io.netty.handler.codec.http2.Http2SecurityUtil Java Examples
The following examples show how to use
io.netty.handler.codec.http2.Http2SecurityUtil.
You can vote up the ones you like or vote down the ones you don't like,
and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example #1
| Source File: NettySslHttp2Factory.java From ambry with Apache License 2.0 | 6 votes |
|
/**
* @param config the {@link SSLConfig}
* @return a configured {@link SslContext} object for a server.
* @throws GeneralSecurityException
* @throws IOException
*/
public static SslContext getClientSslContext(SSLConfig config) throws GeneralSecurityException, IOException {
logger.info("Using {} provider for client ", SslContext.defaultClientProvider());
SslContextBuilder sslContextBuilder;
if (config.sslHttp2SelfSign) {
sslContextBuilder = SslContextBuilder.forClient().trustManager(InsecureTrustManagerFactory.INSTANCE);
logger.info("Using Self Signed Certificate.");
} else {
sslContextBuilder = SslContextBuilder.forClient()
.keyManager(NettySslFactory.getKeyManagerFactory(config))
.trustManager(NettySslFactory.getTrustManagerFactory(config));
}
return sslContextBuilder.sslProvider(SslContext.defaultClientProvider())
/* NOTE: the cipher filter may not include all ciphers required by the HTTP/2 specification.
* Please refer to the HTTP/2 specification for cipher requirements. */
.ciphers(Http2SecurityUtil.CIPHERS, SupportedCipherSuiteFilter.INSTANCE)
.applicationProtocolConfig(new ApplicationProtocolConfig(ApplicationProtocolConfig.Protocol.ALPN,
// NO_ADVERTISE is currently the only mode supported by both OpenSsl and JDK providers.
ApplicationProtocolConfig.SelectorFailureBehavior.NO_ADVERTISE,
// ACCEPT is currently the only mode supported by both OpenSsl and JDK providers.
ApplicationProtocolConfig.SelectedListenerFailureBehavior.ACCEPT, ApplicationProtocolNames.HTTP_2))
.build();
}
Example #2
| Source File: NettySslHttp2Factory.java From ambry with Apache License 2.0 | 6 votes |
|
/**
* @param config the {@link SSLConfig}
* @return a configured {@link SslContext} object for a client.
* @throws GeneralSecurityException
* @throws IOException
*/
static SslContext getServerSslContext(SSLConfig config) throws GeneralSecurityException, IOException {
logger.info("Using {} provider for server SslContext", SslContext.defaultServerProvider());
SslContextBuilder sslContextBuilder;
if (config.sslHttp2SelfSign) {
SelfSignedCertificate ssc = new SelfSignedCertificate();
sslContextBuilder = SslContextBuilder.forServer(ssc.certificate(), ssc.privateKey());
logger.info("Using Self Signed Certificate.");
} else {
sslContextBuilder = SslContextBuilder.forServer(NettySslFactory.getKeyManagerFactory(config))
.trustManager(NettySslFactory.getTrustManagerFactory(config));
}
return sslContextBuilder.sslProvider(SslContext.defaultClientProvider())
.clientAuth(NettySslFactory.getClientAuth(config))
/* NOTE: the cipher filter may not include all ciphers required by the HTTP/2 specification.
* Please refer to the HTTP/2 specification for cipher requirements. */
.ciphers(Http2SecurityUtil.CIPHERS, SupportedCipherSuiteFilter.INSTANCE)
.applicationProtocolConfig(new ApplicationProtocolConfig(ApplicationProtocolConfig.Protocol.ALPN,
// NO_ADVERTISE is currently the only mode supported by both OpenSsl and JDK providers.
ApplicationProtocolConfig.SelectorFailureBehavior.NO_ADVERTISE,
// ACCEPT is currently the only mode supported by both OpenSsl and JDK providers.
