[security-dev 00258]: Re: SSLContextFactory

Jerome Louvel contact at noelios.com
Wed Jul 30 07:19:16 PDT 2008


Hi Brad,

Is there any update regarding this idea of SSLContextFactory?

We have integrated Bruno's library in our Restlet 1.1 version and find 
it very useful. It would be great to have similar support straight from 
the JDK.

Best regards,
Jerome Louvel
http://www.restlet.org


Brad Wetmore a écrit :
> Hi Bruno,
>
> Just to give you a quick update, some of us are still having a look 
> over it.  We've been a little backed up lately.  (JavaOne, a 
> campus-wide shutdown, vacations here in the US:  oh, and the normal 
> day-to-day stuff!  ;))
>
> Brad
>
>
> Bruno Harbulot wrote:
>> Hello,
>>
>> I only found out recently about Sean Mullan's blog entry named 
>> "Security Feature Planning for JDK 7" (written almost two years ago) 
>> <http://weblogs.java.net/blog/mullan/archive/2006/08/security_featur.html>. 
>> After I contacted him, he kindly suggested this mailing-list could be 
>> the right place to discuss security features in JDK 7.
>>
>> I've recently been trying to improve SSL support in a couple of 
>> open-source projects. This led me to build a small library, which 
>> I've called 'jsslutils' <http://code.google.com/p/jsslutils/>.
>> The idea behind this library is to provide an SSLContextFactory which 
>> can help configure an SSLContext for applications such as Restlet 
>> <http://www.restlet.org/> (Grizzly, Simple or Jetty connectors) or 
>> Jetty <http://www.mortbay.org/jetty/>. Sub-classes of 
>> SSLContextFactory can provide extra features such as helping with the 
>> configuration of CRLs, or customization of the Key/TrustManagers. (If 
>> you wish to try it out, there are some jUnit tests in the subversion 
>> repository.)
>> I would be interested in having your opinions regarding an 
>> SSLContextFactory, and whether something similar may have already 
>> been discussed. Looking at the JDK 7 API, there doesn't seem to be an 
>> such a class/interface. This has been a rather useful feature for my 
>> application so far, and it should make it easy to support CRLs for 
>> example in something like Jetty. However, I'm not sure whether it 
>> would be good to have something like this SSLContextFactory in JDK 7. 
>> Perhaps there are other better ways to achieve these goals.
>>
>> One of the main problems I still find is that few applications 
>> support setting up the SSLContext, which makes it sometimes difficult 
>> to configure more advanced features such as CRLs. Java 6 provides a 
>> way to set a default SSLContext, but this is not ideal. Sometimes, 
>> various connectors in the application may want to use different 
>> SSLContexts (perhaps with different truststores and keystores). For 
>> example, I would like to be able to set a specific SSLContext when 
>> using JavaMail, but I haven't found any documentation making it 
>> possible to set up the truststore and keystores independently, 
>> instead, it seems to rely on the default system properties.
>>
>>
>> Best wishes,
>>
>> Bruno.
>

-- 
Jerome Louvel
http://www.noelios.com

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mail.openjdk.java.net/pipermail/security-dev/attachments/20080730/e7f2992a/attachment.html 


More information about the security-dev mailing list