[英]Java non-blocking TLS PSK
I'm working with a framework (Vertx 2) and need to implement a service that runs on top of TLS. 我正在使用框架(Vertx 2),需要实现在TLS之上运行的服务。 Vertx 2 has support for TLS, but I cannot get it to use the necessary ciphers (among others):
Vertx 2支持TLS,但我无法使用它来使用必需的密码(以及其他密码):
I also cannot use the Bouncy Castle lightweight API as it is stream-based and blocks (spawning threads etc. to deal with this is not acceptable as that will not scale). 我也不能使用Bouncy Castle轻量级API,因为它是基于流的,并且块(生成线程等用于处理此问题是不可接受的,因为这将无法扩展)。 The same goes for JESSIE.
JESSIE也是如此。
It must use AES & DES with pre-shared keys, but I've been unable to find a way to get this to work. 它必须使用带有预共享密钥的AES和DES,但是我一直无法找到一种方法来使其工作。 Any solution which is non-blocking/async is workable.
任何非阻塞/异步的解决方案都是可行的。
If you're on Linux or OSX, Conscrypt ( https://conscrypt.org ) might be an option. 如果您使用的是Linux或OSX,则可以选择Conscrypt( https://conscrypt.org )。 This is an OpenSSL/BoringSSL backed JCA Provider which will give you an SSLEngine impl which you can then use with Java NIO in non-blocking mode.
这是一个由OpenSSL / BoringSSL支持的JCA Provider,它将为您提供一个SSLEngine的实现,然后您可以在非阻塞模式下将其与Java NIO一起使用。 For context, Conscrypt is the default provider of crypto and TLS/SSL primitives on Android.
就上下文而言,Conscrypt是Android上默认的加密和TLS / SSL原语提供程序。
To use it with TLS-PSK, you'll need to initialize a Conscrypt-provided SSLContext with an implementation of org.conscrypt.PSKKeyManager and then obtain an SSLEngine from that context. 要将其与TLS-PSK一起使用,您需要使用org.conscrypt.PSKKeyManager的实现来初始化Conscrypt提供的SSLContext,然后从该上下文中获取SSLEngine。 For documentation, see PSKKeyManager interface Javadoc or Javadoc of very similar Android framework class PskKeyManager ( https://developer.android.com/reference/android/net/PskKeyManager.html ).
有关文档,请参见PSKKeyManager接口Javadoc或非常相似的Android框架类PskKeyManager( https://developer.android.com/reference/android/net/PskKeyManager.html )的Javadoc。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.