0

I am going to be writing a Java application that uses Selector to multiplex socket channels. I am going to have a configuration where communications are encrypted with SSL and another where SSL is not used. I have not used the SSLEngine before and integrating it with a Selector seems... difficult to get right.

How I can cleanly handle both configurations? Has anyone done this? A code sample would be great.

NOTE: I have already seen these articles.

http://archive.oreilly.com/pub/a/onjava/2004/11/03/ssl-nio.html https://jfarcand.wordpress.com/2006/09/21/tricks-and-tips-with-nio-part-v-ssl-and-nio-friend-or-foe/ http://docs.oracle.com/javase/7/docs/technotes/guides/security/jsse/JSSERefGuide.html#SSLENG

user207421
  • 305,947
  • 44
  • 307
  • 483
minus
  • 320
  • 1
  • 5
  • 14
  • 2
    One thing I recall from trying to do this, some years ago, is that it's extremely difficult, due to all the handshaking and negotiation phases. It's worth noting that, while there was a time when “one thread per connection” was considered very bad design, that is no longer the case, due to more lightweight nature of threads in modern operating systems. You will find one thread per SSL connection dramatically easier to code. – VGR Nov 06 '15 at 02:55
  • My question does not duplicate: http://stackoverflow.com/questions/27144953/throwing-exception-on-nio-ssl-handshake-process-using-sslengine. There might be a Selector and an SSLEngine, but the question is in no way the same. The answer to that question does not answer my question. – minus Nov 06 '15 at 16:37
  • The answer to both questions is to do exactly what the SSLEngine tells you to do. If you're after a readymade solution see [here](http://www.telekinesis.com.au). – user207421 Nov 07 '15 at 06:15
  • @EJP You might not like my question, but it is not a duplicate. I am asking about how to have two configuration one for SSL and one that is not SSL, not how to use the SSLEngine. The link you provided is helpful, but it is not a duplicate of mine. VGR's answer is more on point. – minus Nov 07 '15 at 16:53
  • The link I provided is to a commercial product that does exactly what you're asking for, and I've recently added support for Asynchronous SSL to it as well. – user207421 Nov 12 '15 at 00:06
  • So, you want to sell me your software? Awesome... – minus Nov 12 '15 at 22:27

0 Answers0