I just got back to this project and after some finagling, I was able to support TLS negotiation mid-stream[0]. Basically what I did was have a stateful stage on inbound and outbound[1] that I then mapped to something based on whether it needed to be secure or not. Then I used a broadcast/merge approach to send it to the TLS side and non-TLS side and just had each one ignore the message based on whether encryption was needed or not[0]. I am now able to perform encrypted IMAP in my rudimentary, unfinished (and still uglily-coded) library[2]. Progress!
I still think that making the "tracing" option visible in SslTlsCipherActor would be helpful to others (I put in a breakpoint and changed the value at runtime). Between that and "-Djavax.net.debug=ssl,handshake" I was able to get what I needed. 0 - https://github.com/cretz/scimap/blob/808034c066e3a09a5fec49937a9bd65411976648/src/main/scala/scimap/handler/FlowBuilder.scala#L93 1 - https://github.com/cretz/scimap/blob/808034c066e3a09a5fec49937a9bd65411976648/src/main/scala/scimap/handler/TlsStatefulWrapperStage.scala 2 - https://github.com/cretz/scimap/blob/808034c066e3a09a5fec49937a9bd65411976648/src/it/scala/scimap/JavaMailSpec.scala#L76 On Thursday, June 18, 2015 at 11:34:56 AM UTC-5, Chad Retz wrote: > > Yeah, I was thinking about using a FlexiMerge/FlexiRoute approach on top > of the bidi flow to switch from placebo to normal flow. I will update > if/when I have a working result. > > On Monday, June 15, 2015 at 3:46:03 PM UTC-5, rkuhn wrote: >> >> Given how hard it was to get TLS implemented in the first place I’m >> slightly terrified by the idea of switching out such a complex stream piece >> while things are running—that would require quite some external >> coordination to ensure that no bytes are lost or take the wrong route. >> >> If you want to work on this then you’ll need to create a 2-in 2-out >> stream Actor that forwards elements and demand across its four ports to a >> replaceable center piece and also accepts a fifth input channel for being >> told when to do so (replaceShape does not feature in this story). In >> particular it will be interesting to properly onComplete and drain the >> placebo before replacing it. >> >> Regards, >> >> Roland >> >> 8 jun 2015 kl. 21:46 skrev Chad Retz <[email protected]>: >> >> I am doing something very similar to >> https://groups.google.com/forum/#!searchin/akka-user/starttls/akka-user/2385IqTOIXM/udvxMhnjs8cJ >> >> where I need to initiate negotiation when the client requests it (I am >> doing it for IMAP). Some questions about the TLS in Akka streams currently: >> >> * I see the replaceShape of the TlsModule bidi flow is considered >> "internal". Any suggestions about how to switch from plaintext to TLS after >> the connection has been established? I essentially want to go from >> SslTlsPlacebo to SslTls. I figure this is basically asking how to switch >> out a flow mid-process, but in this case I can't use a stateful stage if I >> hope to use the high-level TLS API unless I'm missing something. >> * Any chance of opening up the "tracing" in SslTlsCipherActor? I am >> stepping through things for now as I try to understand the system...just >> thought it'd be worth mentioning that a trace config might be helpful. >> * Beyond the TlsSpec and the HTTPS impl, does anyone else have examples >> of using the Tls libraries? >> >> Thanks. >> >> -- >> >>>>>>>>>> Read the docs: http://akka.io/docs/ >> >>>>>>>>>> Check the FAQ: >> http://doc.akka.io/docs/akka/current/additional/faq.html >> >>>>>>>>>> Search the archives: https://groups.google.com/group/akka-user >> --- >> You received this message because you are subscribed to the Google Groups >> "Akka User List" group. >> To unsubscribe from this group and stop receiving emails from it, send an >> email to [email protected]. >> To post to this group, send email to [email protected]. >> Visit this group at http://groups.google.com/group/akka-user. >> For more options, visit https://groups.google.com/d/optout. >> >> >> >> >> *Dr. Roland Kuhn* >> *Akka Tech Lead* >> Typesafe <http://typesafe.com/> – Reactive apps on the JVM. >> twitter: @rolandkuhn >> <http://twitter.com/#!/rolandkuhn> >> >> -- >>>>>>>>>> Read the docs: http://akka.io/docs/ >>>>>>>>>> Check the FAQ: >>>>>>>>>> http://doc.akka.io/docs/akka/current/additional/faq.html >>>>>>>>>> Search the archives: https://groups.google.com/group/akka-user --- You received this message because you are subscribed to the Google Groups "Akka User List" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. Visit this group at http://groups.google.com/group/akka-user. For more options, visit https://groups.google.com/d/optout.
