Hi guys, I'm currently reviewing the SSL/TLS implementation in MINA 3. Currently, we only support the opening of a SSL session.
If you look at the IoSession interface, this is all what we have : IoSession.initSecure(). This method is creating a SslHelper instance, and stores it into the session attributes. This is clarly not enough. We need to implement at least two other methods : - IoSession.stopSecure() should be added. It will switch from a SSL session to a clear session (mandatory for stopping a TLS session, without closing the connection) - IoSession.rehandshake() should be added The first method is critical, as teh startTLS implementation requires that you should be able to use a port, switch to a secure protocol using the same port, and switch back to a clear protocol, without closing the connection. This is what we have in LDAP, SMTP, IMAP/POP3, FTP, XMPP, NNTP... I have no idea (yet) on how to implemnt that. We already discussed the rehandshake feature lately. Two minors things : 1) initSecure, which creates the SslHelper instance, is created every time we call the initSecure() method, which is done solely when we create the session. This is bad. We need to expose this method to the client and server, as we may want to initiate a secure communication at any time (typically, when the client sens a startTLS request and the server receives it). 2) I wonder if we should not use better names. startTls, stopTls, rehandshakeTls, for instance. First, it's clearer (and fits point 1), and second, SSL ha sbeen replaced by TLS a long time ago. wdyt ? -- Regards, Cordialement, Emmanuel Lécharny www.iktek.com
