You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@mina.apache.org by bu...@apache.org on 2016/02/11 10:02:04 UTC
svn commit: r980113 - in /websites/staging/mina/trunk/content: ./
mina-project/userguide/ch11-ssl-filter/ch11-ssl-filter.html
Author: buildbot
Date: Thu Feb 11 09:02:03 2016
New Revision: 980113
Log:
Staging update by buildbot for mina
Modified:
websites/staging/mina/trunk/content/ (props changed)
websites/staging/mina/trunk/content/mina-project/userguide/ch11-ssl-filter/ch11-ssl-filter.html
Propchange: websites/staging/mina/trunk/content/
------------------------------------------------------------------------------
--- cms:source-revision (original)
+++ cms:source-revision Thu Feb 11 09:02:03 2016
@@ -1 +1 @@
-1729780
+1729781
Modified: websites/staging/mina/trunk/content/mina-project/userguide/ch11-ssl-filter/ch11-ssl-filter.html
==============================================================================
--- websites/staging/mina/trunk/content/mina-project/userguide/ch11-ssl-filter/ch11-ssl-filter.html (original)
+++ websites/staging/mina/trunk/content/mina-project/userguide/ch11-ssl-filter/ch11-ssl-filter.html Thu Feb 11 09:02:03 2016
@@ -223,7 +223,7 @@ h2:hover > .headerlink, h3:hover > .head
<p>As it's a protocol, it requires some dialog between a client and a server. This is all what <strong>SSL/TLS</strong> is about : describing this dialog. </p>
<p>It's enough to know that any secured exchange is precluded by a negociation phase, called the <strong>Handshake</strong>, which role is to come to an agreement between the client and the server on what will be the encryption method to use. A basic <strong>SSL/TLS</strong> session will be something that looks like :</p>
<DIV align="center">
-
+ <img src="../images/TLS-protocol.png" alt="TLS Protocol"/>
</DIV>
<p>As you can see in this picture, it's a 2 phases protocol : first the handshake, then when completed the client and the server will be able to exchange data that will be encrypted.</p>
@@ -249,12 +249,12 @@ h2:hover > .headerlink, h3:hover > .head
<p>One important thing is that you may write more than one message on the same session (if you have an <strong>Executor</strong> in your chain). The problem is that the <strong>SSLEngine</strong> is not capable of dealing with more than one message at a time. We need to serialize the messages being written out. It's even worse : you can't process an incoming message <strong>and</strong> and outgoing message at the same time. </p>
<p>All in all, the <strong>SSL/TLS</strong> processing is like a black box that accept only one input and can't process anything until it has completed its task. the following schema represent the way it works for outgoing messages.</p>
<DIV align="center">
-
+ <img src="../images/TLS-outMessage.png" alt="Outgoing messages"/>
</DIV>
<p>It's not that different for incoming messages, except that we won't have an <strong>Executor</strong> between the <strong>IoProcessor</strong> and the <strong>SslFilter</strong>. That makes things simpler, except that one critical thing happens : when we process an incoming message, we can't anymore process outgoiing messages. Note that it also works on the other way around : when an outgoing message is being processed, we can't process an incomoing message :</p>
<DIV align="center">
-
+ <img src="../images/TLS-inMessage.png" alt="Incoming message"/>
</DIV>