You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@pulsar.apache.org by GitBox <gi...@apache.org> on 2022/03/07 07:54:00 UTC
[GitHub] [pulsar] nodece commented on a change in pull request #14569: [Broker] Full-support ssl provider, ciphers and protocols for broker service and proxy service
nodece commented on a change in pull request #14569:
URL: https://github.com/apache/pulsar/pull/14569#discussion_r820452429
##########
File path: pulsar-proxy/src/main/java/org/apache/pulsar/proxy/server/ServiceChannelInitializer.java
##########
@@ -64,7 +65,7 @@ public ServiceChannelInitializer(ProxyService proxyService, ProxyConfiguration s
if (enableTls) {
if (tlsEnabledWithKeyStore) {
serverSSLContextAutoRefreshBuilder = new NettySSLContextAutoRefreshBuilder(
- serviceConfig.getTlsProvider(),
+ serviceConfig.getServiceSslProvider(),
Review comment:
We have to know the SSLContext provider and SSL provider:
- The SSLContext provider is used to new SSLContext
- The SSL provider is used to handle the SSL(This is my understand).
The `tlsProvider` is the SSLContext provider, not the SSL provider.
Broker service:
With KeyStore, we only need to set the SSLContext provider, the current implementation doesn't support setting the SSL provider.
With CACert, we only need to set the SSL provider, the default should be OpenSSL, when the OpenSSL is not available, will use JDK.
Web service:
SSL context provider and SSL provider are the same.
When both use the KeyStore, we can use `tlsProvider`. When use the CACERT, the web service and broker service cannot use the same provider, so we need to split these config.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscribe@pulsar.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org