mina-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Emmanuel L├ęcharny <elecha...@gmail.com>
Subject SSL/TLS missing methods in MINA 3
Date Sun, 04 May 2014 09:20:55 GMT
Hi guys,

I'm currently reviewing the SSL/TLS implementation in MINA 3. Currently,
we only support the opening of a SSL session.

If you look at the IoSession interface, this is all what we have :

IoSession.initSecure(). This method is creating a SslHelper instance,
and stores it into the session attributes.

This is clarly not enough.

We need to implement at least two other methods :

- IoSession.stopSecure() should be added. It will switch from a SSL
session to a clear session (mandatory for stopping a TLS session,
without closing the connection)
- IoSession.rehandshake() should be added

The first method is critical, as teh startTLS implementation requires
that you should be able to use a port, switch to a secure protocol using
the same port, and switch back to a clear protocol, without closing the
connection. This is what we have in LDAP, SMTP, IMAP/POP3, FTP, XMPP,
NNTP...

I have no idea (yet) on how to implemnt that.

We already discussed the rehandshake feature lately.

Two minors things :
1) initSecure, which creates the SslHelper instance, is created every
time we call the initSecure() method, which is done solely when we
create the session. This is bad. We need to expose this method to the
client and server, as we may want to initiate a secure communication at
any time (typically, when the client sens a startTLS request and the
server receives it).
2) I wonder if we should not use better names. startTls, stopTls,
rehandshakeTls, for instance. First, it's clearer (and fits point 1),
and second, SSL ha sbeen replaced by TLS a long time ago.

wdyt ?

-- 
Regards,
Cordialement,
Emmanuel L├ęcharny
www.iktek.com 


Mime
View raw message