Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Revisit HTTP server TLS setup #370

Closed
bclozel opened this issue Jun 4, 2018 · 1 comment
Closed

Revisit HTTP server TLS setup #370

bclozel opened this issue Jun 4, 2018 · 1 comment
Labels
type/enhancement A general enhancement
Milestone
0.8.0.M1

Comments

@bclozel
Copy link
Member

bclozel commented Jun 4, 2018
edited
Loading

There are currently two ways to configure TLS for an HttpServer.

HttpServer.create().secure() will setup TLS with:

  • a default SelfSignedCertificate
  • OpenSSL or JDK as an SslProvider depending on which is available
  • http/2 ciphers, ALPN support
  • both h2 and http/1.1 support

HttpServer.create().secure((contextSpec) -> contextSpec.forServer().sslContext(Consumer<SslContextBuilder>) will setup TLS with whatever is given as an argument. This is giving full control, but also no defaults.

So the "simple" setup gives you most defaults, except the self-signed certificate; choosing a self-signed cert should be a conscious choice by the developer, or a testing utility.

The "complex" setup gives you full control, but you often end up copying/pasting reactor's code and just changing a couple of things.

I'm wondering if we could have variants like this instead:

  • sslContext(Consumer<SslContextBuilder>) sets up an incomplete context for you; you need to set your certificate and you can choose to override the defaults
  • sslContext(Supplier<SslContext>), gives you full control and no defaults
  • and a high level HttpServer.create().secure(/* argument providing the server certification */); there might be many variants for that, so we need to discuss what to do here
@bclozel bclozel added the type/enhancement A general enhancement label Jun 4, 2018
@bclozel bclozel added this to the 0.8.0.M1 milestone Jun 4, 2018
@bclozel bclozel mentioned this issue Jun 4, 2018
Closed
@violetagg violetagg mentioned this issue Jun 8, 2018
Closed
24 tasks
violetagg added a commit that referenced this issue Jul 5, 2018
@violetagg
fix #382 Expose new HttpServer method for enable ssl with self singed…
a58c7b3 
… certificate.

Expose API for choosing the default SslContext configuration

Related to issue #370
@violetagg
Copy link
Member

@bclozel Can you check this approach #383 and give us feedback?

@violetagg violetagg mentioned this issue Jul 5, 2018
Merged
violetagg added a commit that referenced this issue Jul 5, 2018
@violetagg
fix #382 Expose new HttpServer method for enabling ssl with self sing…
48f1be5 
…ed certificate.

Expose API for choosing the default SslContext configuration

Related to issue #370
bclozel added a commit to spring-projects/spring-boot that referenced this issue Jul 6, 2018
@bclozel
Adapt to API changes in Reactor Netty
68a3c23 
The following issue changed the SSL configuration API for both client
and server: reactor/reactor-netty#370
@dreis2211 dreis2211 mentioned this issue Jul 8, 2018
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
type/enhancement A general enhancement
Projects
None yet
Milestone
0.8.0.M1
Development

No branches or pull requests
2 participants
@bclozel @violetagg