-
Notifications
You must be signed in to change notification settings - Fork 1.9k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
No ALPNProcessor for org.bouncycastle.jsse.provider.ProvSSLEngine error with jetty http2 client #12428
Comments
Jetty 11 is at end of community support, see: Having said that, we do not have an implementation of In any case, if this feature is contributed (by you?) or implemented by us, it will be done in Jetty 12. |
i was able to write a custom implementation following the Conscrypt implementation and run BCJSSE with jetty. import java.security.Security;
import javax.net.ssl.SSLEngine;
import org.bouncycastle.jsse.provider.BouncyCastleJsseProvider;
import org.eclipse.jetty.alpn.client.ALPNClientConnection;
import org.eclipse.jetty.io.Connection;
import org.eclipse.jetty.io.ssl.ALPNProcessor;
import org.eclipse.jetty.io.ssl.SslConnection;
import org.eclipse.jetty.io.ssl.SslHandshakeListener;
public class BouncyCastleClientALPNProcessor implements ALPNProcessor.Client {
@Override
public void init() {
if (Security.getProvider("BCJSSE") == null) {
Security.addProvider(new BouncyCastleJsseProvider());
System.out.println("Added BouncyCastle JSSE provider");
}
}
@Override
public boolean appliesTo(SSLEngine sslEngine) {
return sslEngine.getClass().getName().startsWith("org.bouncycastle.jsse.provider.");
}
@Override
public void configure(SSLEngine sslEngine, Connection connection) {
try {
ALPNClientConnection alpn = (ALPNClientConnection) connection;
String[] protocols = alpn.getProtocols().toArray(new String[0]);
sslEngine.setHandshakeApplicationProtocolSelector((engine, protocolsList) -> {
for (String protocol : protocolsList) {
for (String supported : protocols) {
if (supported.equals(protocol)) {
return protocol;
}
}
}
return null;
});
((SslConnection.DecryptedEndPoint) connection.getEndPoint()).getSslConnection()
.addHandshakeListener(new ALPNListener(alpn));
} catch (RuntimeException x) {
throw x;
} catch (Exception x) {
throw new RuntimeException(x);
}
}
private final class ALPNListener implements SslHandshakeListener {
private final ALPNClientConnection alpnConnection;
private ALPNListener(ALPNClientConnection connection) {
alpnConnection = connection;
}
@Override
public void handshakeSucceeded(Event event) {
System.out.println("Entering handshakeSucceeded");
try {
SSLEngine sslEngine = alpnConnection.getSSLEngine();
String protocol = sslEngine.getApplicationProtocol();
System.out.println("Selected "+ protocol + " for " + alpnConnection);
alpnConnection.selected(protocol);
} catch (Throwable e) {
System.out.println("Unable to process BouncyCastle ApplicationProtocol for "+ alpnConnection);
System.out.println("handshakeSucceeded exception " + e);
alpnConnection.selected(null);
}
}
}
} |
@sanjerai if you want to write also a server-side implementation, and make a PR against the Please read: https://github.com/jetty/jetty.project/blob/jetty-12.0.x/CONTRIBUTING.md |
Jetty Version
11.0.20
Jetty Environment
Java Version
JDK 17
Question
I am trying to use jetty client in a spring boot app injected into spring webclient to make TLS1.3 over HTTP2 requests. Also i am using bouncycastle tls library as a security provider as i have a use case to retrieve master secret after TLS handshake which i plan to do using BCTLS.
my pom.xml snippet
my bean configurations
on triggering the call I am facing below issue always and am not able to understand how to resolve this issue. help with this will be appreciated.
The text was updated successfully, but these errors were encountered: