akka IO & TLS

[Henry Story]

I can't figure out how to make either a client or a server connection protected with
TLS.

http://akka.io/docs/akka/2.0-M3/scala/io.html

Any pointers?

Henry

Social Web Architect
http://bblfish.net/

[√iktor Ҡlang]

Hi Henry,

I'm fairly sure that it's not supported in the API (if so, then it should be in the docs).

Derek Williams might have more info on the subject though.

Cheers,

√

--
Viktor Klang

Akka Tech Lead

Typesafe - The software stack for applications that scale

Twitter: @viktorklang

[Henry Story]

On 31 Jan 2012, at 13:29, √iktor Ҡlang wrote:

Hi Henry,

I'm fairly sure that it's not supported in the API (if so, then it should be in the docs).

Derek Williams might have more info on the subject though.

Yes, this would be a huge priority. More and more big sites are moving towards full

httpS services due to  the simplicity of attacks otherwise, such as demonstrated by

http://codebutler.com/firesheep . That and privacy issues forced Google, Facebook 

and I think Twitter are now fully available behind https. 

TLS is no longer expensive

   http://www.imperialviolet.org/2010/06/25/overclocking-ssl.html

of course I am not asking for these optimisations right now. But the IO and actor

model should already make huge improvements over previous web apps.

Furthermore https can be used as a distributed authentication system already built

into the browser - see the work at the W3C http://webid.info/spec

Finally a lot of the problems of https CAs are going to melt away with the adoption

of DNSsec and protocols such as DANE that work with it.

     http://tools.ietf.org/wg/dane/

So it's a bit difficult to use this IO library without TLS support :-) It seems to be brilliant

otherwise. (I'd have to use it to be able to testify of course)

Henry

Cheers,

√

On Tue, Jan 31, 2012 at 1:24 PM, Henry Story <henry...@gmail.com> wrote:

I can't figure out how to make either a client or a server connection protected with
TLS.

  http://akka.io/docs/akka/2.0-M3/scala/io.html

Any pointers?

       Henry

Social Web Architect
http://bblfish.net/

--
Viktor Klang

Akka Tech Lead

Typesafe - The software stack for applications that scale

Twitter: @viktorklang

--
You received this message because you are subscribed to the Google Groups "Akka User List" group.
To post to this group, send email to akka...@googlegroups.com.
To unsubscribe from this group, send email to akka-user+...@googlegroups.com.
For more options, visit this group at http://groups.google.com/group/akka-user?hl=en.

[Derek Williams]

Hi Henry,

It is something I'd like to try implementing at some point. I've been working on getting everything as solid as I can, and I hope to be able add additional features like SSL/TLS in the future.

It's good to get any feedback I can on the current implementation since as far as I know I'm the only one that has tried to use it (not to mention my simple iteratee could have the ability to upset both iteratee fans and haters).

So congrats, you are my first real source of feedback :)

--

Derek Williams

[Henry Story]

On 31 Jan 2012, at 17:53, Derek Williams wrote:

Hi Henry,

It is something I'd like to try implementing at some point. I've been working on getting everything as solid as I can, and I hope to be able add additional features like SSL/TLS in the future.

I suppose it would be worth getting an idea of how difficult adding TLS could end up

being. Clearly it should not affect your Iteratee code at all, since that is just parsing

the stream. 

It could be that this is really very easy: that all that requires doing is allowing the user

to specify what type of socket is required on a call to 

val socket = IOManager(actorSystem).connect("remotehost", 80)

So perhaps something like

val socket = IOManager(actorSystem).connect("remotehost", 80, SSLSocket)

is all that is needed. A Socket Factory that could be set somewhere could allow

us all then to decide on whether to create

a java.net.Socket

or a javax.net.ssl.SSLSocket

It might worth just allowing some functionality like this in the beta mode, then others here

can send you feedback and show implementations that use it.

It's good to get any feedback I can on the current implementation since as far as I know I'm the only one that has tried to use it (not to mention my simple iteratee could have the ability to upset both iteratee fans and haters).

Without TLS I can't really give you feedback, because  I can not use it for my use case which 

requires fetching https as well as http pages. 

So congrats, you are my first real source of feedback :)

I am very intrigued by your library and really would like to try it out.  

