[security-dev 00180]: Re: SSLContextFactory

Brad Wetmore Bradford.Wetmore at Sun.COM
Mon May 26 20:15:54 PDT 2008


Hi Bruno,

Just to give you a quick update, some of us are still having a look over 
it.  We've been a little backed up lately.  (JavaOne, a campus-wide 
shutdown, vacations here in the US:  oh, and the normal day-to-day 
stuff!  ;))

Brad


Bruno Harbulot wrote:
> Hello,
> 
> I only found out recently about Sean Mullan's blog entry named "Security 
> Feature Planning for JDK 7" (written almost two years ago) 
> <http://weblogs.java.net/blog/mullan/archive/2006/08/security_featur.html>. 
> After I contacted him, he kindly suggested this mailing-list could be 
> the right place to discuss security features in JDK 7.
> 
> I've recently been trying to improve SSL support in a couple of 
> open-source projects. This led me to build a small library, which I've 
> called 'jsslutils' <http://code.google.com/p/jsslutils/>.
> The idea behind this library is to provide an SSLContextFactory which 
> can help configure an SSLContext for applications such as Restlet 
> <http://www.restlet.org/> (Grizzly, Simple or Jetty connectors) or Jetty 
> <http://www.mortbay.org/jetty/>. Sub-classes of SSLContextFactory can 
> provide extra features such as helping with the configuration of CRLs, 
> or customization of the Key/TrustManagers. (If you wish to try it out, 
> there are some jUnit tests in the subversion repository.)
> I would be interested in having your opinions regarding an 
> SSLContextFactory, and whether something similar may have already been 
> discussed. Looking at the JDK 7 API, there doesn't seem to be an such a 
> class/interface. This has been a rather useful feature for my 
> application so far, and it should make it easy to support CRLs for 
> example in something like Jetty. However, I'm not sure whether it would 
> be good to have something like this SSLContextFactory in JDK 7. Perhaps 
> there are other better ways to achieve these goals.
> 
> One of the main problems I still find is that few applications support 
> setting up the SSLContext, which makes it sometimes difficult to 
> configure more advanced features such as CRLs. Java 6 provides a way to 
> set a default SSLContext, but this is not ideal. Sometimes, various 
> connectors in the application may want to use different SSLContexts 
> (perhaps with different truststores and keystores). For example, I would 
> like to be able to set a specific SSLContext when using JavaMail, but I 
> haven't found any documentation making it possible to set up the 
> truststore and keystores independently, instead, it seems to rely on the 
> default system properties.
> 
> 
> Best wishes,
> 
> Bruno.



More information about the security-dev mailing list