Thanks for pushing this! I have not yet reviewed your code, but once it works and is clean enough it would be great to consider a PR to add this functionality to Akka Streams.
Regards, Roland > 13 jul 2015 kl. 08:33 skrev Chad Retz <[email protected]>: > > I just got back to this project and after some finagling, I was able to > support TLS negotiation mid-stream[0]. Basically what I did was have a > stateful stage on inbound and outbound[1] that I then mapped to something > based on whether it needed to be secure or not. Then I used a broadcast/merge > approach to send it to the TLS side and non-TLS side and just had each one > ignore the message based on whether encryption was needed or not[0]. I am now > able to perform encrypted IMAP in my rudimentary, unfinished (and still > uglily-coded) library[2]. Progress! > > I still think that making the "tracing" option visible in SslTlsCipherActor > would be helpful to others (I put in a breakpoint and changed the value at > runtime). Between that and "-Djavax.net.debug=ssl,handshake" I was able to > get what I needed. > > 0 - > https://github.com/cretz/scimap/blob/808034c066e3a09a5fec49937a9bd65411976648/src/main/scala/scimap/handler/FlowBuilder.scala#L93 > 1 - > https://github.com/cretz/scimap/blob/808034c066e3a09a5fec49937a9bd65411976648/src/main/scala/scimap/handler/TlsStatefulWrapperStage.scala > 2 - > https://github.com/cretz/scimap/blob/808034c066e3a09a5fec49937a9bd65411976648/src/it/scala/scimap/JavaMailSpec.scala#L76 > > On Thursday, June 18, 2015 at 11:34:56 AM UTC-5, Chad Retz wrote: > Yeah, I was thinking about using a FlexiMerge/FlexiRoute approach on top of > the bidi flow to switch from placebo to normal flow. I will update if/when I > have a working result. > > On Monday, June 15, 2015 at 3:46:03 PM UTC-5, rkuhn wrote: > Given how hard it was to get TLS implemented in the first place I’m slightly > terrified by the idea of switching out such a complex stream piece while > things are running—that would require quite some external coordination to > ensure that no bytes are lost or take the wrong route. > > If you want to work on this then you’ll need to create a 2-in 2-out stream > Actor that forwards elements and demand across its four ports to a > replaceable center piece and also accepts a fifth input channel for being > told when to do so (replaceShape does not feature in this story). In > particular it will be interesting to properly onComplete and drain the > placebo before replacing it. > > Regards, > > Roland > >> 8 jun 2015 kl. 21:46 skrev Chad Retz <[email protected] <>>: >> >> I am doing something very similar to >> https://groups.google.com/forum/#!searchin/akka-user/starttls/akka-user/2385IqTOIXM/udvxMhnjs8cJ >> >> <https://groups.google.com/forum/#!searchin/akka-user/starttls/akka-user/2385IqTOIXM/udvxMhnjs8cJ> >> where I need to initiate negotiation when the client requests it (I am >> doing it for IMAP). Some questions about the TLS in Akka streams currently: >> >> * I see the replaceShape of the TlsModule bidi flow is considered >> "internal". Any suggestions about how to switch from plaintext to TLS after >> the connection has been established? I essentially want to go from >> SslTlsPlacebo to SslTls. I figure this is basically asking how to switch out >> a flow mid-process, but in this case I can't use a stateful stage if I hope >> to use the high-level TLS API unless I'm missing something. >> * Any chance of opening up the "tracing" in SslTlsCipherActor? I am stepping >> through things for now as I try to understand the system...just thought it'd >> be worth mentioning that a trace config might be helpful. >> * Beyond the TlsSpec and the HTTPS impl, does anyone else have examples of >> using the Tls libraries? >> >> Thanks. >> >> -- >> >>>>>>>>>> Read the docs: http://akka.io/docs/ <http://akka.io/docs/> >> >>>>>>>>>> Check the FAQ: >> >>>>>>>>>> http://doc.akka.io/docs/akka/current/additional/faq.html >> >>>>>>>>>> <http://doc.akka.io/docs/akka/current/additional/faq.html> >> >>>>>>>>>> Search the archives: https://groups.google.com/group/akka-user >> >>>>>>>>>> <https://groups.google.com/group/akka-user> >> --- >> You received this message because you are subscribed to the Google Groups >> "Akka User List" group. >> To unsubscribe from this group and stop receiving emails from it, send an >> email to [email protected] <>. >> To post to this group, send email to [email protected] <>. >> Visit this group at http://groups.google.com/group/akka-user >> <http://groups.google.com/group/akka-user>. >> For more options, visit https://groups.google.com/d/optout >> <https://groups.google.com/d/optout>. > > > > Dr. Roland Kuhn > Akka Tech Lead > Typesafe <http://typesafe.com/> – Reactive apps on the JVM. > twitter: @rolandkuhn > <http://twitter.com/#!/rolandkuhn> > > > -- > >>>>>>>>>> Read the docs: http://akka.io/docs/ <http://akka.io/docs/> > >>>>>>>>>> Check the FAQ: > >>>>>>>>>> http://doc.akka.io/docs/akka/current/additional/faq.html > >>>>>>>>>> <http://doc.akka.io/docs/akka/current/additional/faq.html> > >>>>>>>>>> Search the archives: https://groups.google.com/group/akka-user > >>>>>>>>>> <https://groups.google.com/group/akka-user> > --- > You received this message because you are subscribed to the Google Groups > "Akka User List" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected] > <mailto:[email protected]>. > To post to this group, send email to [email protected] > <mailto:[email protected]>. > Visit this group at http://groups.google.com/group/akka-user > <http://groups.google.com/group/akka-user>. > For more options, visit https://groups.google.com/d/optout > <https://groups.google.com/d/optout>. Dr. Roland Kuhn Akka Tech Lead Typesafe <http://typesafe.com/> – Reactive apps on the JVM. twitter: @rolandkuhn <http://twitter.com/#!/rolandkuhn> -- >>>>>>>>>> Read the docs: http://akka.io/docs/ >>>>>>>>>> Check the FAQ: >>>>>>>>>> http://doc.akka.io/docs/akka/current/additional/faq.html >>>>>>>>>> Search the archives: https://groups.google.com/group/akka-user --- You received this message because you are subscribed to the Google Groups "Akka User List" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. Visit this group at http://groups.google.com/group/akka-user. For more options, visit https://groups.google.com/d/optout.