ApplicationProtocolConfig.SelectedListenerFailureBehavior.ACCEPT, ApplicationProtocolNames.HTTP_2))
.build();
}
Example #3
| Source File: XrpcClient.java From xrpc with Apache License 2.0 | 6 votes |
|
private SslContext buildSslCtx() {
SslProvider provider = OpenSsl.isAlpnSupported() ? SslProvider.OPENSSL : SslProvider.JDK;
try {
return SslContextBuilder.forClient()
.sslProvider(provider)
.ciphers(Http2SecurityUtil.CIPHERS, SupportedCipherSuiteFilter.INSTANCE)
.trustManager(InsecureTrustManagerFactory.INSTANCE)
// TODO(JR): Make a seperate Handler Class for http2 as opposed to autoneg
// .applicationProtocolConfig(new ApplicationProtocolConfig(
// ApplicationProtocolConfig.Protocol.ALPN,
// // NO_ADVERTISE is currently the only mode supported by both OpenSsl and JDK
// providers.
// ApplicationProtocolConfig.SelectorFailureBehavior.NO_ADVERTISE,
// // ACCEPT is currently the only mode supported by both OpenSsl and JDK
// providers.
// ApplicationProtocolConfig.SelectedListenerFailureBehavior.ACCEPT,
// ApplicationProtocolNames.HTTP_2,
// ApplicationProtocolNames.HTTP_1_1))
.build();
} catch (SSLException e) {
e.printStackTrace();
}
return null;
}
Example #4
| Source File: AwaitCloseChannelPoolMap.java From aws-sdk-java-v2 with Apache License 2.0 | 6 votes |
|
private SslContext sslContext(URI targetAddress) {
URI proxyAddress = proxyAddress(targetAddress);
boolean needContext = targetAddress.getScheme().equalsIgnoreCase("https")
|| proxyAddress != null && proxyAddress.getScheme().equalsIgnoreCase("https");
if (!needContext) {
return null;
}
try {
return SslContextBuilder.forClient()
.sslProvider(sslProvider)
.ciphers(Http2SecurityUtil.CIPHERS, SupportedCipherSuiteFilter.INSTANCE)
.trustManager(getTrustManager())
.keyManager(getKeyManager())
.build();
} catch (SSLException e) {
throw new RuntimeException(e);
}
}
Example #5
| Source File: NettyHttp2Client.java From jmeter-http2-plugin with Apache License 2.0 | 6 votes |
|
private SslContext getSslContext() {
SslContext sslCtx = null;
final SslProvider provider = OpenSsl.isAlpnSupported() ? SslProvider.OPENSSL : SslProvider.JDK;
try {
sslCtx = SslContextBuilder.forClient()
.sslProvider(provider)
.ciphers(Http2SecurityUtil.CIPHERS, SupportedCipherSuiteFilter.INSTANCE)
.trustManager(InsecureTrustManagerFactory.INSTANCE)
.applicationProtocolConfig(new ApplicationProtocolConfig(
Protocol.ALPN,
SelectorFailureBehavior.NO_ADVERTISE,
SelectedListenerFailureBehavior.ACCEPT,
ApplicationProtocolNames.HTTP_2))
.build();
} catch(SSLException exception) {
return null;
}
return sslCtx;
}
Example #6
| Source File: SslProvider.java From reactor-netty with Apache License 2.0 | 5 votes |
|
void updateDefaultConfiguration() {
switch (type) {
case H2:
sslContextBuilder.sslProvider(
io.netty.handler.ssl.SslProvider.isAlpnSupported(io.netty.handler.ssl.SslProvider.OPENSSL) ?
io.netty.handler.ssl.SslProvider.OPENSSL :
io.netty.handler.ssl.SslProvider.JDK)
.ciphers(Http2SecurityUtil.CIPHERS, SupportedCipherSuiteFilter.INSTANCE)
.applicationProtocolConfig(new ApplicationProtocolConfig(
ApplicationProtocolConfig.Protocol.ALPN,
ApplicationProtocolConfig.SelectorFailureBehavior.NO_ADVERTISE,
ApplicationProtocolConfig.SelectedListenerFailureBehavior.ACCEPT,
ApplicationProtocolNames.HTTP_2,
ApplicationProtocolNames.HTTP_1_1));
break;
case TCP:
sslContextBuilder.sslProvider(
OpenSsl.isAvailable() ?
