Add option to set ALPN

chenrui2200 · Aug 12, 2016 · 0609ec4 · 0609ec4
1 parent 6616e6a
commit 0609ec4
Show file tree

Hide file tree

Showing 2 changed files with 17 additions and 1 deletion.
diff --git a/nifty-ssl/src/main/java/com/facebook/nifty/ssl/NiftyOpenSslServerContext.java b/nifty-ssl/src/main/java/com/facebook/nifty/ssl/NiftyOpenSslServerContext.java
@@ -207,6 +207,10 @@ public NiftyOpenSslServerContext(
 
                     SSLContext.setNextProtos(ctx, nextProtocolBuf.toString());
                 }
+                if (this.nextProtocols != null && !this.nextProtocols.isEmpty()) {
+                    String[] alpnArray = this.nextProtocols.toArray(new String[0]);
+                    SSLContext.setAlpnProtos(ctx, alpnArray, SSL.SSL_SELECTOR_FAILURE_CHOOSE_MY_LAST_PROTOCOL);
+                }
 
                 /* Set session cache size, if specified */
                 if (sessionCacheSize > 0) {

diff --git a/nifty-ssl/src/main/java/com/facebook/nifty/ssl/OpenSslServerConfiguration.java b/nifty-ssl/src/main/java/com/facebook/nifty/ssl/OpenSslServerConfiguration.java
@@ -16,6 +16,7 @@
 package com.facebook.nifty.ssl;
 
 import com.google.common.base.Throwables;
+import com.google.common.collect.ImmutableList;
 import org.apache.tomcat.jni.SSL;
 import org.apache.tomcat.jni.SessionTicketKey;
 
@@ -35,6 +36,7 @@ public static class Builder extends SslServerConfiguration.BuilderBase<Builder>
         public String sessionContext = "thrift";
         public long sessionTimeoutSeconds = 86400;
         public SSLVersion sslVersion = SSLVersion.TLS1_2;
+        public Iterable<String> nextProtocols = ImmutableList.of("thrift");
 
         public Builder() {
             this.ciphers = SslDefaults.SERVER_DEFAULTS;
@@ -50,6 +52,14 @@ public Builder ticketKeys(SessionTicketKey[] ticketKeys) {
             return this;
         }
 
+        /**
+         * Sets the next protocols which will be set to both ALPN as well as NPN.
+         */
+        public Builder nextProtocols(Iterable<String> nextProtocols) {
+            this.nextProtocols = nextProtocols;
+            return this;
+        }
+
         /**
          * Can be used to separate the tickets issued from different services
          * generated with the same key.
@@ -82,13 +92,15 @@ protected SslServerConfiguration createServerConfiguration() {
     public final byte[] sessionContext;
     public final long sessionTimeoutSeconds;
     public final SSLVersion sslVersion;
+    public final Iterable<String> nextProtocols;
 
     private OpenSslServerConfiguration(Builder builder) {
         super(builder);
         this.ticketKeys = builder.ticketKeys;
         this.sessionContext = builder.sessionContext.getBytes();
         this.sessionTimeoutSeconds = builder.sessionTimeoutSeconds;
         this.sslVersion = builder.sslVersion;
+        this.nextProtocols = builder.nextProtocols;
     }
 
     public static OpenSslServerConfiguration.Builder newBuilder() {
@@ -109,7 +121,7 @@ protected SslHandlerFactory createSslHandlerFactory() {
                     null,
                     ciphers,
                     sslVersionInt,
-                    null,
+                    nextProtocols,
                     0,
                     0);
             if (this.ticketKeys != null) {