Is ssl supported?
238 views
Skip to first unread message
Takahiro Hozumi
Jan 30, 2011, 6:15:20 AM1/30/11
to Aleph
Hi,
I'm trying to set up ssl on aleph using example from
http://formpluslogic.blogspot.com/2010/08/securing-clojure-web-applications-with.html
.
(aleph.http/start-http-server
(aleph.http/wrap-ring-handler app)
{:ssl? true
:ssl-port ssl-port
:port port
:keystore "my.keystore"
:key-password "foobar"
:websocket true})
It seems that aleph doesn't open ssl port.
Is ssl supported?
Thanks.
I'm trying to set up ssl on aleph using example from
http://formpluslogic.blogspot.com/2010/08/securing-clojure-web-applications-with.html
.
(aleph.http/start-http-server
(aleph.http/wrap-ring-handler app)
{:ssl? true
:ssl-port ssl-port
:port port
:keystore "my.keystore"
:key-password "foobar"
:websocket true})
It seems that aleph doesn't open ssl port.
Is ssl supported?
Thanks.
Zach Tellman
Jan 30, 2011, 2:23:27 PM1/30/11
to alep...@googlegroups.com
SSL is currently not supported. I will eventually get to fixing this,
but patches are welcome.
but patches are welcome.
Zach
Dan Larkin
Jan 30, 2011, 2:55:32 PM1/30/11
to alep...@googlegroups.com
SSL is incredibly complicated. I would suggest you have a well-tested SSL stack proxy to your app.
This is a nice post to read: http://www.daemonology.net/blog/2009-09-28-securing-https.html
Takahiro
Jan 30, 2011, 3:55:15 PM1/30/11
to alep...@googlegroups.com
Takahiro Hozumi
Feb 11, 2011, 10:30:53 AM2/11/11
to Aleph
Hi,
Here is a rough patch to support ssl.
https://github.com/hozumi/aleph/commits/ssl
It works well for my self signed certificate and passes simple test.
However, I couldn't fix up following exception, which is thrown during
test.
javax.net.ssl.SSLException: Received close_notify during handshake
at com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Alerts.java:
190)
at
com.sun.net.ssl.internal.ssl.SSLEngineImpl.fatal(SSLEngineImpl.java:
1429)
at
com.sun.net.ssl.internal.ssl.SSLEngineImpl.fatal(SSLEngineImpl.java:
1397)
at
com.sun.net.ssl.internal.ssl.SSLEngineImpl.recvAlert(SSLEngineImpl.java:
1539)
at
com.sun.net.ssl.internal.ssl.SSLEngineImpl.readRecord(SSLEngineImpl.java:
1023)
at
com.sun.net.ssl.internal.ssl.SSLEngineImpl.readNetRecord(SSLEngineImpl.java:
837)
at
com.sun.net.ssl.internal.ssl.SSLEngineImpl.unwrap(SSLEngineImpl.java:
713)
at javax.net.ssl.SSLEngine.unwrap(SSLEngine.java:607)
at org.jboss.netty.handler.ssl.SslHandler.unwrap(SslHandler.java:868)
at org.jboss.netty.handler.ssl.SslHandler.decode(SslHandler.java:605)
at
org.jboss.netty.handler.codec.frame.FrameDecoder.callDecode(FrameDecoder.java:
282)
at
org.jboss.netty.handler.codec.frame.FrameDecoder.messageReceived(FrameDecoder.java:
216)
at aleph.netty$upstream_stage$reify__4531.handleUpstream(netty.clj:
99)
at org.jboss.netty.channel.Channels.fireMessageReceived(Channels.java:
274)
at org.jboss.netty.channel.Channels.fireMessageReceived(Channels.java:
261)
at org.jboss.netty.channel.socket.nio.NioWorker.read(NioWorker.java:
350)
at
org.jboss.netty.channel.socket.nio.NioWorker.processSelectedKeys(NioWorker.java:
281)
at org.jboss.netty.channel.socket.nio.NioWorker.run(NioWorker.java:
201)
at
org.jboss.netty.util.internal.IoWorkerRunnable.run(IoWorkerRunnable.java:
46)
at java.util.concurrent.ThreadPoolExecutor
$Worker.runTask(ThreadPoolExecutor.java:886)
at java.util.concurrent.ThreadPoolExecutor
$Worker.run(ThreadPoolExecutor.java:908)
at java.lang.Thread.run(Thread.java:680)
I used netty's SecureChat example as a reference mainly.
http://docs.jboss.org/netty/3.2/xref/org/jboss/netty/example/securechat/package-summary.html
If you know something about this, please tell me what is wrong.
Thanks.
On 1月31日, 午前5:55, Takahiro <fat...@googlemail.com> wrote:
> Zack, Dan
> Ok, thank you for the advise.
>
> 2011/1/31 Dan Larkin <d...@danlarkin.org>:
>
>
>
>
>
>
>
> > SSL is incredibly complicated. I would suggest you have a well-tested SSL stack proxy to your app.