io.netty.handler.ssl.SslProvider.OPENSSL :
io.netty.handler.ssl.SslProvider.JDK)
.ciphers(null, IdentityCipherSuiteFilter.INSTANCE)
.applicationProtocolConfig(null);
break;
case NONE:
break; //no default configuration
}
}
Example #7
| Source File: Http2Util.java From tutorials with MIT License | 5 votes |
|
public static SslContext createSSLContext(boolean isServer) throws SSLException, CertificateException {
SslContext sslCtx;
SelfSignedCertificate ssc = new SelfSignedCertificate();
if (isServer) {
sslCtx = SslContextBuilder.forServer(ssc.certificate(), ssc.privateKey())
.sslProvider(SslProvider.JDK)
.ciphers(Http2SecurityUtil.CIPHERS, SupportedCipherSuiteFilter.INSTANCE)
.applicationProtocolConfig(new ApplicationProtocolConfig(Protocol.ALPN,
SelectorFailureBehavior.NO_ADVERTISE,
SelectedListenerFailureBehavior.ACCEPT, ApplicationProtocolNames.HTTP_2, ApplicationProtocolNames.HTTP_1_1))
.build();
} else {
sslCtx = SslContextBuilder.forClient()
.sslProvider(SslProvider.JDK)
.ciphers(Http2SecurityUtil.CIPHERS, SupportedCipherSuiteFilter.INSTANCE)
.trustManager(InsecureTrustManagerFactory.INSTANCE)
.applicationProtocolConfig(new ApplicationProtocolConfig(Protocol.ALPN,
SelectorFailureBehavior.NO_ADVERTISE,
SelectedListenerFailureBehavior.ACCEPT, ApplicationProtocolNames.HTTP_2))
.build();
}
return sslCtx;
}
Example #8
| Source File: GrpcSslContexts.java From grpc-java with Apache License 2.0 | 5 votes |
|
/**
* Set ciphers and APN appropriate for gRPC. Precisely what is set is permitted to change, so if
* an application requires particular settings it should override the options set here.
*/
@CanIgnoreReturnValue
public static SslContextBuilder configure(SslContextBuilder builder, Provider jdkProvider) {
ApplicationProtocolConfig apc;
if (SUN_PROVIDER_NAME.equals(jdkProvider.getName())) {
// Jetty ALPN/NPN only supports one of NPN or ALPN
if (JettyTlsUtil.isJettyAlpnConfigured()) {
apc = ALPN;
} else if (JettyTlsUtil.isJettyNpnConfigured()) {
apc = NPN;
} else if (JettyTlsUtil.isJava9AlpnAvailable()) {
apc = ALPN;
} else {
throw new IllegalArgumentException(
SUN_PROVIDER_NAME + " selected, but Java 9+ and Jetty NPN/ALPN unavailable");
}
} else if (ConscryptLoader.isConscrypt(jdkProvider)) {
apc = ALPN;
} else {
throw new IllegalArgumentException("Unknown provider; can't configure: " + jdkProvider);
}
return builder
.sslProvider(SslProvider.JDK)
.ciphers(Http2SecurityUtil.CIPHERS, SupportedCipherSuiteFilter.INSTANCE)
.applicationProtocolConfig(apc)
.sslContextProvider(jdkProvider);
}
Example #9
| Source File: GrpcSslContexts.java From grpc-java with Apache License 2.0 | 5 votes |
|
/**
* Set ciphers and APN appropriate for gRPC. Precisely what is set is permitted to change, so if
* an application requires particular settings it should override the options set here.
*/
@ExperimentalApi("https://github.com/grpc/grpc-java/issues/1784")
@CanIgnoreReturnValue
public static SslContextBuilder configure(SslContextBuilder builder, SslProvider provider) {
switch (provider) {
case JDK:
{
Provider jdkProvider = findJdkProvider();
if (jdkProvider == null) {
throw new IllegalArgumentException(
"Could not find Jetty NPN/ALPN or Conscrypt as installed JDK providers");
}
return configure(builder, jdkProvider);
}
case OPENSSL:
{
ApplicationProtocolConfig apc;
if (OpenSsl.isAlpnSupported()) {
apc = NPN_AND_ALPN;
} else {
apc = NPN;
}
return builder
.sslProvider(SslProvider.OPENSSL)
.ciphers(Http2SecurityUtil.CIPHERS, SupportedCipherSuiteFilter.INSTANCE)
.applicationProtocolConfig(apc);
}
default:
throw new IllegalArgumentException("Unsupported provider: " + provider);
}
}
Example #10
| Source File: VerificationHost_t.java From gumtree-spoon-ast-diff with Apache License 2.0 | 5 votes |
|
public static void createAndAttachSSLClient(ServiceHost h) throws Throwable {
// we create a random userAgent string to validate host to host communication when
// the client appears to be from an external, non-Xenon source.
