anmolnar opened a new pull request, #2009: URL: https://github.com/apache/zookeeper/pull/2009
Use SslContextBuilder to create SSL context for Netty on both client and server side. This will allow users to enable OpenSSL (or other native SSL lib) support if it's installed in the OS and classpath is set up properly. Usage guide: https://netty.io/wiki/forked-tomcat-native.html OpenSSL support enabled on Ubuntu 20.04 looks like this: ``` 2023-06-14 17:09:00,453 [myid:] - DEBUG [nioEventLoopGroup-8-1:o.a.z.c.X509Util@581] - Using Java9+ optimized cipher suites for Java version 11 2023-06-14 17:09:00,470 [myid:] - DEBUG [nioEventLoopGroup-8-1:i.n.u.i.NativeLibraryLoader@384] - Successfully loaded the library /tmp/libnetty_tcnative_linux_x86_643947969347517419998.so 2023-06-14 17:09:00,470 [myid:] - DEBUG [nioEventLoopGroup-8-1:i.n.h.s.OpenSsl@162] - Initialize netty-tcnative using engine: 'default' 2023-06-14 17:09:00,471 [myid:] - DEBUG [nioEventLoopGroup-8-1:i.n.h.s.OpenSsl@189] - netty-tcnative using native library: OpenSSL 1.0.2g 1 Mar 2016 ... 023-06-14 17:09:00,546 [myid:] - DEBUG [nioEventLoopGroup-8-1:i.n.h.s.OpenSsl@442] - Supported protocols (OpenSSL): [SSLv2Hello, TLSv1, TLSv1.1, TLSv1.2] 2023-06-14 17:09:00,546 [myid:] - DEBUG [nioEventLoopGroup-8-1:i.n.h.s.OpenSsl@443] - Default cipher suites (OpenSSL): [TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384... ``` Without that setup, Netty will fallback to JDK SSL context which is the original behaviour. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: notifications-unsubscr...@zookeeper.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org