On Aug 13, 2014, at 22:11, Bernd Eckenfels <[email protected]> wrote:
> Just a BTW: It would be really cool to have a SPI interface for that, so > people who need SRP, CCM or shared secret handshakes (or stuff like NPN?) > don't need to use a third party SSL engine. Are they all ciphersuites not based on certificates? My main area is Kerberos so have never heard of them, but I'll be very glad if we can support them in some way. My current webrev is at http://cr.openjdk.java.net/~weijun/8038089/webrev.02/. There is an ExternalCipherSuiteProvider interface but you can see it is not really general and uses Kerberos-concept like ticket. Also inside the SSL codes I create a Krb5Helper which will be called when TLS_KRB5_* ciphersuites are used, like this case K_KRB5: case K_KRB5_EXPORT: Krb5Helper.doXXX(...): Ideally, in order to deal with other ExternalCipherSuiteProvider impls, it should be something like default: getExternalHelper(keyExchange).doXXX(...) Anyway, please tell me if this step is something you believe useful and what kind of change is needed to be able to support more ciphersuites. The interface is now internal so we can evolve it later. Any contribution is welcomed. Thanks Max
