[grpc-java] Will Java 9 ALPN support lessen need for netty-tcnative?

[scwin...@gmail.com]

The security document at https://github.com/grpc/grpc-java/blob/master/SECURITY.md recommends OpenSSL and netty-tcnative for TLS support.  

I was wondering if ALPN support in Java 9 might change this recommendation.  That is, maybe the JDK's TLS support could be a more viable option for grpc-java with Java 9?  

My reason for asking is, I was hoping to use grpc-java on platforms not currently targeted by grpc, like AIX, HP-UX, and Solaris.  Using netty-tcnative would seem to preclude this -- it appears that building netty-tcnative requires problematic pre-reqs like go.  Maybe there are other hurdles for grpc-java on those platforms, but this one jumped out at me...

Thanks,

Steve

[Eric Anderson]

On Sun, Nov 12, 2017 at 7:23 PM, <scwin...@gmail.com> wrote:

The security document at https://github.com/grpc/grpc-java/blob/master/SECURITY.md recommends OpenSSL and netty-tcnative for TLS support.  

I was wondering if ALPN support in Java 9 might change this recommendation.  That is, maybe the JDK's TLS support could be a more viable option for grpc-java with Java 9?

Yes, JDK 9 is an avenue for avoiding the binary requirements. But we don't yet have ALPN support working on JDK 9, so I'd be a bit longer until this works. We're also thankful they improved the AES GCM performance in JDK 9; it was abysmal previously.

I'm planning on backporting the fix for this issue to the upcoming 1.8 release (ETA, one week). At that point it may be possible to use JDK 9, if you configure the SslContext a bit more yourself. However, we've not actually tried it ourselves yet.

[scwin...@gmail.com]

Thanks, sounds promising!