ServiceClient client = NettyHttpServiceClient.create(UUID.randomUUID().toString(),
null,
h.getScheduledExecutor(), h);
if (NettyChannelContext.isALPNEnabled()) {
SslContext http2ClientContext = SslContextBuilder.forClient()
.trustManager(InsecureTrustManagerFactory.INSTANCE)
.ciphers(Http2SecurityUtil.CIPHERS, SupportedCipherSuiteFilter.INSTANCE)
.applicationProtocolConfig(new ApplicationProtocolConfig(
ApplicationProtocolConfig.Protocol.ALPN,
ApplicationProtocolConfig.SelectorFailureBehavior.NO_ADVERTISE,
ApplicationProtocolConfig.SelectedListenerFailureBehavior.ACCEPT,
ApplicationProtocolNames.HTTP_2))
.build();
((NettyHttpServiceClient) client).setHttp2SslContext(http2ClientContext);
}
SSLContext clientContext = SSLContext.getInstance(ServiceClient.TLS_PROTOCOL_NAME);
clientContext.init(null, InsecureTrustManagerFactory.INSTANCE.getTrustManagers(), null);
client.setSSLContext(clientContext);
h.setClient(client);
SelfSignedCertificate ssc = new SelfSignedCertificate();
h.setCertificateFileReference(ssc.certificate().toURI());
h.setPrivateKeyFileReference(ssc.privateKey().toURI());
}
Example #11
| Source File: VerificationHost_s.java From gumtree-spoon-ast-diff with Apache License 2.0 | 5 votes |
|
public static void createAndAttachSSLClient(ServiceHost h) throws Throwable {
// we create a random userAgent string to validate host to host communication when
// the client appears to be from an external, non-Xenon source.
ServiceClient client = NettyHttpServiceClient.create(UUID.randomUUID().toString(),
null,
h.getScheduledExecutor(), h);
if (NettyChannelContext.isALPNEnabled()) {
SslContext http2ClientContext = SslContextBuilder.forClient()
.trustManager(InsecureTrustManagerFactory.INSTANCE)
.ciphers(Http2SecurityUtil.CIPHERS, SupportedCipherSuiteFilter.INSTANCE)
.applicationProtocolConfig(new ApplicationProtocolConfig(
ApplicationProtocolConfig.Protocol.ALPN,
ApplicationProtocolConfig.SelectorFailureBehavior.NO_ADVERTISE,
ApplicationProtocolConfig.SelectedListenerFailureBehavior.ACCEPT,
ApplicationProtocolNames.HTTP_2))
.build();
((NettyHttpServiceClient) client).setHttp2SslContext(http2ClientContext);
}
SSLContext clientContext = SSLContext.getInstance(ServiceClient.TLS_PROTOCOL_NAME);
clientContext.init(null, InsecureTrustManagerFactory.INSTANCE.getTrustManagers(), null);
client.setSSLContext(clientContext);
h.setClient(client);
SelfSignedCertificate ssc = new SelfSignedCertificate();
h.setCertificateFileReference(ssc.certificate().toURI());
h.setPrivateKeyFileReference(ssc.privateKey().toURI());
}
Example #12
| Source File: GrpcSslContexts.java From grpc-nebula-java with Apache License 2.0 | 5 votes |
|
/**
* Set ciphers and APN appropriate for gRPC. Precisely what is set is permitted to change, so if
* an application requires particular settings it should override the options set here.
*/
@ExperimentalApi("https://github.com/grpc/grpc-java/issues/1784")
@CanIgnoreReturnValue
public static SslContextBuilder configure(SslContextBuilder builder, SslProvider provider) {
switch (provider) {
case JDK:
{
Provider jdkProvider = findJdkProvider();
if (jdkProvider == null) {
throw new IllegalArgumentException(
"Could not find Jetty NPN/ALPN or Conscrypt as installed JDK providers");
}
return configure(builder, jdkProvider);
}
case OPENSSL:
{
ApplicationProtocolConfig apc;
if (OpenSsl.isAlpnSupported()) {
apc = NPN_AND_ALPN;
} else {
apc = NPN;
}
return builder
.sslProvider(SslProvider.OPENSSL)
.ciphers(Http2SecurityUtil.CIPHERS, SupportedCipherSuiteFilter.INSTANCE)
.applicationProtocolConfig(apc);
}
default:
throw new IllegalArgumentException("Unsupported provider: " + provider);
}
}
Example #13
| Source File: ChannelPipelineInitializerTest.java From aws-sdk-java-v2 with Apache License 2.0 | 5 votes |
|
@Test
public void channelConfigOptionCheck() throws SSLException {
targetUri = URI.create("https://some-awesome-service-1234.amazonaws.com:8080");
SslContext sslContext = SslContextBuilder.forClient()
.sslProvider(SslProvider.JDK)
.ciphers(Http2SecurityUtil.CIPHERS, SupportedCipherSuiteFilter.INSTANCE)
.build();
AtomicReference<ChannelPool> channelPoolRef = new AtomicReference<>();
NettyConfiguration nettyConfiguration = new NettyConfiguration(GLOBAL_HTTP_DEFAULTS);
pipelineInitializer = new ChannelPipelineInitializer(Protocol.HTTP1_1,
sslContext,
SslProvider.JDK,
100,
1024,
Duration.ZERO,
channelPoolRef,
nettyConfiguration,
targetUri);
Channel channel = new EmbeddedChannel();
pipelineInitializer.channelCreated(channel);
assertThat(channel.config().getOption(ChannelOption.ALLOCATOR), is(UnpooledByteBufAllocator.DEFAULT));
}
Example #14
| Source File: TlsUtil.java From nitmproxy with MIT License | 5 votes |
|
public static SslContext ctxForServer(NitmProxyConfig config, String serverHost) throws SSLException {
Certificate certificate = CertUtil.newCert(config.getCertFile(), config.getKeyFile(), serverHost);
return SslContextBuilder
.forServer(certificate.getKeyPair().getPrivate(), certificate.getChain())
.ciphers(Http2SecurityUtil.CIPHERS, SupportedCipherSuiteFilter.INSTANCE)
.applicationProtocolConfig(applicationProtocolConfig(config, config.isClientHttp2()))
.build();
}
Example #15
| Source File: TlsUtil.java From nitmproxy with MIT License | 5 votes |
|
public static SslContext ctxForClient(NitmProxyConfig config) throws SSLException {
SslContextBuilder builder = SslContextBuilder
.forClient()
.ciphers(Http2SecurityUtil.CIPHERS, SupportedCipherSuiteFilter.INSTANCE)
.applicationProtocolConfig(applicationProtocolConfig(config, config.isServerHttp2()));
if (config.isInsecure()) {
builder.trustManager(InsecureTrustManagerFactory.INSTANCE);
}
return builder.build();
}
Example #16
| Source File: GrpcSslContexts.java From grpc-nebula-java with Apache License 2.0 | 5 votes |
|
/**
* Set ciphers and APN appropriate for gRPC. Precisely what is set is permitted to change, so if
* an application requires particular settings it should override the options set here.
*/
@CanIgnoreReturnValue
public static SslContextBuilder configure(SslContextBuilder builder, Provider jdkProvider) {
ApplicationProtocolConfig apc;
if (SUN_PROVIDER_NAME.equals(jdkProvider.getName())) {
// Jetty ALPN/NPN only supports one of NPN or ALPN
if (JettyTlsUtil.isJettyAlpnConfigured()) {
apc = ALPN;
} else if (JettyTlsUtil.isJettyNpnConfigured()) {
apc = NPN;
} else if (JettyTlsUtil.isJava9AlpnAvailable()) {
apc = ALPN;
} else {
throw new IllegalArgumentException(
SUN_PROVIDER_NAME + " selected, but Jetty NPN/ALPN unavailable");
}
} else if (isConscrypt(jdkProvider)) {
apc = ALPN;
} else {
throw new IllegalArgumentException("Unknown provider; can't configure: " + jdkProvider);
}
return builder
.sslProvider(SslProvider.JDK)
.ciphers(Http2SecurityUtil.CIPHERS, SupportedCipherSuiteFilter.INSTANCE)
.applicationProtocolConfig(apc)
.sslContextProvider(jdkProvider);
}
Example #17
| Source File: THttp2Client.java From armeria with Apache License 2.0 | 4 votes |
|
THttp2Client(String uriStr, HttpHeaders defaultHeaders) throws TTransportException {
uri = URI.create(uriStr);
this.defaultHeaders = defaultHeaders;
int port;
switch (uri.getScheme()) {
case "http":
port = uri.getPort();
if (port < 0) {
port = 80;
}
sslCtx = null;
break;
case "https":
port = uri.getPort();
if (port < 0) {
port = 443;
}
try {
sslCtx = SslContextBuilder.forClient()
.ciphers(Http2SecurityUtil.CIPHERS, SupportedCipherSuiteFilter.INSTANCE)
.trustManager(InsecureTrustManagerFactory.INSTANCE)
.applicationProtocolConfig(new ApplicationProtocolConfig(
Protocol.ALPN,
// NO_ADVERTISE is currently the only mode supported by both OpenSsl and
// JDK providers.
SelectorFailureBehavior.NO_ADVERTISE,
// ACCEPT is currently the only mode supported by both OpenSsl and
// JDK providers.
SelectedListenerFailureBehavior.ACCEPT,
ApplicationProtocolNames.HTTP_2))
.build();
} catch (SSLException e) {
throw new TTransportException(TTransportException.UNKNOWN, e);
}
break;
default:
throw new IllegalArgumentException("unknown scheme: " + uri.getScheme());
}
final String host = uri.getHost();
if (host == null) {
throw new IllegalArgumentException("host not specified: " + uriStr);
}
final String path = uri.getPath();
if (path == null) {
throw new IllegalArgumentException("path not specified: " + uriStr);
}
this.host = host;
this.port = port;
this.path = path;
}
Example #18
| Source File: Http2Server.java From netty-4.1.22 with Apache License 2.0 | 4 votes |
|
public static void main(String[] args) throws Exception {
// Configure SSL.
final SslContext sslCtx;
if (SSL) {
SslProvider provider = OpenSsl.isAlpnSupported() ? SslProvider.OPENSSL : SslProvider.JDK;
SelfSignedCertificate ssc = new SelfSignedCertificate();
sslCtx = SslContextBuilder.forServer(ssc.certificate(), ssc.privateKey())
.sslProvider(provider)
/* NOTE: the cipher filter may not include all ciphers required by the HTTP/2 specification.
* Please refer to the HTTP/2 specification for cipher requirements. */
.ciphers(Http2SecurityUtil.CIPHERS, SupportedCipherSuiteFilter.INSTANCE)
.applicationProtocolConfig(new ApplicationProtocolConfig(
Protocol.ALPN,
// NO_ADVERTISE is currently the only mode supported by both OpenSsl and JDK providers.
SelectorFailureBehavior.NO_ADVERTISE,
// ACCEPT is currently the only mode supported by both OpenSsl and JDK providers.
SelectedListenerFailureBehavior.ACCEPT,
ApplicationProtocolNames.HTTP_2,
ApplicationProtocolNames.HTTP_1_1))
.build();
} else {
sslCtx = null;
}
// Configure the server.
EventLoopGroup group = new NioEventLoopGroup();
try {
ServerBootstrap b = new ServerBootstrap();
b.option(ChannelOption.SO_BACKLOG, 1024);
b.group(group)
.channel(NioServerSocketChannel.class)
.handler(new LoggingHandler(LogLevel.INFO))
.childHandler(new Http2ServerInitializer(sslCtx));
Channel ch = b.bind(PORT).sync().channel();
System.err.println("Open your HTTP/2-enabled web browser and navigate to " +
(SSL? "https" : "http") + "://127.0.0.1:" + PORT + '/');
ch.closeFuture().sync();
} finally {
group.shutdownGracefully();
}
}
Example #19
| Source File: Http2Server.java From netty-4.1.22 with Apache License 2.0 | 4 votes |
|
public static void main(String[] args) throws Exception {
// Configure SSL.
final SslContext sslCtx;
if (SSL) {
SslProvider provider = OpenSsl.isAlpnSupported() ? SslProvider.OPENSSL : SslProvider.JDK;
SelfSignedCertificate ssc = new SelfSignedCertificate();
sslCtx = SslContextBuilder.forServer(ssc.certificate(), ssc.privateKey())
.sslProvider(provider)
/* NOTE: the cipher filter may not include all ciphers required by the HTTP/2 specification.
* Please refer to the HTTP/2 specification for cipher requirements. */
.ciphers(Http2SecurityUtil.CIPHERS, SupportedCipherSuiteFilter.INSTANCE)
.applicationProtocolConfig(new ApplicationProtocolConfig(
Protocol.ALPN,
// NO_ADVERTISE is currently the only mode supported by both OpenSsl and JDK providers.
SelectorFailureBehavior.NO_ADVERTISE,
// ACCEPT is currently the only mode supported by both OpenSsl and JDK providers.
SelectedListenerFailureBehavior.ACCEPT,
ApplicationProtocolNames.HTTP_2,
ApplicationProtocolNames.HTTP_1_1))
.build();
} else {
sslCtx = null;
}
// Configure the server.
EventLoopGroup group = new NioEventLoopGroup();
try {
ServerBootstrap b = new ServerBootstrap();
b.option(ChannelOption.SO_BACKLOG, 1024);
b.group(group)
.channel(NioServerSocketChannel.class)
.handler(new LoggingHandler(LogLevel.INFO))
.childHandler(new Http2ServerInitializer(sslCtx));
Channel ch = b.bind(PORT).sync().channel();
System.err.println("Open your HTTP/2-enabled web browser and navigate to " +
(SSL? "https" : "http") + "://127.0.0.1:" + PORT + '/');
ch.closeFuture().sync();
} finally {
group.shutdownGracefully();
}
}
Example #20
| Source File: Http2Server.java From netty-4.1.22 with Apache License 2.0 | 4 votes |
|
public static void main(String[] args) throws Exception {
// Configure SSL.
final SslContext sslCtx;
if (SSL) {
SslProvider provider = OpenSsl.isAlpnSupported() ? SslProvider.OPENSSL : SslProvider.JDK;
SelfSignedCertificate ssc = new SelfSignedCertificate();
sslCtx = SslContextBuilder.forServer(ssc.certificate(), ssc.privateKey())
.sslProvider(provider)
/* NOTE: the cipher filter may not include all ciphers required by the HTTP/2 specification.
* Please refer to the HTTP/2 specification for cipher requirements. */
.ciphers(Http2SecurityUtil.CIPHERS, SupportedCipherSuiteFilter.INSTANCE)
.applicationProtocolConfig(new ApplicationProtocolConfig(
Protocol.ALPN,
// NO_ADVERTISE is currently the only mode supported by both OpenSsl and JDK providers.
SelectorFailureBehavior.NO_ADVERTISE,
// ACCEPT is currently the only mode supported by both OpenSsl and JDK providers.
SelectedListenerFailureBehavior.ACCEPT,
ApplicationProtocolNames.HTTP_2,
ApplicationProtocolNames.HTTP_1_1))
.build();
} else {
sslCtx = null;
}
// Configure the server.
EventLoopGroup group = new NioEventLoopGroup();
try {
ServerBootstrap b = new ServerBootstrap();
b.option(ChannelOption.SO_BACKLOG, 1024);
b.group(group)
.channel(NioServerSocketChannel.class)
.handler(new LoggingHandler(LogLevel.INFO))
.childHandler(new Http2ServerInitializer(sslCtx));
Channel ch = b.bind(PORT).sync().channel();
System.err.println("Open your HTTP/2-enabled web browser and navigate to " +
(SSL? "https" : "http") + "://127.0.0.1:" + PORT + '/');
ch.closeFuture().sync();
} finally {
group.shutdownGracefully();
}
}
