Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Getting protocol for session #1

Closed
wants to merge 3 commits into from
Closed

Getting protocol for session #1

wants to merge 3 commits into from

Conversation

fondemen
Copy link
Contributor

This simple pach would make possible to know what protocol is in use for a session.

If pulled, onc could later change OpenSslEngine.getSession() with:
SSLSession session = this.session;
if (session == null) {
this.session = session = new SSLSession() {
...
public String getProtocol() {
SSL.getProtocolForSSL(ssl);
}

instead of the current code

normanmaurer
normanmaurer reviewed Oct 23, 2014
View reviewed changes
src/main/c/ssl.c
@@ -1309,6 +1309,15 @@ TCN_IMPLEMENT_CALL(jstring, SSL, getCipherForSSL)(TCN_STDARGS,
return AJP_TO_JSTRING(SSL_get_cipher(J2P(ssl, SSL*)));
}

// Read which protocol was negotiated for the given SSL *.
TCN_IMPLEMENT_CALL(jstring, SSL, getProtocolForSSL)(TCN_STDARGS,
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Please call it getVersion as we usually use the same method names for java and c.

@normanmaurer
Copy link
Member

@fondemen can you please adjust the commit message to match our template:
http://netty.io/wiki/writing-a-commit-message.html

@fondemen
Making possible to have access to the chose session protocol (e.g.
db64da5 
TLSv1.2 or SSLv3)

Motivation:

It is possible to check what is the chosen cipher for an SSL session,
which is properly reported in netty using the OpenSSL implementation for
SSLSession. However, protocol is reported as unknown. If using the JDK
implementation, it is correctly reported such as as SSLv3.

Knowing the session protocol can help in managing security properly,
e.g. for accepting SSLv3 or TLSv1 in some parts of an application for
compatibility, and allowing only TLSv1.1 or TLSv1.2 for more secured
parts, such as user authentication.

Modifications:

Just adding a new native operation to SSL to quary protocol of an
existing session thanks to its id.

Result:

It will be possible to implement getProtocol for the
OpenSslEngine.getSession().getProtocol() so that it has same behavior as
JDK implementation.
@fondemen
Copy link
Contributor Author

Corrections made to match your expectations.

normanmaurer
normanmaurer reviewed Oct 23, 2014
View reviewed changes
src/main/c/ssl.c
@@ -1309,6 +1309,15 @@ TCN_IMPLEMENT_CALL(jstring, SSL, getCipherForSSL)(TCN_STDARGS,
return AJP_TO_JSTRING(SSL_get_cipher(J2P(ssl, SSL*)));
}

// Read which protocol was negotiated for the given SSL *.
TCN_IMPLEMENT_CALL(jstring, SSL, getVersionForSSL)(TCN_STDARGS,
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Call it getVersion(...)

@normanmaurer
Copy link
Member

@fondemen also please squash commits into 1

@fondemen
Making possible to have access to the chose session protocol (e.g. …
82175e4 
TLSv1.2 or SSLv3)

Motivation:

It is possible to check what is the chosen cipher for an SSL session,
which is properly reported in netty using the OpenSSL implementation for
SSLSession. However, protocol is reported as unknown. If using the JDK
implementation, it is correctly reported such as as SSLv3.

Knowing the session protocol can help in managing security properly,
e.g. for accepting SSLv3 or TLSv1 in some parts of an application for
compatibility, and allowing only TLSv1.1 or TLSv1.2 for more secured
parts, such as user authentication.

Modifications:

Just adding a new native operation to SSL to quary protocol of an
existing session thanks to its id.

Result:

It will be possible to implement getProtocol for the
OpenSslEngine.getSession().getProtocol() so that it has same behavior as
JDK implementation.
@fondemen fondemen closed this Oct 28, 2014
@zeewane zeewane mentioned this pull request Dec 15, 2017
Closed
@sauroter sauroter mentioned this pull request Feb 5, 2018
Closed
@NickNYU NickNYU mentioned this pull request Jul 31, 2018
Closed
@rashmi-ibm rashmi-ibm mentioned this pull request Nov 12, 2019
Closed
@xushirain xushirain mentioned this pull request Mar 10, 2020
Open
@morvael morvael mentioned this pull request Jul 14, 2023
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@fondemen @normanmaurer