7

I'm writing a server using java NIO, and I have a few questions that I can't find answers to.

First, regarding SSLEngine, how to handle NEED_TASK properly in separated thread? When I invoke tasks in separate thread they complete, but I have no idea how to go back to perform another handshake operation. One option would be to call that operation from a thread that was performing delegated task, but I guess that's not the way to do it.

Another question is about calling interestOps() from different thread then selector thread. I need to change key interests after an attempt to write to channel hadn't written all data. I thought about using some sort of Queue of changes like in ROX NIO tutorial, but I have read in another thread here that it is not the best way.

Scolytus
  • 16,338
  • 6
  • 46
  • 69
user1418979
  • 123
  • 1
  • 8

1 Answers1

3

first regarding SSLEngine, how to handle NEED_TASK properly in separated thread. When I invoke tasks in separate thread they complete, but I have no idea how to go back to perform another handshake operations.

While the engine is in NEED_TASK state it can't do anything else. When the task completes you should then repeat the operation that originally returned NEED_TASK and let the engine tell you what to do next. You need to block or disable use of that engine by other threads until the task completes, i.e. don't select on that channel.

Another question is about calling interestOps() from different thread then selector thread. I need to change key interests after an attempt to write to channel hadn't written all data. I thought about using some sort of Queue of changes like in ROX NIO tutorial, but I have read in another thread here that it is not the best way.

That would have been me. I hate those queues. I just wakeup() the selector and change the interestOps, never seen a problem with that. The selector thread has to cope correctly with zero keys being ready, but it already needs to do that.

user207421
  • 305,947
  • 44
  • 307
  • 483
  • I'm not sure which of these two solutions you refer to, but I have a complete, commercially available implementation of an SSLSocketChannel/SSLSelector/SSLServerSocketChannel product that uses the SSLEngine internally and is packaged as a SelectorProvider. Details on request. – user207421 Dec 30 '12 at 19:17
  • The second answer is clear, and that's what I'm going to do. About first I still have some doubts. I have to resume the last operation that called NEED_TASK that is clear, but I have no idea how to do that, the only thing I can think of is resuming it from thread that completed task, but that would move execution of read/write from selector thread. Could you give me perhaps some hint how to proceed – user1418979 Dec 30 '12 at 19:28
  • 1
    I'm looking for GPL implementation of Java SSLengine + NIO. Do you know where I can find free code example? – Peter Penzov Dec 30 '12 at 19:28
  • 1
    @user1418979 It depends totally on how the rest of your code is organised. I have an SSLSelector so I can wake it up from the task thread and restore the channel key's interestOps, which will ultimately cause OP_READ or OP_WRITE to fire, which will cause the application to repeat the original operation. Your mileage will vary :-) – user207421 Dec 30 '12 at 19:54
  • @PeterPenzov There should be one in the Apache Tomcat NIO Connector, and there may be one in Netty as well. However all the SSLEngine code I've ever seen, except mine :-), fails to handle re-handshakes correctly. – user207421 Dec 30 '12 at 19:56
  • Ok thanks for help, I'm going to try something similar with regular selector. I'm marking your answer as correct, thank you again – user1418979 Dec 30 '12 at 19:57
  • @PeterPenzov Performance of these things is determined by the crypto code and the network, not by what you put around it, except I guess in the case of major incompetence. – user207421 Dec 30 '12 at 19:59
  • For those interested, I have written something to make using SSLEngine slightly easier. It can be used with NIO or for other use cases. [Available here SSLFacade](https://github.com/kashifrazzaqui/sslfacade) – keios Jun 25 '13 at 17:48