mirrors/nomulus
1
0
Fork 0
mirror of https://github.com/google/nomulus synced 2026-01-03 11:45:39 +00:00
Code Issues Releases Wiki Activity

Update proxy resources, increase ssl handshake timeout (#2819)

Browse Source
This commit is contained in:
Pavlo Tkach
2025-09-05 14:09:55 -04:00
committed by GitHub
parent 77ab80f3dc
commit 6bbd7a2290
9 changed files with 41 additions and 25 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
networking/src/main/java/google/registry/networking/handler/SslClientInitializer.java
View File

@@ -119,6 +119,7 @@ public class SslClientInitializer<C extends Channel> extends ChannelInitializer<
sslContextBuilder
.build()
.newHandler(channel.alloc(), hostProvider.apply(channel), portProvider.apply(channel));
sslHandler.setHandshakeTimeoutMillis(20000);
// Enable hostname verification.
SSLEngine sslEngine = sslHandler.engine();

20
networking/src/main/java/google/registry/networking/handler/SslServerInitializer.java
View File

@@ -139,6 +139,8 @@ public class SslServerInitializer<C extends Channel> extends ChannelInitializer<
logger.atInfo().log("Available Cipher Suites: %s", sslContext.cipherSuites());
SslHandler sslHandler = sslContext.newHandler(channel.alloc());
sslHandler.setHandshakeTimeoutMillis(20000);
if (requireClientCert) {
Promise<X509Certificate> clientCertificatePromise = channel.eventLoop().newPromise();
Future<Channel> unusedFuture =
@@ -159,15 +161,15 @@ public class SslServerInitializer<C extends Channel> extends ChannelInitializer<
}
logger.atInfo().log(
"""
--SSL Information--
Client Certificate Hash: %s
SSL Protocol: %s
Cipher Suite: %s
Not Before: %s
Not After: %s
Client Certificate Type: %s
Client Certificate Length: %s
""",
--SSL Information--
Client Certificate Hash: %s
SSL Protocol: %s
Cipher Suite: %s
Not Before: %s
Not After: %s
Client Certificate Type: %s
Client Certificate Length: %s
""",
getCertificateHash(clientCertificate),
sslSession.getProtocol(),
sslSession.getCipherSuite(),