Skip to main content
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [List Home]
Re: [jetty-users] Encryption of the HTTP protocol (e.g. not its payload) 
Hi,

On Fri, Dec 20, 2019 at 10:35 AM Karel Goderis <karel.goderis@xxxxxx> wrote:
> I just went through some docs, and the logical thing to do would indeed be to create new type of ConnectionFactory that creates Connections that contain a symmetrical encryption key that can be used to encode/decode bytes in Connection. Once the encrypted data flows, there is no way to figure out the protocol to use (unless, I assume that anything that is not HTTP, is in fact encrypted)
>
> HAP does a stepped exchange of HTTP payload through a standard path, and then, when that setup completes, it starts to send data (to the same TCP port) in an encrypted fashion. From what I sense (because not described well in the specs) is that the whole stream has to be decrypted, and will be in fact a “standard” HTTP 1.1 message with a URL path and all, which then has to go to the correct servlet/handler.
>

All right so what you need is a HttpConnection that upgrades to
HAPConnection, and HAPConnection should be setup similarly to
SslConnection, which delegates (after decryption) to another
connection that happens to be again a (different) HttpConnection.
Have a look at SslConnectionFactory as an example for how an
encryption/decryption ConnectionFactory would work.

-- 
Simone Bordet
----
http://cometd.org
http://webtide.com
Developer advice, training, services and support
from the Jetty & CometD experts.

Back to the top