content/mina-project/2.2-vs-2.1.html - mina-site - Git at Google

 <!DOCTYPE html>

 <html lang="en">
 <head>
     <title>MINA 2.2.x vs MINA 2.1.x &mdash; Apache MINA</title>

     <link href="/assets/css/common.css" rel="stylesheet" type="text/css"/>
     <link href="/assets/css/mina.css" rel="stylesheet" type="text/css"/>
 </head>
 <body>
 <script src="https://www.apachecon.com/event-images/snippet.js"></script>
 <div id="container">
     <div id="header">
     <div id="subProjectsNavBar">
         <a href="/">

                 Apache MINA Project

         </a>
         &nbsp;|&nbsp;
         <a href="/mina-project/">

                 <strong>MINA</strong>

         </a>
         &nbsp;|&nbsp;
         <a href="/asyncweb-project/">

                 AsyncWeb

         </a>
         &nbsp;|&nbsp;
         <a href="/ftpserver-project/">

                 FtpServer

         </a>
         &nbsp;|&nbsp;
         <a href="/sshd-project/">

                 SSHD

         </a>
         &nbsp;|&nbsp;
         <a href="/vysper-project/">

                 Vysper

         </a>
     </div>
 </div>


     <div id="content">
         <div id="leftColumn">
             <div id="navigation">
                 <a class="acevent" data-format="wide" data-width="170"></a>
                 <h5>Social Networks</h5>
                 <ul>
                     <li><a href="https://fosstodon.org/@apachemina">Apache MINA Mastodon</a></li>
                 </ul>
                 <h5>Latest Downloads</h5>
                 <ul>
                     <li><a href="/mina-project/downloads_2_0.html">Mina 2.0.25</a></li>
                     <li><a href="/mina-project/downloads_2_1.html">Mina 2.1.8</a></li>
                     <li><a href="/mina-project/downloads_2_2.html">Mina 2.2.3</a></li>
                     <li><a href="/mina-project/downloads_old.html">Mina old versions</a></li>
                 </ul>
                 <h5>Documentation</h5>
                 <ul>
                     <li><a href="/mina-project/documentation.html" class="external-link" rel="nofollow">Base documentation</a></li>
                     <li><a href="/mina-project/userguide/user-guide-toc.html" class="external-link" rel="nofollow">User guide</a></li>
                     <li><a href="/mina-project/2.2-vs-2.1.html" class="external-link" rel="nofollow">2.2 vs 2.1</a></li>
                     <li><a href="/mina-project/2.1-vs-2.0.html" class="external-link" rel="nofollow">2.1 vs 2.0</a></li>
                     <li><a href="/mina-project/features.html" class="external-link" rel="nofollow">Features</a></li>
                     <li><a href="/mina-project/road-map.html" class="external-link" rel="nofollow">Road Map</a></li>
                     <li><a href="/mina-project/quick-start-guide.html" class="external-link" rel="nofollow">Quick Start Guide</a></li>
                     <li><a href="/mina-project/faq.html" class="external-link" rel="nofollow">FAQ</a></li>
                 </ul>
                 <h5>Resources</h5>
                 <ul>
                     <li><a href="/mina-project/mailing-lists.html" class="external-link" rel="nofollow">Mailing lists &amp; IRC</a></li>
                     <li><a href="/mina-project/issue-tracking.html" class="external-link" rel="nofollow">Issue tracking</a></li>
                     <li><a href="/mina-project/sources.html" class="external-link" rel="nofollow">Sources</a></li>
                     <li><a href="/mina-project/gen-docs/latest-2.0/apidocs/index.html" class="external-link" rel="nofollow">API Javadoc 2.0.25</a></li>
                     <li><a href="/mina-project/gen-docs/latest-2.1/apidocs/index.html" class="external-link" rel="nofollow">API Javadoc 2.1.8</a></li>
                     <li><a href="/mina-project/gen-docs/latest-2.2/apidocs/index.html" class="external-link" rel="nofollow">API Javadoc 2.2.3</a></li>
                     <li><a href="/mina-project/gen-docs/latest-2.0/xref/index.html" class="external-link" rel="nofollow">API xref  2.0.25</a></li>
                     <li><a href="/mina-project/gen-docs/latest-2.1/xref/index.html" class="external-link" rel="nofollow">API xref 2.1.8</a></li>
                     <li><a href="/mina-project/gen-docs/latest-2.2/xref/index.html" class="external-link" rel="nofollow">API xref 2.2.3</a></li>
                     <li><a href="/mina-project/performances.html" class="external-link" rel="nofollow">Performances</a></li>
                     <li><a href="/mina-project/testimonials.html" class="external-link" rel="nofollow">Testimonials</a></li>
                     <li><a href="/mina-project/conferences.html" class="external-link" rel="nofollow">Conferences</a></li>
                     <li><a href="/mina-project/developer-guide.html" class="external-link" rel="nofollow">Developers Guide</a></li>
                     <li><a href="/mina-project/related-projects.html" class="external-link" rel="nofollow">Related Projects</a></li>
                     <li><a href="https://people.apache.org/~vgritsenko/stats/projects/mina.html" class="external-link" rel="nofollow">Statistics</a></li>
                 </ul>

