Summary: | Add explicit flag to AprLifecycleListener to enable autoconfiguration of sslImplementationName | ||
---|---|---|---|
Product: | Tomcat 9 | Reporter: | Konstantin Kolinko <knst.kolinko> |
Component: | Connectors | Assignee: | Tomcat Developers Mailing List <dev> |
Status: | RESOLVED FIXED | ||
Severity: | enhancement | ||
Priority: | P2 | ||
Version: | 9.0.0.M3 | ||
Target Milestone: | ----- | ||
Hardware: | PC | ||
OS: | All |
Description
Konstantin Kolinko
2016-03-09 09:34:09 UTC
Selection of the underlying crypto engine in JSSE is typically done by specifying the "provider". So instead of useOpensslJSSEImplementation="true", perhaps we specify JSSEProvider="OpenSSL" (or whatever the OpenSSL provider's name actually is). This would be more extensible, and would even allow for 3rd-party crypto providers to be used, such as Bouncy Castle. The default would be (blank) and would not specify a provider when initializing algorithms -- giving Tomcat the JVM's default provider. I've fixed 1) but not 2) for 9.0.0.M4 Thanks, I would have done it in a few hours. For 2), it used to be an automatic switch for the APR connector so a flag is not necessarily needed, but I'll add a "useOpenSSL" flag anyway [the name is shorter and IMO it works as well]. Note for comment 1: the JCE configuration is not related to this, Tomcat's OpenSSL "JSSE" simply provides an alternate SSL engine implementation. (In reply to Remy Maucherat from comment #3) > Thanks, I would have done it in a few hours. I know. Normally I would have waited but I'm close to tagging 9.0.0.M4 and at that point it was the only thing between me and the unit test runs before I did the tag. Of course, now those runs have completed I have a few failures to look at... I added a useOpenSSL flag, it's shorter and should be mostly equivalent to useOpensslJsseImplementation. Good luck with M4 and the forking. |