Hello David, Sorry for the late reply. Thanks for looking at the code. The patch you pointed me to only has changes for ServiceDeamon. Did you remove other classes? What about the client side? Did you see those ones two?
In regard to the Cipher suite I understand that we rather not to have it hardcoded. One option will be to have the current cipher suite as the default one (it provides 128 bits encryption) and allow changing it in a property file. 128 bits is usually acceptable and passes the security laws in some countries such as Cuba. ;) It will be great if you can get SSL support added to the new releas as a patche. Please let me know if there is anything to do on my part. By the way, with my changes were you able to have a successful build and get all the unit tests passed. Regards Kazem -----Original Message----- From: David Blevins [mailto:[EMAIL PROTECTED] Sent: Monday, April 28, 2008 10:34 PM To: [email protected] Cc: Kazem Naderi Subject: Re: SSL support On Apr 21, 2008, at 10:55 AM, Kazem Naderi wrote: > Hello, > > I have done some work on ejbd ssl support: > > http://issues.apache.org/jira/browse/OPENEJB-785 > <http://issues.apache.org/jira/browse/OPENEJB-785> > > I have attached my implementation to the Jira issue above. I > appraciate your feedback. The changes are not currently checked into > the openejb codebase. I am hoping to have this finalized ASAP so we > can get the SSL support for the next release. This looks really great, Kazem! I've boiled the patch down to it's essentials and uploaded a new version here: https://issues.apache.org/jira/secure/attachment/12381069/simplified-ssl .txt . I would have checked it in but the write access to the Apache SVN is shut off at the moment due to system issues. I did add a different flag on the client side. Basically if you construct your InitiaContext with the "ejbds://" prefix, then we'll automatically use the SSL socket to connect. From here I think we can also add two more protocol config files, an "ejbds.properties" with SSL already turned on and another for "https.properties" for doing EJB calls over HTTPS. I haven't actually tested that EJB over HTTPS works with what we have in that patch, but it should. We can also add some end to end test cases in the openejb- ejbd and openejb-http packages that do actual EJB invocations over SSL. Do you have any thoughts on possibly making the enabled cipher suites more configurable? I'm not sure if this something people are going to want. What do you think? -David
