[prev in list] [next in list] [prev in thread] [next in thread] 

List:       openejb-development
Subject:    Re: SSL support
From:       David Blevins <david.blevins () visi ! com>
Date:       2008-04-29 5:33:55
Message-ID: 33B559BF-70CA-4997-9A01-41C1D325D0C4 () visi ! com
[Download RAW message or body]


On Apr 21, 2008, at 10:55 AM, Kazem Naderi wrote:

> Hello,
>
> I have done some work on ejbd ssl support:
>
> http://issues.apache.org/jira/browse/OPENEJB-785
> <http://issues.apache.org/jira/browse/OPENEJB-785>
>
> I have attached my implementation to the Jira issue above. I  
> appraciate
> your feedback. The changes are not currently checked into the openejb
> codebase. I am hoping to have this finalized ASAP so we can get the  
> SSL
> support for the next release.

This looks really great, Kazem!

I've boiled the patch down to it's essentials and uploaded a new  
version here: https://issues.apache.org/jira/secure/attachment/12381069/simplified-ssl.txt 
.  I would have checked it in but the write access to the Apache SVN  
is shut off at the moment due to system issues.

I did add a different flag on the client side.  Basically if you  
construct your InitiaContext with the "ejbds://" prefix, then we'll  
automatically use the SSL socket to connect.

 From here I think we can also add two more protocol config files, an  
"ejbds.properties" with SSL already turned on and another for  
"https.properties" for doing EJB calls over HTTPS.  I haven't actually  
tested that EJB over HTTPS works with what we have in that patch, but  
it should.  We can also add some end to end test cases in the openejb- 
ejbd and openejb-http packages that do actual EJB invocations over SSL.

Do you have any thoughts on possibly making the enabled cipher suites  
more configurable?  I'm not sure if this something people are going to  
want.  What do you think?

-David

[prev in list] [next in list] [prev in thread] [next in thread]