NIO Java client and multiple SSL contexts
32 views
Skip to first unread message
Dmitry Andrianov
Feb 11, 2017, 9:03:48 AM2/11/17
to rabbitmq-users
Hello.
Now when Java client supports NIO, it provides for lots and lots connections to be managed with a handful of threads.
However how does it work if each client connection requires its own client certificate (and consequently - an SSL context)?
If I read the code correctly, it is not possible because sslContext is passed to SocketChannelFrameHandlerFactory when it is initialised which happens only for the first connection.
If I am right, and the current client does not allow that - is it something just overlooked / low priority or was it a conscious decision to not support it for some reason?
Is there a known way to work around it and still use NIO?
I am thinking of a stress-test for RabbitMQ server for which lots and lots of client connections need to be established. But to simulate the real life situation, these better be different clients - each with its own SSL certificate/username. Doing that with NIO-enabled client in theory allows more client connections from a single machine because only a few threads are required to maintain them compared to thousands threads with the old client.
Many thanks.
Dmitry
Now when Java client supports NIO, it provides for lots and lots connections to be managed with a handful of threads.
However how does it work if each client connection requires its own client certificate (and consequently - an SSL context)?
If I read the code correctly, it is not possible because sslContext is passed to SocketChannelFrameHandlerFactory when it is initialised which happens only for the first connection.
If I am right, and the current client does not allow that - is it something just overlooked / low priority or was it a conscious decision to not support it for some reason?
Is there a known way to work around it and still use NIO?
I am thinking of a stress-test for RabbitMQ server for which lots and lots of client connections need to be established. But to simulate the real life situation, these better be different clients - each with its own SSL certificate/username. Doing that with NIO-enabled client in theory allows more client connections from a single machine because only a few threads are required to maintain them compared to thousands threads with the old client.
Many thanks.
Dmitry
Arnaud Cogoluègnes
Feb 13, 2017, 3:45:04 AM2/13/17
to rabbitm...@googlegroups.com
The scenario you're suggesting isn't possible with the current implementation of the Java client. It's worth investigating though, e.g. by using a SslContextFactory to create SslContexts when the connection is created. The factory would need a bit of context, e.g. a client id/name (we already have a clientProvidedName parameter that could do the job). It may require changing some API, but no too much hopefully.
I filled in an issue: https://github.com/rabbitmq/rabbitmq-java-client/issues/241.
hivehome.com--Hive | London | Cambridge | Houston | TorontoThe information contained in or attached to this email is confidential and intended only for the use of the individual(s) to which it is addressed. It may contain information which is confidential and/or covered by legal professional or other privilege. The views expressed in this email are not necessarily the views of Centrica plc, and the company, its directors, officers or employees make no representation or accept any liability for their accuracy or completeness unless expressly stated to the contrary.Hive is the trading name of Centrica Connected Home Limited (company no: 5782908), registered in England and Wales with its registered office at Millstream, Maidenhead Road, Windsor, Berkshire SL4 5GD.
You received this message because you are subscribed to the Google Groups "rabbitmq-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to rabbitmq-users+unsubscribe@googlegroups.com.
To post to this group, send email to rabbitmq-users@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
Reply all
Reply to author
Forward
0 new messages