                 <h5>Community</h5>
                 <ul>
                     <li><a href="https://www.apache.org/foundation/contributing.html" class="external-link" rel="nofollow">Contributing</a></li>
                     <li><a href="/contributors.html" class="external-link" rel="nofollow">Team</a></li>
                     <li><a href="/special-thanks.html" class="external-link" rel="nofollow">Special Thanks</a></li>
                     <li><a href="https://www.apache.org/security/" class="external-link" rel="nofollow">Security</a></li>
                 </ul>

                 <h5>About Apache</h5>
                 <ul>
                     <li><a href="https://www.apache.org" class="external-link" rel="nofollow">Apache main site</a></li>
                     <li><a href="https://www.apache.org/licenses/" class="external-link" rel="nofollow">License</a></li>
                     <li><a href="https://www.apache.org/foundation/sponsorship.html" title="The ASF sponsorship program" class="external-link" rel="nofollow">Sponsorship program</a></li>
                     <li><a href="https://www.apache.org/foundation/thanks.html" class="external-link" rel="nofollow">Thanks</a></li>
                 </ul>

                 <h3><a name="Navigation-Upcoming"></a>Upcoming</h3>
                 <ul>
                     <li>No event</li>
                 </ul>
             </div>
         </div>
         <div id="rightColumn">


 	<h1 id="22x-vs-21x-differences">2.2.x vs 2.1.x differences</h1>
 <p>The <strong>SSL/TLS</strong> handling has been totally rewritten in <strong>MINA 2.2</strong>. This has an impact in many areas.</p>
 <h2 id="removal-of-the-sslfilterdisable_encryption_once-attribute">Removal of the SslFilter.DISABLE_ENCRYPTION_ONCE attribute</h2>
 <p>This attribute was used in previous <strong>MINA</strong> versions to insure that we can send a clear text message to the remote peer while establishing the TLS connection when using the <strong>startTLS</strong> command.</p>
 <p>The idea is that the <strong>startTLS</strong> command is sent by an application (an <strong>LDAP</strong> client, for instance), which tells the server it should establish the <strong>SSL/TLS</strong> layer. The problem is that the server should be able to inform the client that the <strong>SSL/TLS</strong> layer is up and running, in clear text, which is not possible as the <strong>SSL/TLS</strong> layer is already fonctionning&hellip;</p>
 <p>This kind of chicken and egg problem was solved by giving the opportunity to the <strong>SSL/TLS</strong> layer to send back the <strong>startTLS</strong> response to the client in clear text, assuming it&rsquo;s the server&rsquo;s first message. A bit of a hack.</p>
 <p>In <strong>MINA 2.2</strong>, this attribute has been removed and replaced by either a filter to be added, or by encapsulating the message that should not be encrypted into an instance that implements the <strong>DisableEncryptWriteRequest</strong> interface.</p>
 <p>Typically, in <strong>Apache Directory</strong>, we use this filter:</p>
 <div class="highlight"><pre style="background-color:#f8f8f8;-moz-tab-size:4;-o-tab-size:4;tab-size:4"><code class="language-java" data-lang="java"><span style="color:#a2f;font-weight:bold">public</span> <span style="color:#a2f;font-weight:bold">class</span> <span style="color:#00f">StartTlsFilter</span> <span style="color:#a2f;font-weight:bold">extends</span> IoFilterAdapter
 <span style="color:#666">{</span>
     <span style="color:#080;font-style:italic">/**
 </span><span style="color:#080;font-style:italic">     * {@inheritDoc}
 </span><span style="color:#080;font-style:italic">     */</span>
     <span style="color:#a2f">@Override</span>
     <span style="color:#a2f;font-weight:bold">public</span> <span style="color:#0b0;font-weight:bold">void</span> <span style="color:#00a000">filterWrite</span><span style="color:#666">(</span> NextFilter nextFilter<span style="color:#666">,</span> IoSession session<span style="color:#666">,</span> WriteRequest writeRequest <span style="color:#666">)</span> <span style="color:#a2f;font-weight:bold">throws</span> Exception
     <span style="color:#666">{</span>
         <span style="color:#a2f;font-weight:bold">if</span> <span style="color:#666">(</span> writeRequest<span style="color:#666">.</span><span style="color:#b44">getOriginalMessage</span><span style="color:#666">(</span><span style="color:#666">)</span> <span style="color:#a2f;font-weight:bold">instanceof</span> StartTlsResponse <span style="color:#666">)</span>
         <span style="color:#666">{</span>
             <span style="color:#080;font-style:italic">// We need to bypass the SslFilter
 </span><span style="color:#080;font-style:italic"></span>            IoFilterChain chain <span style="color:#666">=</span> session<span style="color:#666">.</span><span style="color:#b44">getFilterChain</span><span style="color:#666">(</span><span style="color:#666">)</span><span style="color:#666">;</span>

