SSL and NIO ( and tomcat )
Tomcat supports SSL using ServerSocketFactory, an old abstraction designed to support JSSE and PureTLS and similar solutions. APR was the first to break with this, and is implementing SSL using OpenSSL directly in the endpoint. NIO is not supporting old-style JSSE either, instead using SSLEngine. Jk is also not using ServerSocketFactory, but ajp protocol to delegate to the real server.
In my sandbox experiment, I'm thinking to just move all 'old style' endpoing and ssl to a separate package and clean up the util.net package. What APR is doing seems like the right solution - the endpoint should have full control over both socket and threading model. This is not only simpler, but will resolve a lot of interdeps and reduce the code size.
Posted by costin at January 03, 2006 12:36 PM
Disabled due to spam. Click on the link to post a comment, it'll be sent in email ( and thus usual mail spam filters and blacklist applied ). It may be made accessible later on, but code needs to be written for that.