SSLContext construction for SSL in Netty

Michael McGrady mmcgrady at topiatechnology.com
Mon Jul 20 14:17:44 EDT 2009 

I have not looked at the Netty encryption process as yet.  If you  
encrypt after the chunking, that is a wholly different process as  
before the chunking.  We have a commercial product called "Skoot", see www.skootit.com 
, that encrypts chunks, rather than the stream or the file before  
chunking.  What needs to be watched is that you don't send 99.9% of a  
file (stream) and then have to start over due to a connection (etc)  
issue.

Let me look at your encryption a bit to examine the cooperation impact  
on chunking in Netty.

Mike

On Jul 20, 2009, at 7:26 AM, 이희승 (Trustin Lee) wrote:

> Oh, I didn't know about that.  Could you elaborate with me in detail?
>
> Thanks,
> Trustin
>
> On 07/20/2009 09:47 PM, Mike McGrady wrote:
>> Just  a side note, Trustin.  How does the chunking work with the SSL?
>> We have had to do some special things to accommodate SSL and chunking
>> in our case.
>>
>> MIke
>>
>> On Jul 19, 2009, at 10:47 PM, 이희승 (Trustin Lee) wrote:
>>
>>> I did a preliminary test with SSLContext.getDefault() using the
>>> SecureChat example, and it seems to work fine.  The following
>>> describes
>>> how I initialized SSLEngine in SecureChatPipelineFactory:
>>>
>>>       SSLEngine engine;
>>>       if (handler instanceof SecureChatClientHandler) {
>>>           engine = SSLContext.getDefault().createSSLEngine();
>>>           engine.setEnabledCipherSuites(new String[] {
>>> "TLS_DH_anon_WITH_AES_128_CBC_SHA" });
>>>           engine.setUseClientMode(true);
>>>       } else {
>>>           engine = SSLContext.getDefault().createSSLEngine();
>>>           engine.setEnabledCipherSuites(new String[] {
>>> "TLS_DH_anon_WITH_AES_128_CBC_SHA" });
>>>           engine.setUseClientMode(false);
>>>       }
>>>
>>> Using the default SSLContext on only one side also works fine.
>>>
>>> One interesting issue was that SSL handshake fails with the default
>>> SSLContext unless I set the 'enabledCipherSuites' explicitly.  On
>>> handshake failure, exceptionCaught event is triggered so that you  
>>> can
>>> close the failed connection.
>>>
>>> If you still believe that there is a problem with the default
>>> SSLContext, please post a test application that reproduces your
>>> problem.
>>>
>>> HTH,
>>> Trustin
>>>
>>> On 07/18/2009 12:24 AM, Jason Stevens wrote:
>>>> I'm using v3.1.0 CR1.  Just tried the latest build and I'm
>>>> experiencing
>>>> the same issue with it.
>>>>
>>>> Thanks,
>>>> Jason
>>>>
>>>> -----Original Message-----
>>>> From: netty-users-bounces at lists.jboss.org
>>>> [mailto:netty-users-bounces at lists.jboss.org] On Behalf Of "???
>>>> (Trustin
>>>> Lee)"
>>>> Sent: Thursday, July 16, 2009 6:25 PM
>>>> To: Netty -Users List
>>>> Subject: Re: SSLContext construction for SSL in Netty
>>>>
>>>> Hi Jason,
>>>>
>>>> Which Netty version are you using?  Could you let me know if you  
>>>> are
>>>> still having such a problem with the nightly build?
>>>>
>>>> Trustin
>>>>
>>>> On 07/17/2009 06:56 AM, jasons2645 wrote:
>>>>> I have a client/server app written atop Netty that works fine over
>>>>> SSL
>>>> when I
>>>>> initialize my SSLContext with a keystore, trust manager, etc.  But
>>>> when I
>>>>> use SSLContext.getDefault() as my context, the client/server stops
>>>> working.
>>>>> My log output indicates that a connection (channel) is  
>>>>> established,
>>>> but then
>>>>> no messages ever get read.
>>>>>
>>>>> Is this something I have hooked up incorrectly?  Or is what I'm
>>>>> trying
>>>> to do
>>>>> not supported by Netty or Java?
>>>>>
>>>>> Thanks,
>>>>> Jason
>>>> _______________________________________________
>>>> netty-users mailing list
>>>> netty-users at lists.jboss.org
>>>> https://lists.jboss.org/mailman/listinfo/netty-users
>>>>
>>>> _______________________________________________
>>>> netty-users mailing list
>>>> netty-users at lists.jboss.org
>>>> https://lists.jboss.org/mailman/listinfo/netty-users
>>> _______________________________________________
>>> netty-users mailing list
>>> netty-users at lists.jboss.org
>>> https://lists.jboss.org/mailman/listinfo/netty-users
>>
>> Mike McGrady
>> Principal Investigator AF081-028 AFRL SBIR
>> Senior Engineer
>> Topia Technology, Inc.
>> 1.253.720.3365
>> mmcgrady at topiatechnology.com
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>> _______________________________________________
>> netty-users mailing list
>> netty-users at lists.jboss.org
>> https://lists.jboss.org/mailman/listinfo/netty-users
>
> _______________________________________________
> netty-users mailing list
> netty-users at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/netty-users

Mike McGrady
Principal Investigator AF081-028 AFRL SBIR
Senior Engineer
Topia Technology, Inc
1.253.720.3365
mmcgrady at topiatechnology.com

More information about the netty-users mailing list