Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Update SecureSocket API of HTTP #917

Closed
ldclakmal opened this issue Jan 29, 2021 · 0 comments · Fixed by ballerina-platform/module-ballerina-http#255
Closed

Update SecureSocket API of HTTP #917

ldclakmal opened this issue Jan 29, 2021 · 0 comments · Fixed by ballerina-platform/module-ballerina-http#255
Assignees
@ldclakmal
Labels
Area/Security Issues related to stdlib security module/http Team/PCM Protocol connector packages related issues Type/Improvement Verson/SwanLakeDump All issues planned for Swan Lake GA release
Milestone
Swan Lake Alpha3

Comments

@ldclakmal
Copy link
Member

ldclakmal commented Jan 29, 2021
edited
Loading

Description
Need to update SecureSocket API of ballerina/http module.

Currently, the HTTP ListenerSecureSocket and ClientSecureSocket APIs are as follows:

public type ListenerSecureSocket record {|
    crypto:TrustStore? trustStore = ();
    crypto:KeyStore? keyStore = ();
    string certFile = "";
    string keyFile = "";
    string keyPassword = "";
    string trustedCertFile = "";
    Protocols? protocol = ();
    ValidateCert? certValidation = ();
    string[] ciphers = ["TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256", "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256",
                        "TLS_DHE_RSA_WITH_AES_128_CBC_SHA256", "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA",
                        "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA", "TLS_DHE_RSA_WITH_AES_128_CBC_SHA",
                        "TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256", "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256",
                        "TLS_DHE_RSA_WITH_AES_128_GCM_SHA256"];
    string sslVerifyClient = "";
    boolean shareSession = true;
    int? handshakeTimeoutInSeconds = ();
    int? sessionTimeoutInSeconds = ();
    ListenerOcspStapling? ocspStapling = ();
|};
public type ClientSecureSocket record {|
    boolean disable = false;
    crypto:TrustStore? trustStore = ();
    crypto:KeyStore? keyStore = ();
    string certFile = "";
    string keyFile = "";
    string keyPassword = "";
    string trustedCertFile = "";
    Protocols? protocol = ();
    ValidateCert? certValidation = ();
    string[] ciphers = [];
    boolean verifyHostname = true;
    boolean shareSession = true;
    boolean ocspStapling = false;
    int handshakeTimeoutInSeconds?;
    int sessionTimeoutInSeconds?;
|};

Design doc: https://docs.google.com/document/d/1Y2kLTOw9-sRK1vSEzw5NYdWSA4nwVCvPf3wrbwNDA4s/edit?usp=sharing
@ldclakmal ldclakmal self-assigned this Jan 29, 2021
@ldclakmal ldclakmal mentioned this issue Jan 29, 2021
Closed
45 tasks
@ldclakmal ldclakmal added the Verson/SwanLakeDump All issues planned for Swan Lake GA release label Feb 1, 2021
@anupama-pathirage anupama-pathirage added the Team/PCM Protocol connector packages related issues label Mar 1, 2021
@ldclakmal ldclakmal added this to the Swan Lake Alpha3 milestone Mar 4, 2021
@ldclakmal ldclakmal mentioned this issue Mar 5, 2021
Merged
@ldclakmal ldclakmal changed the title Revisit SecureSocket API across all StdLibs Revisit SecureSocket API of HTTP Mar 8, 2021
@ldclakmal ldclakmal changed the title Revisit SecureSocket API of HTTP Update SecureSocket API of HTTP Mar 8, 2021
@Bhashinee Bhashinee mentioned this issue Mar 9, 2021
Closed
@ldclakmal ldclakmal added the Area/Security Issues related to stdlib security label Sep 28, 2021
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@ldclakmal ldclakmal

Labels
Area/Security Issues related to stdlib security module/http Team/PCM Protocol connector packages related issues Type/Improvement Verson/SwanLakeDump All issues planned for Swan Lake GA release
Projects
None yet
Milestone
Swan Lake Alpha3
Development

Successfully merging a pull request may close this issue.

Redesign HTTP listener/client SecureSocket API ldclakmal/module-ballerina-http
2 participants
@ldclakmal @anupama-pathirage