TLS transport

[Stefano Bagnara <ap...@bago.org>]

Hi all,

I know that SSL Filter require Java 5, but I wonder if it would be 
possible to write a TLS transport based on 
o.a.m.transport.socket.nio.Socket* and creating an SSLServerSocket ?
This would allow the use of TLS connections under java 1.4 and would be 
a good news.

I didn't analyzed this, but I bet you already have an answer to this 
question before I dig more in the code.

Thank you,
Stefano

Re: TLS transport

[Niklas Therning <ni...@trillian.se>]

Stefano Bagnara wrote:
> Hi all,
>
> I know that SSL Filter require Java 5, but I wonder if it would be
> possible to write a TLS transport based on
> o.a.m.transport.socket.nio.Socket* and creating an SSLServerSocket ?
> This would allow the use of TLS connections under java 1.4 and would
> be a good news.
>
> I didn't analyzed this, but I bet you already have an answer to this
> question before I dig more in the code.
>
> Thank you,
> Stefano
>
>
SSLFilter uses SSLEngine which wasn't available prior to Java 5. I think
a new transport based on SSLServerSocket would have to be blocking. If a
bio transport based on Socket is ever added we could let the user
configure the SocketFactory which would make it simple to configure it
to use TLS. I don't think it would be that hard to implement a bio
transport but you would of course loose all the benefits of using nio.
Actually, there used to be an empty o.a.m.transport.socket.bio package
in MINA so Trustin might have had plans for a bio transport.

Another option: PureTLS (http://www.rtfm.com/puretls/) is an open source
pure Java TLS implementation which works on older versions of Java. I
haven't looked into it any further but it might be possible to create a
new IoFilter which uses PureTLS instead of SSLEngine.

-- 
Niklas Therning
Software Architect
www.spamdrain.net