Hi guys,
yesterday, I fought with the way MINA 2 is dealing with SSL. Down the
line, we use a filter for that, which handles the handhsake using the
SslEngine class.
The problem is that at the same time, the session is considered as
opened, even if we haven't done any handshake, as we can't add the
SslFilter to the session if it's not created yet. That leads to a
situation where we could perfectly have an opened session but with a
failed HandShake.
For instance, as the handshake can be done when the first data is sent
by the client, we will generate an exceptionCaught event, process it,
but leave to the handler to close the session.
From the user PoV, it makes no sense to continue to use a session which
has failed during the SSL handshake. IMO, the server should not even
open the session (the session should remain in the 'created' state,
until the handshake has been completed. Now, if we do that, the
Connector won't be able to send anything as the session is not
connected. That leave us with a dilemna : we need the connection to be
opened, but the connection should not be considered as valid until the
handshake is done... How can we deal with this problem ?
We decided that Ssl should be handled by the processor, not as a filter
in the chain. That means :
- we can keep the session in the 'created' mode until the handshake has
been done on the server side
- we can force the handshake to be done while creating the connection on
the client side when using the Connector
- in all other case (ie if the client uses a plain Socket), we have no
problem as the session is not seen by the user.
wdyt ?
--
Regards,
Cordialement,
Emmanuel Lécharny
www.iktek.com
