add ability to configure netty for ssl about nettosphere HOT 12 CLOSED

Agree. Working on it.

from nettosphere.

Second this. We would like to help if needed.

from nettosphere.

Yes, I will work on this as soon as I'm back working in 2 weeks :-)

from nettosphere.

Hi,

Has there been any resolution to this issue? In particular SSL support in Nettosphere?

I have another question with regards to securing communications between an external client and a Nettosphere server behind a firewall. What if the SSL was provided by a load-balancer (LB) just past the firewall? Then the Nettosphere server sat behind the LB and the LB directed the request to Nettosphere in plain HTTP. Do you think this scenario would work?

Thanks,
-Jac

from nettosphere.

Working on it.

from nettosphere.

OK fixed, just set an SSLEngine on the Config object to enable it.

from nettosphere.

Hey, thanks for the fix, but you need to create a new SSLEngine for every pipeline. Otherwise, you'll run into a "bad record MAC" SSLException on the second request and netty will just quietly freeze.

from nettosphere.

Euh....my bad. I will fix it ASAP.

from nettosphere.

OK finally fixed. You can now just do:

        final SSLContext sslContext = createSSLContext();
        Config config = new Config.Builder()
                .port(port)
                .host("127.0.0.1")
                .sslContext(sslContext)
                .resource(new Handler() {

                    @Override
                    public void handle(AtmosphereResource r) {
                        r.getResponse().write("Hello World from Nettosphere").closeStreamOrWriter();
                    }
                }).build();

You can also add an SSLContextListener to customize the SSLEngine:

/**
 * A callback used to configure {@link javax.net.ssl.SSLEngine} before they get injected in Netty.
 */
public interface SSLContextListener {

    SSLContextListener DEFAULT = new SSLContextListener(){

        @Override
        public void onPostCreate(SSLEngine e) {
            e.setEnabledCipherSuites(new String[]{"SSL_DH_anon_WITH_RC4_128_MD5"});
            e.setUseClientMode(false);
        }
    };

    /**
     * Invoked just after the {@link SSLEngine} has been created, but not yet injected in Netty.
     * @param e SSLEngine;
     */
    public void onPostCreate(SSLEngine e);

}

from nettosphere.

Hi
I'm trying to set up a WSS(Secured Web Socket) using Nettosphere, is there any tutorial or reference, working sample available? Please help if anyone have one..
I was unable to find one...

from nettosphere.

@rahulva : This worked for me:

• install strong encryption package (http://www.oracle.com/technetwork/java/javase/downloads/jce8-download-2133166.html) - without modern browsers will fail during SSL handshake
• use in the Config.Builder the call sslContext(..) with org.jboss.netty.handler.ssl.SslContext param, the method with javax.net.ssl.SSLContext doesnt work (seems to be ignored inside Netty)
• the org.jboss.netty.handler.ssl.SslContext you can create like this:

       File cert = new File("path/to/cert.pem");
       File key = new File("path/to/key.pem.pcks8");
       SslContext sslNettyContext = SslContext.newServerContext(SslProvider.JDK, cert, key, "thePassword");

       Config config = new Config.Builder()
                .port(port)
                .host("127.0.0.1")
                .sslContext(sslNettyContext)
                .resource(new Handler() {
                    @Override
                    public void handle(AtmosphereResource r) {
                        r.getResponse().write("Secure Hello World").closeStreamOrWriter();
                    }
                }).build();

       server = new Nettosphere.Builder().config(config).build();
       server.start();

• note that the key needs to be PKCS8 format - I converted from "normal" via:

    openssl pkcs8 -topk8 -inform PEM -outform PEM -in key.pem -out key.pem.pcks8

• then browser show the normal "untrusted cert" warning and after accepting you see "Secure Hello World"

from nettosphere.

I've been struggling with implementing Nettosphere with keystore file (JKS). Any example of code snippet please? Thanks

from nettosphere.