[jetty-users] Jetty and Java 8 SSL improvements

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [List Home]

[jetty-users] Jetty and Java 8 SSL improvements

From: Ben Summers <ben@xxxxxxxxxxxx>
Date: Sun, 21 Dec 2014 10:00:23 +0000
Delivered-to: jetty-users@xxxxxxxxxxx
List-archive: <https://dev.eclipse.org/mailman/private/jetty-users>
List-help: <mailto:jetty-users-request@eclipse.org?subject=help>
List-subscribe: <https://dev.eclipse.org/mailman/listinfo/jetty-users>, <mailto:jetty-users-request@eclipse.org?subject=subscribe>
List-unsubscribe: <https://dev.eclipse.org/mailman/options/jetty-users>, <mailto:jetty-users-request@eclipse.org?subject=unsubscribe>

Steve,

Do you think it's a big task to implement it? There is a patch from earlier this year in that bug report which might be a good basis.

I'd prefer not to use an SSL stack written in a non-memory safe language. Perhaps I'm swapping one set of problems for another, but a Java SSL implementation seems to mitigate the scariest risks.

Also, I use continuations for long polling, which may not necessarily work that efficiently with all proxies.

It seems like Netty's API is more amenable to supporting SNI https://github.com/grahamedgecombe/netty-sni-example . Maybe swapping to that or using it as a proxy would be a solution.

Thanks.

Ben

Steve Sobol - Lobos Studios steve@xxxxxxxxxxxxxxxx wrote:
> 
> Ben, if you (or anyone else) would like to know how my working Apache >> 
> Jetty proxy is set up, I'll be happy to share configs - just ask.
> 
> Steve Sobol - Lobos Studios wrote:
>> This is something I've been asking about. It's a low priority for the 
>> Jetty team. It was suggested that I could contribute a fix, and 
>> there's certainly enough information in Bugzilla that I could do it 
>> pretty easily, but paying projects have priority and I have a couple 
>> big deadlines to meet. I would love to contribute a fix when I have 
>> time, though.
>> 
>> Right now, as a workaround, I have a server dedicated to J2EE apps, 
>> running Jetty, and I threw Apache 2.4 on that box and am using it and 
>> mod_proxy to proxy HTTPS requests to Jetty (because Apache 2.4 speaks 
>> SNI).
>> 
>> Ben Summers wrote:
>>> Hello,
>>> 
>>> Now Java 8 has SNI support, and the ability to set the cipher suite order, are there any plans to add support in Jetty?
>>> 
>>> I see from Bugzilla that some work has been done on support, is this something that is likely to be added to Jetty in the near future?
>>> 
>>>  https://bugs.eclipse.org/bugs/show_bug.cgi?id=430951
>>> 
>>> I need to add SNI support (and ideally set the cipher suite order) and am just wondering what my options are.
>>> 
>>> Many thanks,
>>> 
>>> Ben
>>> 
>>>

Follow-Ups:
- Re: [jetty-users] Jetty and Java 8 SSL improvements
  - From: Steve Sobol - Lobos Studios

Prev by Date: [jetty-users] Embedded Jetty 9 with async Servlets throws NullPointerException at org.eclipse.jetty.server.Request.extractFormParameters(Request.java:326)
Next by Date: Re: [jetty-users] Recommended way to run secondary http port in Jetty
Previous by thread: [jetty-users] Embedded Jetty 9 with async Servlets throws NullPointerException at org.eclipse.jetty.server.Request.extractFormParameters(Request.java:326)
Next by thread: Re: [jetty-users] Jetty and Java 8 SSL improvements
Index(es):
- Date
- Thread

Breadcrumbs