akka-http icon indicating copy to clipboard operation
akka-http copied to clipboard

Published 20 hours ago verified publisher icon akka

Explore how to reduce the TLS setup

Open ignasi35 opened this issue 4 years ago • 3 comments

The amount of code to setup HTTPS could be simplified for the most common cases:

  1. input is a PKCS#12 with all private keys and certificates required
  2. input are two files: a PKCS#1 private key on a PEM file, and a x.509 certificate on a .crt file.

ignasi35 avatar Feb 24 '21 17:02 ignasi35

Deprecating AkkaSSLConfig in Akka 2.6 made this a bit more necessary since the deprecated code:

  private val httpsConfig =
    AkkaSSLConfig()(system).mapSettings(s =>
      s.withTrustManagerConfig(s.trustManagerConfig.withTrustStoreConfigs(Seq(httpsTrustStoreConfig))))

  private val httpsContext = http.createClientHttpsContext(httpsConfig)

Now uses two deprecated APIs.

ignasi35 avatar May 03 '21 09:05 ignasi35

A possible solution would be reusing the PemManagersProvider introduced in https://github.com/akka/akka/pull/29152/files#diff-912cb92888b9d4cc775b16b16c0f8701a67c4329d3fb3e4c3bfb9e5df7ca7839 so building an SSLContext from PEM files becomes a lot simpler.

ignasi35 avatar May 03 '21 10:05 ignasi35

Case 2 in progress in #4359

johanandren avatar Mar 04 '24 15:03 johanandren

Closing this even though we didn't do anything around PKCS#12, let's create a new issue tracking that if we decide it is needed in the future.

johanandren avatar Mar 28 '24 08:03 johanandren