Skip to main content

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [List Home]
Re: [jetty-users] Jetty and Java 8 SSL improvements

I don't know that it's a huge task but I would need some time to complete the task.

Ben Summers wrote:
Steve,

Do you think it's a big task to implement it? There is a patch from earlier this year in that bug report which might be a good basis.

I'd prefer not to use an SSL stack written in a non-memory safe language. Perhaps I'm swapping one set of problems for another, but a Java SSL implementation seems to mitigate the scariest risks.

Also, I use continuations for long polling, which may not necessarily work that efficiently with all proxies.

It seems like Netty's API is more amenable to supporting SNI https://github.com/grahamedgecombe/netty-sni-example . Maybe swapping to that or using it as a proxy would be a solution.

Thanks.

Ben



Steve Sobol - Lobos Studios steve@xxxxxxxxxxxxxxxx wrote:
Ben, if you (or anyone else) would like to know how my working Apache >> 
Jetty proxy is set up, I'll be happy to share configs - just ask.

Steve Sobol - Lobos Studios wrote:
This is something I've been asking about. It's a low priority for the 
Jetty team. It was suggested that I could contribute a fix, and 
there's certainly enough information in Bugzilla that I could do it 
pretty easily, but paying projects have priority and I have a couple 
big deadlines to meet. I would love to contribute a fix when I have 
time, though.

Right now, as a workaround, I have a server dedicated to J2EE apps, 
running Jetty, and I threw Apache 2.4 on that box and am using it and 
mod_proxy to proxy HTTPS requests to Jetty (because Apache 2.4 speaks 
SNI).

Ben Summers wrote:
Hello,

Now Java 8 has SNI support, and the ability to set the cipher suite order, are there any plans to add support in Jetty?

I see from Bugzilla that some work has been done on support, is this something that is likely to be added to Jetty in the near future?

 https://bugs.eclipse.org/bugs/show_bug.cgi?id=430951

I need to add SNI support (and ideally set the cipher suite order) and am just wondering what my options are.

Many thanks,

Ben


_______________________________________________
jetty-users mailing list
jetty-users@xxxxxxxxxxx
To change your delivery options, retrieve your password, or unsubscribe from this list, visit
https://dev.eclipse.org/mailman/listinfo/jetty-users

--
Lobos Studios - Website and Mobile App Design & Development; IT Support; Computer Maintenance
Toll Free  877.919.4WEB - Apple Valley 760.684.8859 - Los Angeles 310.945.2410
www.LobosStudios.com * www.facebook.com/LobosStudios * @LobosStudios


Back to the top