>
> > This is a nice post to read:http://www.daemonology.net/blog/2009-09-28-securing-https.html
>
> > On Jan 30, 2011, at 6:15 AM, Takahiro Hozumi wrote:
>
> >> Hi,
>
> >> I'm trying to set up ssl on aleph using example from
> >>http://formpluslogic.blogspot.com/2010/08/securing-clojure-web-applic...
Here is a rough patch to support ssl.
https://github.com/hozumi/aleph/commits/ssl
It works well for my self signed certificate and passes simple test.
However, I couldn't fix up following exception, which is thrown during
test.
javax.net.ssl.SSLException: Received close_notify during handshake
at com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Alerts.java:
190)
at
com.sun.net.ssl.internal.ssl.SSLEngineImpl.fatal(SSLEngineImpl.java:
1429)
at
com.sun.net.ssl.internal.ssl.SSLEngineImpl.fatal(SSLEngineImpl.java:
1397)
at
com.sun.net.ssl.internal.ssl.SSLEngineImpl.recvAlert(SSLEngineImpl.java:
1539)
at
com.sun.net.ssl.internal.ssl.SSLEngineImpl.readRecord(SSLEngineImpl.java:
1023)
at
com.sun.net.ssl.internal.ssl.SSLEngineImpl.readNetRecord(SSLEngineImpl.java:
837)
at
com.sun.net.ssl.internal.ssl.SSLEngineImpl.unwrap(SSLEngineImpl.java:
713)
at javax.net.ssl.SSLEngine.unwrap(SSLEngine.java:607)
at org.jboss.netty.handler.ssl.SslHandler.unwrap(SslHandler.java:868)
at org.jboss.netty.handler.ssl.SslHandler.decode(SslHandler.java:605)
at
org.jboss.netty.handler.codec.frame.FrameDecoder.callDecode(FrameDecoder.java:
282)
at
org.jboss.netty.handler.codec.frame.FrameDecoder.messageReceived(FrameDecoder.java:
216)
at aleph.netty$upstream_stage$reify__4531.handleUpstream(netty.clj:
99)
at org.jboss.netty.channel.Channels.fireMessageReceived(Channels.java:
274)
at org.jboss.netty.channel.Channels.fireMessageReceived(Channels.java:
261)
at org.jboss.netty.channel.socket.nio.NioWorker.read(NioWorker.java:
350)
at
org.jboss.netty.channel.socket.nio.NioWorker.processSelectedKeys(NioWorker.java:
281)
at org.jboss.netty.channel.socket.nio.NioWorker.run(NioWorker.java:
201)
at
org.jboss.netty.util.internal.IoWorkerRunnable.run(IoWorkerRunnable.java:
46)
at java.util.concurrent.ThreadPoolExecutor
$Worker.runTask(ThreadPoolExecutor.java:886)
at java.util.concurrent.ThreadPoolExecutor
$Worker.run(ThreadPoolExecutor.java:908)
at java.lang.Thread.run(Thread.java:680)
I used netty's SecureChat example as a reference mainly.
http://docs.jboss.org/netty/3.2/xref/org/jboss/netty/example/securechat/package-summary.html
If you know something about this, please tell me what is wrong.
Thanks.
On 1月31日, 午前5:55, Takahiro <fat...@googlemail.com> wrote:
> Zack, Dan
> Ok, thank you for the advise.
>
> 2011/1/31 Dan Larkin <d...@danlarkin.org>:
>
>
>
>
>
>
>
> > SSL is incredibly complicated. I would suggest you have a well-tested SSL stack proxy to your app.
>
> > This is a nice post to read:http://www.daemonology.net/blog/2009-09-28-securing-https.html
>
> > On Jan 30, 2011, at 6:15 AM, Takahiro Hozumi wrote:
>
> >> Hi,
>
> >> I'm trying to set up ssl on aleph using example from
Zach Tellman
Feb 11, 2011, 1:27:02 PM2/11/11
to alep...@googlegroups.com
I'll take a look at it this weekend. Thanks for taking the time to
try this out.
try this out.
Zach
Takahiro
Feb 12, 2011, 2:22:29 AM2/12/11
to alep...@googlegroups.com
I've added truststore and trust-password option using example from hornetq.
http://grepcode.com/file/repository.jboss.org/nexus/content/repositories/releases/org.hornetq/hornetq-core/2.1.0.CR1/org/hornetq/core/remoting/impl/ssl/SSLSupport.java#SSLSupport
http://grepcode.com/file/repository.jboss.org/nexus/content/repositories/releases/org.hornetq/hornetq-core/2.1.0.CR1/org/hornetq/core/remoting/impl/ssl/SSLSupport.java#SSLSupport
https://github.com/hozumi/aleph/commits/ssl
2011/2/12 Zach Tellman <ztel...@gmail.com>:
Reply all
Reply to author
Forward
0 new messages