Luke,
well we'll have to look into a JSSE wrapper for OpenSSL again, although
Conscrypt has worked fine for some clients, so still worthwhile pushing
them to fix any outstanding issues.
Also, our priorities are influenced by our commercial support partners, so
just a reminder that if there are
Hi Greg,
Realistically I couldn't do the unix socket thing, I think it wouldn't be
considered secure enough since clear text sensitive data would be easily
available via that socket. Although even if that is not true, I think our
clients would just not be ok with anything other than encryption
Also I note that it appears that netty is wrapping OpenSSL as a SslEngine,
so we could look at either doing the same or even reusing their wrapper
(although it appears to pull in a lot of netty util and handlers).
On Fri, 19 Mar 2021 at 12:42, Greg Wilkins wrote:
> So unix sockets an option?
>