Geek asks and answers

Two-way SSL authentication in Netty

I am working on a server and client based application that requires two-way SSL authentication. (The client authenticates the server and the server authenticates the client using SSL certificates.)

I am new to Netty and have little doubt about it.

  • Is two-way authentication possible with Netty?
  • Could this be just achievable by adding another SslHandler to the pipefactories of the server and client?
  • If this is true, how can I capture the required SslHandler in the ChannelConnected () method to execute SslHandshake? And Is it possible to call a second handshake in the ChannelConected () method, again calling the pipeline?
  • Are there any examples that I could reference this?

I really appreciate any help in this, answers or push in the right direction.

Thanks for the advanced.

+3
source share
3 answers

Is two-way authentication possible with Netty?

Yes

Could this be just achievable by adding another SslHandler to the pipefactories of the server and client?

Yes

If this is true, how can I capture the required SslHandler in the ChannelConnected () method to execute SslHandshake?

You need to configure the keystore and trust store correctly during creation SSLContext.

And Is it possible to call a second handshake in the ChannelConected () method, again calling the pipeline?

From memory, client and server authentication is performed in the first handshake.

On the client, install the client’s private key in the keystore and the server’s public key in the trust store.

On the server, install the server’s private key in the keystore and the client’s public key in the trust store.

, ?

  • example websockets. , . serverContext.init(kmf.getKeyManagers(), null, null);

  • Scala .

  • java , SSLContext.

, .

+11

, , , . , , -, .

, .

+3

SSL is a presentation layer protocol, and SSL is established immediately after a socket connection is established and before the application layer receives an available socket connection. No matter what application you use, if you have SSL protocol level, you can work through SSL.

Two-way authentication is just the configuration issue mentioned above in @EJP. If both parties can establish and verify each other in a chain of trust, then a handshake will succeed. Refer to the network setup guide to configure SSL stores.

+1
source

More articles:


All Articles