SSLContext construction for SSL in Netty

Mike McGrady mmcgrady at topiatechnology.com
Mon Jul 20 08:47:59 EDT 2009 

Just  a side note, Trustin.  How does the chunking work with the SSL?   
We have had to do some special things to accommodate SSL and chunking  
in our case.

MIke

On Jul 19, 2009, at 10:47 PM, 이희승 (Trustin Lee) wrote:

> I did a preliminary test with SSLContext.getDefault() using the
> SecureChat example, and it seems to work fine.  The following  
> describes
> how I initialized SSLEngine in SecureChatPipelineFactory:
>
>        SSLEngine engine;
>        if (handler instanceof SecureChatClientHandler) {
>            engine = SSLContext.getDefault().createSSLEngine();
>            engine.setEnabledCipherSuites(new String[] {
> "TLS_DH_anon_WITH_AES_128_CBC_SHA" });
>            engine.setUseClientMode(true);
>        } else {
>            engine = SSLContext.getDefault().createSSLEngine();
>            engine.setEnabledCipherSuites(new String[] {
> "TLS_DH_anon_WITH_AES_128_CBC_SHA" });
>            engine.setUseClientMode(false);
>        }
>
> Using the default SSLContext on only one side also works fine.
>
> One interesting issue was that SSL handshake fails with the default
> SSLContext unless I set the 'enabledCipherSuites' explicitly.  On
> handshake failure, exceptionCaught event is triggered so that you can
> close the failed connection.
>
> If you still believe that there is a problem with the default
> SSLContext, please post a test application that reproduces your  
> problem.
>
> HTH,
> Trustin
>
> On 07/18/2009 12:24 AM, Jason Stevens wrote:
>> I'm using v3.1.0 CR1.  Just tried the latest build and I'm  
>> experiencing
>> the same issue with it.
>>
>> Thanks,
>> Jason
>>
>> -----Original Message-----
>> From: netty-users-bounces at lists.jboss.org
>> [mailto:netty-users-bounces at lists.jboss.org] On Behalf Of "???  
>> (Trustin
>> Lee)"
>> Sent: Thursday, July 16, 2009 6:25 PM
>> To: Netty -Users List
>> Subject: Re: SSLContext construction for SSL in Netty
>>
>> Hi Jason,
>>
>> Which Netty version are you using?  Could you let me know if you are
>> still having such a problem with the nightly build?
>>
>> Trustin
>>
>> On 07/17/2009 06:56 AM, jasons2645 wrote:
>>> I have a client/server app written atop Netty that works fine over  
>>> SSL
>> when I
>>> initialize my SSLContext with a keystore, trust manager, etc.  But
>> when I
>>> use SSLContext.getDefault() as my context, the client/server stops
>> working.
>>> My log output indicates that a connection (channel) is established,
>> but then
>>> no messages ever get read.
>>>
>>> Is this something I have hooked up incorrectly?  Or is what I'm  
>>> trying
>> to do
>>> not supported by Netty or Java?
>>>
>>> Thanks,
>>> Jason
>>
>> _______________________________________________
>> netty-users mailing list
>> netty-users at lists.jboss.org
>> https://lists.jboss.org/mailman/listinfo/netty-users
>>
>> _______________________________________________
>> netty-users mailing list
>> netty-users at lists.jboss.org
>> https://lists.jboss.org/mailman/listinfo/netty-users
>
> _______________________________________________
> netty-users mailing list
> netty-users at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/netty-users

Mike McGrady
Principal Investigator AF081-028 AFRL SBIR
Senior Engineer
Topia Technology, Inc.
1.253.720.3365
mmcgrady at topiatechnology.com

More information about the netty-users mailing list