You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@tomcat.apache.org by John Jiang <jo...@gmail.com> on 2023/08/23 07:44:14 UTC
How to integrate alternative SSLContext?
Hi,
I'm using tomcat-embed-core 9.0.78 + OpenJDK 11.o.19.
My project needs a custom javax.net.ssl.SSLContext implementation.
How can I integrate this custom SSLContext to the embedded Tomcat server?
I don't find any convenient API for this case.
Do I have to provide a new SSLImplementation, and then pass it to a custom
Connector?
In addition, I don't meet this problem with Jetty and Netty.
Best regards,
John Jiang
Re: How to integrate alternative SSLContext?
Posted by John Jiang <jo...@gmail.com>.
Hi Mark,
On Thu, Aug 24, 2023 at 7:26 AM Mark Thomas <ma...@apache.org> wrote:
> >> You shouldn't need a custom connector. As things stand currently, you
> >> would need a custom SSLImplementation although you should be able to
> >> extend the exising JSSE support for most of that.
> >
> > How can I take the default Connector to use this custom
> SSLImplementation?
>
> https://tomcat.apache.org/tomcat-11.0-doc/config/http.html
>
> Look for sslImplementationName
Thanks for this hint very much!
The below line works for me,
connector.setProperty("sslImplementationName",
AltJSSEImplementation.class.getName());
Best regards,
John Jiang
Re: How to integrate alternative SSLContext?
Posted by Mark Thomas <ma...@apache.org>.
On 23/08/2023 14:20, John Jiang wrote:
> Hi Mark,
> Thanks for your reply!
>
> On Thu, Aug 24, 2023 at 12:15 AM Mark Thomas <ma...@apache.org> wrote:
>
>> On 23/08/2023 00:44, John Jiang wrote:
>>> Hi,
>>> I'm using tomcat-embed-core 9.0.78 + OpenJDK 11.o.19.
>>> My project needs a custom javax.net.ssl.SSLContext implementation.
>>
>> Why? What problem are you trying to solve?
>>
> My project needs alternative cipher suites, EC group and signature scheme.
>
>
>>> How can I integrate this custom SSLContext to the embedded Tomcat
>>> server?
>>> I don't find any convenient API for this case.
>>> Do I have to provide a new SSLImplementation, and then pass it to a
>>> custom
>>> Connector?
>>
>> You shouldn't need a custom connector. As things stand currently, you
>> would need a custom SSLImplementation although you should be able to
>> extend the exising JSSE support for most of that.
>
> How can I take the default Connector to use this custom SSLImplementation?
https://tomcat.apache.org/tomcat-11.0-doc/config/http.html
Look for sslImplementationName
Mark
> I didn't find the public APIs or configurations to do that.
> It looks need to set this new SSLImplementation class name in method
> Connector::initInternal.
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
Re: How to integrate alternative SSLContext?
Posted by John Jiang <jo...@gmail.com>.
Hi Mark,
Thanks for your reply!
On Thu, Aug 24, 2023 at 12:15 AM Mark Thomas <ma...@apache.org> wrote:
> On 23/08/2023 00:44, John Jiang wrote:
> > Hi,
> > I'm using tomcat-embed-core 9.0.78 + OpenJDK 11.o.19.
> > My project needs a custom javax.net.ssl.SSLContext implementation.
>
> Why? What problem are you trying to solve?
>
My project needs alternative cipher suites, EC group and signature scheme.
> > How can I integrate this custom SSLContext to the embedded Tomcat
> > server?
> > I don't find any convenient API for this case.
> > Do I have to provide a new SSLImplementation, and then pass it to a
> > custom
> > Connector?
>
> You shouldn't need a custom connector. As things stand currently, you
> would need a custom SSLImplementation although you should be able to
> extend the exising JSSE support for most of that.
How can I take the default Connector to use this custom SSLImplementation?
I didn't find the public APIs or configurations to do that.
It looks need to set this new SSLImplementation class name in method
Connector::initInternal.
Best regards,
John Jiang
Re: How to integrate alternative SSLContext?
Posted by Mark Thomas <ma...@apache.org>.
On 23/08/2023 00:44, John Jiang wrote:
> Hi,
> I'm using tomcat-embed-core 9.0.78 + OpenJDK 11.o.19.
> My project needs a custom javax.net.ssl.SSLContext implementation.
Why? What problem are you trying to solve?
> How can I integrate this custom SSLContext to the embedded Tomcat
> server?
> I don't find any convenient API for this case.
> Do I have to provide a new SSLImplementation, and then pass it to a
> custom
> Connector?
You shouldn't need a custom connector. As things stand currently, you
would need a custom SSLImplementation although you should be able to
extend the exising JSSE support for most of that.
Mark
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org