>> >> I have an embedded server that running a ServletContextHandler. The client >> and server first exchange a bunch of HTTP 1.1 based messages to negotiate an >> encryption key, which is subsequently used to encrypt the stream of data >> that is exchanged. That is, it is not the HTTP payload of subsequent >> messages that is encrypted, but the complete stream itself is encrypted. > > That is exactly the description of what TLS does. > Is there a reason why you can't use TLS from the beginning (which is > far better scrutinized with respect to security than using a custom > protocol)?
Unfortunately, it is not the case. In fact, it is Appleās Home Automation Protocol, which implements all security and encryption features in an independent manner in order to maximise its independence of any underlying protocol stack. > > HttpConnection has already built-in the mechanism to upgrade. > HttpConnection.onCompleted() is called when a HTTP/1.1 > request/response is completed. > It then calls HttpConnection.upgrade() to see if it must upgrade the > connection by searching the new connection as a request attribute. > What you want to do is to write your new connection, store it as an > attribute in the HTTP request, and Jetty will do the rest for you. > https://github.com/eclipse/jetty.project/blob/jetty-9.4.24.v20191120/jetty-server/src/main/java/org/eclipse/jetty/server/HttpConnection.java#L374. Just for my understanding, willl HttpSession be maintained? It is the placeholder I use to store the encryption key that goes with that given connection. And, does that have to go trough a new connection, or is there an alternative? And reading your pointer, I suspect that it is the server that set ups that new connection to the client, not the other way around (e.g. In HAP it is the client that triggers the secured connection)? The ideal would be to have a kind of filter/handler that kicks in before HttpConnection/Channel is filled with data. Tx K _______________________________________________ jetty-users mailing list [email protected] To change your delivery options, retrieve your password, or unsubscribe from this list, visit https://www.eclipse.org/mailman/listinfo/jetty-users
