akka-http ssl setup documentation / examples isn't very clear. Is config-based
603 views
Skip to first unread message
Andrew Norman
May 17, 2017, 4:20:51 AM5/17/17
to Akka User List
The information for setting up akka-http ssl is very cluttered / inaccurate / dated / and referencing mismatched links from other systems (such as Play WS ssl client configurations) which doesn't really tell you how to implement server-side ssl. Every code example I see out there on how to setup ssl with Akka-http doesn't use the "config-based" setup but does the setup in the code. Those examples are actually missing the critical last piece of initializing the sslContext with the keyManagers, truestManagers, and SecureRandom settings to make it run. (Since the sslContext was never initialized it throws an initialization error)
sslContext.init(keyManagerFactory.getKeyManagers, tmf.getTrustManagers, SecureRandom.getInstanceStrong)
So putting this together I'm drawling the conclusion:
- the config-based approach to enabling ssl is not completely wired into a functional solution for akka-http
- the examples on the website need to be updated to show a true working setup (see above code snipped that needs to be included to make that happen)
- documentation should be added to not send users down a wild goose chase of trying to implement a config based https setup with Play's WS ssl-config.ssl (at least not until this is offically supported by akka-http)
Am I right with my assumptions or am I missing something here.
Also, is there a timeline on when a true config-based ssl will be functionally complete for akka-http?
abd...@wealthtech.in
May 18, 2017, 12:57:58 AM5/18/17
to Akka User List
recently I was also working on AKKA Http SSL and I would agree to your comment upto some extent, nevertheless I succeeded implementing SSL using sslContext and not using sslConfig at all.... I referred to documentation only ...
here's a link which may help you ... http://stackoverflow.com/questions/43468803/ssl-config-or-sslcontext-to-be-used-in-akka-http-ssl-java
if you need more help let me know
Andrew Norman
May 19, 2017, 6:29:56 PM5/19/17
to Akka User List
We've both gotten ssl to work in a manual (aka non-sslConfig) way. My question still stands though. Has the sslConfig actually been wired to work with akka-http or is this still something being worked on? If the former is there any example to a config-based ssl integration?
And please don't link the reference from the akka-http website that showcases play client ssl configurations that really doesn't apply to a server-side ssl setup
johannes...@lightbend.com
May 22, 2017, 5:13:33 AM5/22/17
to Akka User List
Hi Andrew,
your observation is correct. Server side TLS configuration is only possible through code right now. We have tickets to track improving documentation and maybe adding the configuration based approach
The basic problem is that security recommendations change all the time and people will just copy and paste any code we give, so we need to make sure to provide the right amount of information without claiming it to be the recommendation for best security.
In our test suite we have an example of just creating the data structures from certificates / keys in one particular format here:
For better security you should also adapt the set of ciphers, etc.
Johannes
Reply all
Reply to author
Forward
0 new messages