mina-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Emmanuel Lecharny <elecha...@apache.org>
Subject Re: SSL: recognition by first byte and adding SslFilter on the fly
Date Tue, 10 Nov 2009 09:39:19 GMT
Not easy ...

What I would do :

- add a specific first filter (not a codec) which read the first byte
- if it detects that it's 0x16 or 0x80, add the SSL filter just after 
this first filter, reset the buffer position, and continue (the hanshake 
will take place then)
- if not, then it's a plain text message, continue processing it

There are issues though :
- once you have started a SSL handshake, you have to tell your first 
filter to do nothing with incoming bytes, otherwise the handshake will 
fail. This is easy: just add a session parameter which is switched to 
TRUE when SSL handshake is started (this should be done in the first filter)
- if you are using plain text, it should be assumed that once received 
the first byte, if it's not 0x16 or 0x80, then all the incoming bytes 
will be considered as plain text bytes (ie, you are not supposed to 
switch to SSL once the session has been created and once you started to 
received plain text bytes). A way to handle this is also to add a 
parameter stored in the session, set to TRUE when the session has started.

The combinaison of those two parameters  (session started and SSL 
established) and the fist received byte will be used to handle all the 
cases.

Not sure 100% it would work, but this is how I see the full thing 
implemented. (No memory leak expected at this point).

-- 
--
cordialement, regards,
Emmanuel L├ęcharny
www.iktek.com
directory.apache.org



Mime
View raw message