SSLContext construction for SSL in Netty

"이희승 (Trustin Lee)" trustin at gmail.com
Mon Jul 20 20:03:55 EDT 2009 

Yes.  SslHandler does not know how to handle ChunkedInput.  It's only
ChunkedWriteHandler which can convert ChunkedInput into ChannelBuffers.

On 07/21/2009 03:55 AM, Michael McGrady wrote:
> Trustin,
> 
> 
> 
> Looks like one would have to be careful to do the GREEN rather than the
> ORANGE pipelines in NETTY where encryption and chunking were both used?
> 
> Mike
> 
> In the above graphic, I assume that
> On Jul 20, 2009, at 7:26 AM, 이희승 (Trustin Lee) wrote:
> 
>> Oh, I didn't know about that.  Could you elaborate with me in detail?
>>
>> Thanks,
>> Trustin
>>
>> On 07/20/2009 09:47 PM, Mike McGrady wrote:
>>> Just  a side note, Trustin.  How does the chunking work with the SSL?
>>> We have had to do some special things to accommodate SSL and chunking
>>> in our case.
>>>
>>> MIke
>>>
>>> On Jul 19, 2009, at 10:47 PM, 이희승 (Trustin Lee) wrote:
>>>
>>>> I did a preliminary test with SSLContext.getDefault() using the
>>>> SecureChat example, and it seems to work fine.  The following
>>>> describes
>>>> how I initialized SSLEngine in SecureChatPipelineFactory:
>>>>
>>>>       SSLEngine engine;
>>>>       if (handler instanceof SecureChatClientHandler) {
>>>>           engine = SSLContext.getDefault().createSSLEngine();
>>>>           engine.setEnabledCipherSuites(new String[] {
>>>> "TLS_DH_anon_WITH_AES_128_CBC_SHA" });
>>>>           engine.setUseClientMode(true);
>>>>       } else {
>>>>           engine = SSLContext.getDefault().createSSLEngine();
>>>>           engine.setEnabledCipherSuites(new String[] {
>>>> "TLS_DH_anon_WITH_AES_128_CBC_SHA" });
>>>>           engine.setUseClientMode(false);
>>>>       }
>>>>
>>>> Using the default SSLContext on only one side also works fine.
>>>>
>>>> One interesting issue was that SSL handshake fails with the default
>>>> SSLContext unless I set the 'enabledCipherSuites' explicitly.  On
>>>> handshake failure, exceptionCaught event is triggered so that you can
>>>> close the failed connection.
>>>>
>>>> If you still believe that there is a problem with the default
>>>> SSLContext, please post a test application that reproduces your
>>>> problem.
>>>>
>>>> HTH,
>>>> Trustin
>>>>
>>>> On 07/18/2009 12:24 AM, Jason Stevens wrote:
>>>>> I'm using v3.1.0 CR1.  Just tried the latest build and I'm
>>>>> experiencing
>>>>> the same issue with it.
>>>>>
>>>>> Thanks,
>>>>> Jason
>>>>>
>>>>> -----Original Message-----
>>>>> From: netty-users-bounces at lists.jboss.org
>>>>> [mailto:netty-users-bounces at lists.jboss.org] On Behalf Of "???
>>>>> (Trustin
>>>>> Lee)"
>>>>> Sent: Thursday, July 16, 2009 6:25 PM
>>>>> To: Netty -Users List
>>>>> Subject: Re: SSLContext construction for SSL in Netty
>>>>>
>>>>> Hi Jason,
>>>>>
>>>>> Which Netty version are you using?  Could you let me know if you are
>>>>> still having such a problem with the nightly build?
>>>>>
>>>>> Trustin
>>>>>
>>>>> On 07/17/2009 06:56 AM, jasons2645 wrote:
>>>>>> I have a client/server app written atop Netty that works fine over
>>>>>> SSL
>>>>> when I
>>>>>> initialize my SSLContext with a keystore, trust manager, etc.  But
>>>>> when I
>>>>>> use SSLContext.getDefault() as my context, the client/server stops
>>>>> working.
>>>>>> My log output indicates that a connection (channel) is established,
>>>>> but then
>>>>>> no messages ever get read.
>>>>>>
>>>>>> Is this something I have hooked up incorrectly?  Or is what I'm
>>>>>> trying
>>>>> to do
>>>>>> not supported by Netty or Java?
>>>>>>
>>>>>> Thanks,
>>>>>> Jason
>>>>> _______________________________________________
>>>>> netty-users mailing list
>>>>> netty-users at lists.jboss.org
>>>>> https://lists.jboss.org/mailman/listinfo/netty-users
>>>>>
>>>>> _______________________________________________
>>>>> netty-users mailing list
>>>>> netty-users at lists.jboss.org
>>>>> https://lists.jboss.org/mailman/listinfo/netty-users
>>>> _______________________________________________
>>>> netty-users mailing list
>>>> netty-users at lists.jboss.org
>>>> https://lists.jboss.org/mailman/listinfo/netty-users
>>>
>>> Mike McGrady
>>> Principal Investigator AF081-028 AFRL SBIR
>>> Senior Engineer
>>> Topia Technology, Inc.
>>> 1.253.720.3365
>>> mmcgrady at topiatechnology.com
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>> _______________________________________________
>>> netty-users mailing list
>>> netty-users at lists.jboss.org
>>> https://lists.jboss.org/mailman/listinfo/netty-users
>>
>> _______________________________________________
>> netty-users mailing list
>> netty-users at lists.jboss.org
>> https://lists.jboss.org/mailman/listinfo/netty-users
> 
> Mike McGrady
> Principal Investigator AF081-028 AFRL SBIR
> Senior Engineer
> Topia Technology, Inc
> 1.253.720.3365
> mmcgrady at topiatechnology.com
> 
> 
> 
> 
> 
> 
> 
> 
> ------------------------------------------------------------------------
> 
> _______________________________________________
> netty-users mailing list
> netty-users at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/netty-users

More information about the netty-users mailing list