[jetty-users] 回复: Does Jetty support the function of export keying material for TLS defined in RFC5705?

Mon, 11 Apr 2022 19:29:12 -0700 

Hi,

I try to use BouncyCastle as the provider by the following code:

Security.addProvider(new BouncyCastleJsseProvider(true));
sslContextFactory.setProvider("BCJSSE");

And the following exception is raised when creating http2 session:
java.lang.IllegalStateException: No ALPNProcessor for 
org.bouncycastle.jsse.provider.ProvSSLEngine_8@989a394
at 
org.eclipse.jetty.alpn.client.ALPNClientConnectionFactory.newConnection(ALPNClientConnectionFactory.java:111)
at 
org.eclipse.jetty.io.ssl.SslClientConnectionFactory.newConnection(SslClientConnectionFactory.java:136)
at 
org.eclipse.jetty.http2.client.HTTP2Client.lambda$doStart$1(HTTP2Client.java:165)
at 
org.eclipse.jetty.http2.client.HTTP2Client$ClientSelectorManager.newConnection(HTTP2Client.java:500)
at org.eclipse.jetty.io.ManagedSelector.createEndPoint(ManagedSelector.java:386)
at org.eclipse.jetty.io.ManagedSelector.access$2100(ManagedSelector.java:65)
at 
org.eclipse.jetty.io.ManagedSelector$CreateEndPoint.run(ManagedSelector.java:1069)
at 
java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1167)
at 
java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:641)
at java.base/java.lang.Thread.run(Thread.java:844)

I think that some enhancement in Jetty should be done to support BouncyCastle, 
is this understanding right?
Best Regards
Bing

________________________________
发件人: jetty-users <jetty-users-boun...@eclipse.org> 代表 Simone Bordet 
<simone.bor...@gmail.com>
发送时间: 2022年4月1日 18:05
收件人: JETTY user mailing list <jetty-users@eclipse.org>
主题: Re: [jetty-users] Does Jetty support the function of export keying material 
for TLS defined in RFC5705?

Hi,

On Fri, Apr 1, 2022 at 11:45 AM Xia Bing <bing_xia...@hotmail.com> wrote:
>
> Hi,  Jetty team,
>
> Could anyone help to clarify the this question:
> After setting up the HTTP2/TLS session by Jetty HTTP2 client, can upper 
> application gets the exported keying material for TLS defined in RFC5705 by 
> some APIs provided by Jetty?
> Looking forward to the reply!

This functionality should be provided by the TLS implementation, and
Jetty can only forward what the TLS implementation provides.
Unfortunately, I don't think the OpenJDK implementation provides EKM,
see https://bugs.openjdk.java.net/browse/JDK-8201287.
If you find otherwise about OpenJDK, let us know.

If you find a way to use EKM with BouncyCastle, let us know how you did it.

--
Simone Bordet
---
Finally, no matter how good the architecture and design are,
to deliver bug-free software with optimal performance and reliability,
the implementation technique must be flawless.   Victoria Livschitz
_______________________________________________
jetty-users mailing list
jetty-users@eclipse.org
To unsubscribe from this list, visit 
https://www.eclipse.org/mailman/listinfo/jetty-users

_______________________________________________
jetty-users mailing list
jetty-users@eclipse.org
To unsubscribe from this list, visit 
https://www.eclipse.org/mailman/listinfo/jetty-users

Reply via email to