Netty 4.1 How to restart SSL session/handshake (hello request) from server side

Question

I'm newbie on Netty framework and i don't know how to send OpenSSL 'hello request' from server side.

Netty SSlHandler:

Restarting the session

To restart the SSL session, you must remove the existing closed SslHandler from the ChannelPipeline, insert a new SslHandler with a new SSLEngine into the pipeline, and start the handshake process as described in the first section.

I have HTTPS server based on SnoopServer example, but when I'm trying to restart ssl nothing works as expected.

e.g.

// reset ssl session from server's HttpHandler 
SslContext sslCtx = null;
SelfSignedCertificate selfSignedCert;
try {
    selfSignedCert = new SelfSignedCertificate();
    sslCtx = SslContextBuilder.forServer(selfSignedCert.certificate(), selfSignedCert.privateKey()).sslProvider(SslProvider.JDK).build();
    } catch (CertificateException | SSLException e) {
        // TODO Auto-generated catch block
        e.printStackTrace();
    }

((SslHandler) ctx.pipeline().get("ssl")).close(ctx, ctx.newPromise());

if (ctx.pipeline().remove("ssl") != null && sslCtx != null) {
   ctx.pipeline().addFirst("sslNew", sslCtx.newHandler(ctx.channel().alloc()));
}

I need to restart the session because it is the unique way to restart handshake as explained in netty.io docs.

Then I need to ask: Are there any way to request the client hello from netty https snoop server?.

OpenSSL has the capability to send helloRequest from server to client and wait to the "Client Hello" but how?

Answer 1

You can start a new handshake any time you like, and you certainly do not need a new SSLEngine for that.

However this either

• updates the current session, at a minimum by establishing a new session key, or possibly changing the cipher suite or acquiring a peer certificate, or
• creates a new session if you have invalidated the old session.

it does not 'restart' the session. There is no such operation.