[jira] [Commented] (GEODE-2113) Implement SSL over NIO

Wed, 19 Dec 2018 14:39:34 -0800 


    [ 
https://issues.apache.org/jira/browse/GEODE-2113?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16725404#comment-16725404
 ] 

ASF subversion and git services commented on GEODE-2113:
--------------------------------------------------------

Commit 167a1e37319bc02c33a598aaa64971f16e318948 in geode's branch 
refs/heads/feature/GEODE-2113c from Bruce Schuchardt
[ https://gitbox.apache.org/repos/asf?p=geode.git;h=167a1e3 ]

GEODE-2113 Implement SSL over NIO

This removes old-I/O use in TCPConduit peer-to-peer communications.
This was used for SSL/TLS secure commuications but Java has had an
SSLEngine implementation that allows you to implement secure
communications on new-I/O SocketChannels or any other transport
mechanism.

A new NioSSLEngine class wraps the JDK's SSLEngine and provides the SSL
handshake as well as encryption/decryption of messages.  SocketCreator
performs the SSL handshake and returns a NioSslEngine that TCPConduit
then uses for messaging.

The SSL handshake needs to be done in Connection.java now because the
ByteBuffer used to do the handshake is also used for reading messages in
Receivers.  Because of this the Handshake pool in TCPConduit became
obsolete and I deleted it.

I've also done a lot of cleanup of compilation warnings in
Connection.java and removed references to "NIO".  The primary SSL/TLS
changes in that class are in writeFully (renamed from nioWriteFully)
and processBuffer (renamed from processNIOBuffer).

Porting client/server to use NioSSLEngine will be done under a separate
ticket and a different version of NioEngine may be created to secure
UDP messaging.


> Implement SSL over NIO
> ----------------------
>
>                 Key: GEODE-2113
>                 URL: https://issues.apache.org/jira/browse/GEODE-2113
>             Project: Geode
>          Issue Type: Improvement
>          Components: messaging
>            Reporter: Addison
>            Assignee: Bruce Schuchardt
>            Priority: Major
>              Labels: pull-request-available
>          Time Spent: 1h 10m
>  Remaining Estimate: 0h
>
> Java now has a nifty javax.net.ssl.SSLSocketFactory that can produce an 
> SSLSocket from an existing Socket.  This will let us create an SSLSocket that 
> has an NIO SocketChannel and get rid of all of the "Old IO" code.



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

Reply via email to