[security-dev 00267]: Re: SSLContextFactory

Brad Wetmore Bradford.Wetmore at Sun.COM
Mon Aug 4 14:49:20 PDT 2008

Thanks for the reminder.  With all going on here (sounds like a "broken 
record", I realize!), it again fell off my radar.  As soon as I finish a 
project this week, I'll try to have another look at it.


Jerome Louvel wrote:
> Hi Brad,
> Is there any update regarding this idea of SSLContextFactory?
> We have integrated Bruno's library in our Restlet 1.1 version and find 
> it very useful. It would be great to have similar support straight from 
> the JDK.
> Best regards,
> Jerome Louvel
> http://www.restlet.org
> Brad Wetmore a écrit :
>> Hi Bruno,
>> Just to give you a quick update, some of us are still having a look 
>> over it.  We've been a little backed up lately.  (JavaOne, a 
>> campus-wide shutdown, vacations here in the US:  oh, and the normal 
>> day-to-day stuff!  ;))
>> Brad
>> Bruno Harbulot wrote:
>>> Hello,
>>> I only found out recently about Sean Mullan's blog entry named 
>>> "Security Feature Planning for JDK 7" (written almost two years ago) 
>>> <http://weblogs.java.net/blog/mullan/archive/2006/08/security_featur.html>. 
>>> After I contacted him, he kindly suggested this mailing-list could be 
>>> the right place to discuss security features in JDK 7.
>>> I've recently been trying to improve SSL support in a couple of 
>>> open-source projects. This led me to build a small library, which 
>>> I've called 'jsslutils' <http://code.google.com/p/jsslutils/>.
>>> The idea behind this library is to provide an SSLContextFactory which 
>>> can help configure an SSLContext for applications such as Restlet 
>>> <http://www.restlet.org/> (Grizzly, Simple or Jetty connectors) or 
>>> Jetty <http://www.mortbay.org/jetty/>. Sub-classes of 
>>> SSLContextFactory can provide extra features such as helping with the 
>>> configuration of CRLs, or customization of the Key/TrustManagers. (If 
>>> you wish to try it out, there are some jUnit tests in the subversion 
>>> repository.)
>>> I would be interested in having your opinions regarding an 
>>> SSLContextFactory, and whether something similar may have already 
>>> been discussed. Looking at the JDK 7 API, there doesn't seem to be an 
>>> such a class/interface. This has been a rather useful feature for my 
>>> application so far, and it should make it easy to support CRLs for 
>>> example in something like Jetty. However, I'm not sure whether it 
>>> would be good to have something like this SSLContextFactory in JDK 7. 
>>> Perhaps there are other better ways to achieve these goals.
>>> One of the main problems I still find is that few applications 
>>> support setting up the SSLContext, which makes it sometimes difficult 
>>> to configure more advanced features such as CRLs. Java 6 provides a 
>>> way to set a default SSLContext, but this is not ideal. Sometimes, 
>>> various connectors in the application may want to use different 
>>> SSLContexts (perhaps with different truststores and keystores). For 
>>> example, I would like to be able to set a specific SSLContext when 
>>> using JavaMail, but I haven't found any documentation making it 
>>> possible to set up the truststore and keystores independently, 
>>> instead, it seems to rely on the default system properties.
>>> Best wishes,
>>> Bruno.
> -- 
> Jerome Louvel
> http://www.noelios.com

More information about the security-dev mailing list