    Henry

[Derek Williams]

On Tue, Jan 31, 2012 at 10:23 AM, Henry Story <henry...@gmail.com> wrote:

is all that is needed. A Socket Factory that could be set somewhere could allow

us all then to decide on whether to create

a java.net.Socket

or a javax.net.ssl.SSLSocket

It might worth just allowing some functionality like this in the beta mode, then others here

can send you feedback and show implementations that use it.

Unfortunately, SSLSocket doesn't support nonblocking operations so it can't be used. SSLEngine would need to be used to encrypt/decrypt data, but there is also some extra work that has to be done to set that all up.

--

Derek Williams

[Mike Slinn]

Http chunked mode causes problems for some routers and proxies, doubly
so when encrypted.

Secure websocket support would be most cool. Websocket is bidirectional,
unlike HTTP, so half the number of channels would be required.

Mike

[√iktor Ҡlang]

I thought proxies just did a passthru on CONNECT?

--
You received this message because you are subscribed to the Google Groups "Akka User List" group.
To post to this group, send email to akka...@googlegroups.com.

To unsubscribe from this group, send email to akka-user+unsubscribe@googlegroups.com.

For more options, visit this group at http://groups.google.com/group/akka-user?hl=en.

[Mike Slinn]

HTTP 1.1 chunked mode holds connections open. Many proxies do not like that and so will close streaming connections. I go into a lot of detail on that in my first book. Possibly 10% of the book talks about different types of connections.

Mike

[Henry Story]

Ah yes, that is unfortunate!

  Still it seems that given the interest of different people here for very different types

of connectors, which you won't have time to all implement simultaneously, it might

be a good idea to allow that to be modular, so that others can start working on their 

pet project. I would just have to hope that someone was really passionate about writing

a non blocking TLS Socket....

Henry

--

Derek Williams

--
You received this message because you are subscribed to the Google Groups "Akka User List" group.
To post to this group, send email to akka...@googlegroups.com.
To unsubscribe from this group, send email to akka-user+...@googlegroups.com.
For more options, visit this group at http://groups.google.com/group/akka-user?hl=en.

[Hiram Chirino]

I've not looked into Akka IO too closely yet but I've got to a assume it's similar to the HawtDispatch IO model.  If that's  case, perhaps it's SSL abstraction impl will you you build one for Akka IO.  It provides a non-blocking implementation of ScatteringByteChannel and GatheringByteChannel.

https://github.com/fusesource/hawtdispatch/blob/master/hawtdispatch-transport/src/main/java/org/fusesource/hawtdispatch/transport/SslTransport.java#L95

--

Hiram Chirino

Software Fellow | FuseSource Corp.

chi...@fusesource.com | fusesource.com

skype: hiramchirino | twitter: @hiramchirino

blog: Hiram Chirino's Bit Mojo

[Henry Story]

I added a ticket for this issue

http://www.assembla.com/spaces/akka/tickets/1933-missking-https-------support-(-aka-http-over-ssl-or-tls-)

A bit too late for 2.0 perhaps, hopefully it will make it in soon.

Henry

[Akka Team]

On Mon, Dec 17, 2012 at 3:27 PM, Bora Gonul <gonu...@gmail.com> wrote:

Hi I just wondered if there is any update on TLS support for IO ?

Nothing new, as far as I know. Can the SSL support for remoting (new feature in akka 2.1) be reused somehow? It's built on Java Secure Socket Extension. http://doc.akka.io/docs/akka/snapshot/scala/remoting.html#SSL

/Patrik

 

20 Mart 2012 Salı 17:19:58 UTC+2 tarihinde Henry Story yazdı:

--

>>>>>>>>>> Read the docs: http://akka.io/docs/
>>>>>>>>>> Check the FAQ: http://akka.io/faq/
>>>>>>>>>> Search the archives: https://groups.google.com/group/akka-user
---

You received this message because you are subscribed to the Google Groups "Akka User List" group.

To post to this group, send email to akka...@googlegroups.com.
To unsubscribe from this group, send email to akka-user+...@googlegroups.com.

Visit this group at http://groups.google.com/group/akka-user?hl=en.
 
 

--

Akka Team

Typesafe - The software stack for applications that scale

Blog: letitcrash.com
Twitter: @akkateam

[√iktor Ҡlang]

No, I don't think so. Also, SSLEngine and pals in Java are horribly broken and one of the worst APIs in the stdlib... :/

Viktor Klang

Director of Engineering

Typesafe - The software stack for applications that scale

Twitter: @viktorklang