Skip to main content
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [List Home]
Re: [jetty-dev] NextProtoNego and OSGi 
Hi,

Am 29.01.2013 16:12, schrieb Simone Bordet:

Sorry, not following, can you expand ?
Did you rewrite the SSL implementation on your own ?
Otherwise I don't see how you can plug in NPN.
Yes. One of our research teams is working on technologies related to the new Germany passport. It is heavily based on secure transports and certificates for establishing trust. It also requires additional TLS features (beyond NPN) which the JRE implementation doesn't provide. 


How do you implement non-blocking writes if you use sockets and streams ?
The TSL library implements a channel by default. The JRE provides utility methods for creating blocking streams, eg., Channels.newOutputStream(...)). 


So you have rewritten the SSL parsing/generation and all that ?
If so, what guarantee do you have that it is secure and does not
contain security exploits ?
The research team works closely with the BSI (https://www.bsi.bund.de/EN/Home/home_node.html) which puts some interesting requirements on the implementation. As a pure Java implementation it is not affected by typical exploits that may hit OpenSSL & co.
We did not run the implementation through any commercial 3rd party auditing yet. 

-Gunnar



--
Gunnar Wagenknecht
gunnar@xxxxxxxxxxxxxxx
http://wagenknecht.org/

Back to the top