty
> 
> Hi Jason,
> 
> Which Netty version are you using?  Could you let me know if you are
> still having such a problem with the nightly build?
> 
> Trustin
> 
> On 07/17/2009 06:56 AM, jasons2645 wrote:
>> I have a client/server app written atop Netty that works fine over SSL
> when I
>> initialize my SSLContext with a keystore, trust manager, etc.  But
> when I
>> use SSLContext.getDefault() as my context, the client/server stops
> working. 
>> My log output indicates that a connection (channel) is established,
> but then
>> no messages ever get read.
>>
>> Is this something I have hooked up incorrectly?  Or is what I'm trying
> to do
>> not supported by Netty or Java?
>>
>> Thanks,
>> Jason
> 
> _______________________________________________
> netty-users mailing list
> netty-users at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/netty-users
> 
> _______________________________________________
> netty-users mailing list
> netty-users at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/netty-users

More information about the netty-users mailing list