-
-
Notifications
You must be signed in to change notification settings - Fork 81
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
add ability to configure netty for ssl #17
Comments
Agree. Working on it. |
Second this. We would like to help if needed. |
Yes, I will work on this as soon as I'm back working in 2 weeks :-) |
Hi, Has there been any resolution to this issue? In particular SSL support in Nettosphere? I have another question with regards to securing communications between an external client and a Nettosphere server behind a firewall. What if the SSL was provided by a load-balancer (LB) just past the firewall? Then the Nettosphere server sat behind the LB and the LB directed the request to Nettosphere in plain HTTP. Do you think this scenario would work? Thanks, |
Working on it. |
OK fixed, just set an SSLEngine on the Config object to enable it. |
Hey, thanks for the fix, but you need to create a new SSLEngine for every pipeline. Otherwise, you'll run into a "bad record MAC" SSLException on the second request and netty will just quietly freeze. |
Euh....my bad. I will fix it ASAP. |
OK finally fixed. You can now just do: final SSLContext sslContext = createSSLContext();
Config config = new Config.Builder()
.port(port)
.host("127.0.0.1")
.sslContext(sslContext)
.resource(new Handler() {
@Override
public void handle(AtmosphereResource r) {
r.getResponse().write("Hello World from Nettosphere").closeStreamOrWriter();
}
}).build(); You can also add an SSLContextListener to customize the SSLEngine: /**
* A callback used to configure {@link javax.net.ssl.SSLEngine} before they get injected in Netty.
*/
public interface SSLContextListener {
SSLContextListener DEFAULT = new SSLContextListener(){
@Override
public void onPostCreate(SSLEngine e) {
e.setEnabledCipherSuites(new String[]{"SSL_DH_anon_WITH_RC4_128_MD5"});
e.setUseClientMode(false);
}
};
/**
* Invoked just after the {@link SSLEngine} has been created, but not yet injected in Netty.
* @param e SSLEngine;
*/
public void onPostCreate(SSLEngine e);
} |
Hi |
@rahulva : This worked for me:
|
I've been struggling with implementing Nettosphere with keystore file (JKS). Any example of code snippet please? Thanks |
it is not currently possible to configure netty directly outside of the simple host,port configuration. it would be nice to expose more advanced configuration of netty, primarily ssl, but also possibly things like thread pools, socket params, etc.
The text was updated successfully, but these errors were encountered: