[security-dev 00180]: Re: SSLContextFactory
Brad Wetmore
Bradford.Wetmore at Sun.COM
Tue May 27 03:15:54 UTC 2008
Hi Bruno,
Just to give you a quick update, some of us are still having a look over
it. We've been a little backed up lately. (JavaOne, a campus-wide
shutdown, vacations here in the US: oh, and the normal day-to-day
stuff! ;))
Brad
Bruno Harbulot wrote:
> Hello,
>
> I only found out recently about Sean Mullan's blog entry named "Security
> Feature Planning for JDK 7" (written almost two years ago)
> <http://weblogs.java.net/blog/mullan/archive/2006/08/security_featur.html>.
> After I contacted him, he kindly suggested this mailing-list could be
> the right place to discuss security features in JDK 7.
>
> I've recently been trying to improve SSL support in a couple of
> open-source projects. This led me to build a small library, which I've
> called 'jsslutils' <http://code.google.com/p/jsslutils/>.
> The idea behind this library is to provide an SSLContextFactory which
> can help configure an SSLContext for applications such as Restlet
> <http://www.restlet.org/> (Grizzly, Simple or Jetty connectors) or Jetty
> <http://www.mortbay.org/jetty/>. Sub-classes of SSLContextFactory can
> provide extra features such as helping with the configuration of CRLs,
> or customization of the Key/TrustManagers. (If you wish to try it out,
> there are some jUnit tests in the subversion repository.)
> I would be interested in having your opinions regarding an
> SSLContextFactory, and whether something similar may have already been
> discussed. Looking at the JDK 7 API, there doesn't seem to be an such a
> class/interface. This has been a rather useful feature for my
> application so far, and it should make it easy to support CRLs for
> example in something like Jetty. However, I'm not sure whether it would
> be good to have something like this SSLContextFactory in JDK 7. Perhaps
> there are other better ways to achieve these goals.
>
> One of the main problems I still find is that few applications support
> setting up the SSLContext, which makes it sometimes difficult to
> configure more advanced features such as CRLs. Java 6 provides a way to
> set a default SSLContext, but this is not ideal. Sometimes, various
> connectors in the application may want to use different SSLContexts
> (perhaps with different truststores and keystores). For example, I would
> like to be able to set a specific SSLContext when using JavaMail, but I
> haven't found any documentation making it possible to set up the
> truststore and keystores independently, instead, it seems to rely on the
> default system properties.
>
>
> Best wishes,
>
> Bruno.
More information about the security-dev
mailing list