Hi Andrew, your observation is correct. Server side TLS configuration is only possible through code right now. We have tickets to track improving documentation and maybe adding the configuration based approach
https://github.com/akka/akka-http/issues/55 https://github.com/akka/akka-http/issues/237 The basic problem is that security recommendations change all the time and people will just copy and paste any code we give, so we need to make sure to provide the right amount of information without claiming it to be the recommendation for best security. In our test suite we have an example of just creating the data structures from certificates / keys in one particular format here: https://github.com/akka/akka-http/blob/5932237a86a432d623fafb1e84eeeff56d7485fe/akka-http-core/src/test/scala/akka/http/impl/util/ExampleHttpContexts.scala#L21-L21 For better security you should also adapt the set of ciphers, etc. Johannes On Wednesday, May 17, 2017 at 10:20:51 AM UTC+2, Andrew Norman wrote: > > The information for setting up akka-http ssl is very cluttered / > inaccurate / dated / and referencing mismatched links from other systems > (such as Play WS ssl client configurations) which doesn't really tell you > how to implement server-side ssl. Every code example I see out there on how > to setup ssl with Akka-http doesn't use the "config-based" setup but does > the setup in the code. Those examples are actually missing the critical > last piece of initializing the sslContext with the keyManagers, > truestManagers, and SecureRandom settings to make it run. (Since the > sslContext > was never initialized it throws an initialization error) > > > sslContext.init(keyManagerFactory.getKeyManagers, tmf.getTrustManagers, > SecureRandom.getInstanceStrong) > > > So putting this together I'm drawling the conclusion: > > - the config-based approach to enabling ssl is not completely wired > into a functional solution for akka-http > - the examples on the website need to be updated to show a true > working setup (see above code snipped that needs to be included to make > that happen) > - documentation should be added to not send users down a wild goose > chase of trying to implement a config based https setup with Play's WS > ssl-config.ssl (*at least not until this is offically supported by > akka-http*) > > > Am I right with my assumptions or am I missing something here. > > Also, is there a timeline on when a true config-based ssl will be > functionally complete for akka-http? > -- >>>>>>>>>> Read the docs: http://akka.io/docs/ >>>>>>>>>> Check the FAQ: >>>>>>>>>> http://doc.akka.io/docs/akka/current/additional/faq.html >>>>>>>>>> Search the archives: https://groups.google.com/group/akka-user --- You received this message because you are subscribed to the Google Groups "Akka User List" group. To unsubscribe from this group and stop receiving emails from it, send an email to akka-user+unsubscr...@googlegroups.com. To post to this group, send email to akka-user@googlegroups.com. Visit this group at https://groups.google.com/group/akka-user. For more options, visit https://groups.google.com/d/optout.
