SSLContext construction for SSL in Netty

Michael McGrady mmcgrady at topiatechnology.com
Mon Jul 20 14:55:19 EDT 2009 

Trustin,

-------------- next part --------------
A non-text attachment was scrubbed...
Name: pastedGraphic.pdf
Type: application/pdf
Size: 19927 bytes
Desc: not available
Url : http://lists.jboss.org/pipermail/netty-users/attachments/20090720/ae7efc0e/attachment-0001.pdf 
-------------- next part --------------


Looks like one would have to be careful to do the GREEN rather than  
the ORANGE pipelines in NETTY where encryption and chunking were both  
used?

Mike

In the above graphic, I assume that
On Jul 20, 2009, at 7:26 AM, ??? (Trustin Lee) wrote:

> Oh, I didn't know about that.  Could you elaborate with me in detail?
>
> Thanks,
> Trustin
>
> On 07/20/2009 09:47 PM, Mike McGrady wrote:
>> Just  a side note, Trustin.  How does the chunking work with the SSL?
>> We have had to do some special things to accommodate SSL and chunking
>> in our case.
>>
>> MIke
>>
>> On Jul 19, 2009, at 10:47 PM, ??? (Trustin Lee) wrote:
>>
>>> I did a preliminary test with SSLContext.getDefault() using the
>>> SecureChat example, and it seems to work fine.  The following
>>> describes
>>> how I initialized SSLEngine in SecureChatPipelineFactory:
>>>
>>>       SSLEngine engine;
>>>       if (handler instanceof SecureChatClientHandler) {
>>>           engine = SSLContext.getDefault().createSSLEngine();
>>>           engine.setEnabledCipherSuites(new String[] {
>>> "TLS_DH_anon_WITH_AES_128_CBC_SHA" });
>>>           engine.setUseClientMode(true);
>>>       } else {
>>>           engine = SSLContext.getDefault().createSSLEngine();
>>>           engine.setEnabledCipherSuites(new String[] {
>>> "TLS_DH_anon_WITH_AES_128_CBC_SHA" });
>>>           engine.setUseClientMode(false);
>>>       }
>>>
>>> Using the default SSLContext on only one side also works fine.
>>>
>>> One interesting issue was that SSL handshake fails with the default
>>> SSLContext unless I set the 'enabledCipherSuites' explicitly.  On
>>> handshake failure, exceptionCaught event is triggered so that you  
>>> can
>>> close the failed connection.
>>>
>>> If you still believe that there is a problem with the default
>>> SSLContext, please post a test application that reproduces your
>>> problem.
>>>
>>> HTH,
>>> Trustin
>>>
>>> On 07/18/2009 12:24 AM, Jason Stevens wrote:
>>>> I'm using v3.1.0 CR1.  Just tried the latest build and I'm
>>>> experiencing
>>>> the same issue with it.
>>>>
>>>> Thanks,
>>>> Jason
>>>>
>>>> -----Original Message-----
>>>> From: netty-users-bounces at lists.jboss.org
>>>> [mailto:netty-users-bounces at lists.jboss.org] On Behalf Of "???
>>>> (Trustin
>>>> Lee)"
>>>> Sent: Thursday, July 16, 2009 6:25 PM
>>>> To: Netty -Users List
>>>> Subject: Re: SSLContext construction for SSL in Netty
>>>>
>>>> Hi Jason,
>>>>
>>>> Which Netty version are you using?  Could you let me know if you  
>>>> are
>>>> still having such a problem with the nightly build?
>>>>
>>>> Trustin
>>>>
>>>> On 07/17/2009 06:56 AM, jasons2645 wrote:
>>>>> I have a client/server app written atop Netty that works fine over
>>>>> SSL
>>>> when I
>>>>> initialize my SSLContext with a keystore, trust manager, etc.  But
>>>> when I
>>>>> use SSLContext.getDefault() as my context, the client/server stops
>>>> working.
>>>>> My log output indicates that a connection (channel) is  
>>>>> established,
>>>> but then
>>>>> no messages ever get read.
>>>>>
>>>>> Is this something I have hooked up incorrectly?  Or is what I'm
>>>>> trying
>>>> to do
>>>>> not supported by Netty or Java?
>>>>>
>>>>> Thanks,
>>>>> Jason
>>>> _______________________________________________
>>>> netty-users mailing list
>>>> netty-users at lists.jboss.org
>>>> https://lists.jboss.org/mailman/listinfo/netty-users
>>>>
>>>> _______________________________________________
>>>> netty-users mailing list
>>>> netty-users at lists.jboss.org
>>>> https://lists.jboss.org/mailman/listinfo/netty-users
>>> _______________________________________________
>>> netty-users mailing list
>>> netty-users at lists.jboss.org
>>> https://lists.jboss.org/mailman/listinfo/netty-users
>>
>> Mike McGrady
>> Principal Investigator AF081-028 AFRL SBIR
>> Senior Engineer
>> Topia Technology, Inc.
>> 1.253.720.3365
>> mmcgrady at topiatechnology.com
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>> _______________________________________________
>> netty-users mailing list
>> netty-users at lists.jboss.org
>> https://lists.jboss.org/mailman/listinfo/netty-users
>
> _______________________________________________
> netty-users mailing list
> netty-users at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/netty-users

Mike McGrady
Principal Investigator AF081-028 AFRL SBIR
Senior Engineer
Topia Technology, Inc
1.253.720.3365
mmcgrady at topiatechnology.com

More information about the netty-users mailing list