0

I am using some library for security functions, it allows me to create custom java.security.Provider, KeyManagerFactory, TrustManagerFactory with a specific TLS cipher suits, algorithms, keys and trust storage formats. Normally Netty allows me to configure sslContext like below, to kick things working. Is there a way to configure Netty used by Vertx library layer?

val nettyProvider = SslProvider.JDK
val (keyManagerFactory, trustManagerFactory) = loadKeyCertStuff()
val customJcaProvider: java.security.Provider = CustomTlsProvider()

return SslContextBuilder.forClient()
    .sslProvider(nettyProvider)
    .keyManager(keyManagerFactory.keyManagers[0])
    .trustManager(trustManagerFactory.trustManagers[0])
    .sslContextProvider(customJcaProvider)
    .ciphers(listOf("TLS_CIPHER_2012"))
    .build()

Looks like this configuration option is not taken into account in the API of Vertx library, it allows to set custom KeyManagerFactory and TrustManagerFactory, but no way to set java.security.Provider.

James Z
  • 12,209
  • 10
  • 24
  • 44
Roman Churganov
  • 21
  • 3

1 Answers1

0

It is possible since Vert.x 4.3.4, PR #4468

In a few words, you need to create an SslContextFactory. Here's what it looks like for TCP client:

SSLContext sslContext = SSLContext.getInstance("TLS");
sslContext.init(
  null,
  tmFactory.getTrustManagers(),
  null
);

client = vertx.createNetClient(new NetClientOptions().setSsl(true)
  .setSslEngineOptions(new JdkSSLEngineOptions() {
    @Override
    public SslContextFactory sslContextFactory() {
      return new SslContextFactory() {
        @Override
        public SslContext create() {
          return new JdkSslContext(
            sslContext,
            true,
            null,
            IdentityCipherSuiteFilter.INSTANCE,
            ApplicationProtocolConfig.DISABLED,
            io.netty.handler.ssl.ClientAuth.NONE,
            null,
            false);
        }
      };
    }
  }));
tsegismont
  • 8,591
  • 1
  • 17
  • 27