Return-Path: Delivered-To: apmail-openejb-dev-archive@www.apache.org Received: (qmail 16313 invoked from network); 29 Apr 2008 05:34:29 -0000 Received: from hermes.apache.org (HELO mail.apache.org) (140.211.11.2) by minotaur.apache.org with SMTP; 29 Apr 2008 05:34:29 -0000 Received: (qmail 31476 invoked by uid 500); 29 Apr 2008 05:34:31 -0000 Delivered-To: apmail-openejb-dev-archive@openejb.apache.org Received: (qmail 31452 invoked by uid 500); 29 Apr 2008 05:34:31 -0000 Mailing-List: contact dev-help@openejb.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: dev@openejb.apache.org Delivered-To: mailing list dev@openejb.apache.org Received: (qmail 31436 invoked by uid 99); 29 Apr 2008 05:34:31 -0000 Received: from athena.apache.org (HELO athena.apache.org) (140.211.11.136) by apache.org (qpsmtpd/0.29) with ESMTP; Mon, 28 Apr 2008 22:34:31 -0700 X-ASF-Spam-Status: No, hits=-0.0 required=10.0 tests=SPF_HELO_PASS,SPF_PASS X-Spam-Check-By: apache.org Received-SPF: pass (athena.apache.org: domain of david.blevins@visi.com designates 208.42.176.213 as permitted sender) Received: from [208.42.176.213] (HELO g2host.com) (208.42.176.213) by apache.org (qpsmtpd/0.29) with ESMTP; Tue, 29 Apr 2008 05:33:45 +0000 Received: from [71.105.91.112] (account dblevins@visi.com HELO [192.168.42.13]) by mailfront2.g2host.com (CommuniGate Pro SMTP 5.1.14) with ESMTPSA id 46531519; Tue, 29 Apr 2008 00:33:46 -0500 Cc: Kazem Naderi Message-Id: <33B559BF-70CA-4997-9A01-41C1D325D0C4@visi.com> From: David Blevins To: dev@openejb.apache.org In-Reply-To: Content-Type: text/plain; charset=US-ASCII; format=flowed; delsp=yes Content-Transfer-Encoding: 7bit Mime-Version: 1.0 (Apple Message framework v919.2) Subject: Re: SSL support Date: Mon, 28 Apr 2008 22:33:55 -0700 References: X-Mailer: Apple Mail (2.919.2) X-Virus-Checked: Checked by ClamAV on apache.org On Apr 21, 2008, at 10:55 AM, Kazem Naderi wrote: > Hello, > > I have done some work on ejbd ssl support: > > http://issues.apache.org/jira/browse/OPENEJB-785 > > > I have attached my implementation to the Jira issue above. I > appraciate > your feedback. The changes are not currently checked into the openejb > codebase. I am hoping to have this finalized ASAP so we can get the > SSL > support for the next release. This looks really great, Kazem! I've boiled the patch down to it's essentials and uploaded a new version here: https://issues.apache.org/jira/secure/attachment/12381069/simplified-ssl.txt . I would have checked it in but the write access to the Apache SVN is shut off at the moment due to system issues. I did add a different flag on the client side. Basically if you construct your InitiaContext with the "ejbds://" prefix, then we'll automatically use the SSL socket to connect. From here I think we can also add two more protocol config files, an "ejbds.properties" with SSL already turned on and another for "https.properties" for doing EJB calls over HTTPS. I haven't actually tested that EJB over HTTPS works with what we have in that patch, but it should. We can also add some end to end test cases in the openejb- ejbd and openejb-http packages that do actual EJB invocations over SSL. Do you have any thoughts on possibly making the enabled cipher suites more configurable? I'm not sure if this something people are going to want. What do you think? -David