tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Christian Kahlo" <c.ka...@ageto.net>
Subject Tomcat 7: NIO Connector SSL-Support
Date Fri, 14 Sep 2012 15:40:30 GMT
Hi there,

 

just a question about the further development of the NioEndpoint.

We migrated to Tomcat 7 recently and wanted to use NIO with our own
SSL-stack.

This SSL-stack is able to process a couple of sophisticated cipher-suites
like

TLS-RSA-PSK-* or  (non-standard) TLS-ECDHE-RSA-PSK-* as well as clustering
TLS-

sessions & TLS1.1/1.2, which enables Tomcat to act as front-end with

HTTP-SSL-Session-ID binding and without the need for "SSL-accelerators",
etc.

 

I recognized that the current NioEndpoint is somewhat JSSE-focused,
accessing

SSLContext, SSLEngine, etc. directly. We're handling NIO directly inside the
TLS-

stack providing a ByteChannel similar to Tomcat SecureNioChannel.

 

Are there any plans to make things more abstract, i.e. the possibility to
inject a

ByteChannel (or NioChannel / SecureNioChannel) into the EndPoint

implementation or is it a design goal to use SSLContext + SSLEngine directly
in

NioEndpoint?

 

(We would have to build our own connector, replicating a lot of your code

while binding our code very hard to your deep internal APIs.)

 

Thanks & best regards,

Christian

 

 


Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message