             <span style="color:#a2f;font-weight:bold">for</span> <span style="color:#666">(</span> IoFilterChain<span style="color:#666">.</span><span style="color:#b44">Entry</span> entry <span style="color:#666">:</span> chain<span style="color:#666">.</span><span style="color:#b44">getAll</span><span style="color:#666">(</span><span style="color:#666">)</span> <span style="color:#666">)</span>
             <span style="color:#666">{</span>
                 IoFilter filter <span style="color:#666">=</span> entry<span style="color:#666">.</span><span style="color:#b44">getFilter</span><span style="color:#666">(</span><span style="color:#666">)</span><span style="color:#666">;</span>

                 <span style="color:#a2f;font-weight:bold">if</span> <span style="color:#666">(</span> filter <span style="color:#a2f;font-weight:bold">instanceof</span> SslFilter <span style="color:#666">)</span>
                 <span style="color:#666">{</span>
                     entry<span style="color:#666">.</span><span style="color:#b44">getNextFilter</span><span style="color:#666">(</span><span style="color:#666">)</span><span style="color:#666">.</span><span style="color:#b44">filterWrite</span><span style="color:#666">(</span> session<span style="color:#666">,</span> writeRequest <span style="color:#666">)</span><span style="color:#666">;</span>
                 <span style="color:#666">}</span>
             <span style="color:#666">}</span>
         <span style="color:#666">}</span>
         <span style="color:#a2f;font-weight:bold">else</span>
         <span style="color:#666">{</span>
             nextFilter<span style="color:#666">.</span><span style="color:#b44">filterWrite</span><span style="color:#666">(</span> session<span style="color:#666">,</span> writeRequest <span style="color:#666">)</span><span style="color:#666">;</span>
         <span style="color:#666">}</span>
     <span style="color:#666">}</span>
 <span style="color:#666">}</span>

 </code></pre></div><p>As you can see in the code above, we check if the message is a <strong>startTLS</strong> response, and if so, we bypass the <strong>SSLFilter</strong>, which leads to the message to be sent in clear text.</p>
 <h2 id="addition-of-the-iosessionisserver-method">Addition of the IoSession.isServer() method</h2>
 <p>This method tells if the underlaying service is an <em>IoAcceptor</em> or not. It&rsquo;s useful to quickly find out if we have to set the <strong>Tls</strong> flag to client or server when initializing the <strong>SslEngine</strong> instance, we also use it for the <strong>SslFilter</strong> logs.</p>
 <h2 id="removal-of-the-sslfiltergetsslsession-method">Removal of the SslFilter.getSslSession() method</h2>
 <p>This method is not used. Would you like to get the <strong>SSLSession</strong> instance, it&rsquo;s a matter of calling the <em>IoSession.getAttribute()</em> method with <strong>SslFilter.SSL_SECURED</strong> as a parameter:</p>
 <div class="highlight"><pre style="background-color:#f8f8f8;-moz-tab-size:4;-o-tab-size:4;tab-size:4"><code class="language-java" data-lang="java"><span style="color:#666">.</span><span style="color:#666">.</span><span style="color:#666">.</span>
             SSLSession sslSession <span style="color:#666">=</span> SSLSession<span style="color:#666">.</span><span style="color:#b44">class</span><span style="color:#666">.</span><span style="color:#b44">cast</span><span style="color:#666">(</span>getAttribute<span style="color:#666">(</span>SslFilter<span style="color:#666">.</span><span style="color:#b44">SSL_SECURED</span><span style="color:#666">)</span><span style="color:#666">)</span><span style="color:#666">;</span>
 <span style="color:#666">.</span><span style="color:#666">.</span><span style="color:#666">.</span>
 </code></pre></div><h2 id="why-is-it-api-incompatible-">Why is it API incompatible ?</h2>
 <p>The removal of the <strong>SslFilter.DISABLE_ENCRYPTION_ONCE</strong> attribute makes it impossible for application that leverage the <strong>startTLS</strong> command to work, without some code change.</p>
 <h2 id="migration">Migration</h2>
 <p>This is pretty straightforward :</p>
 <ul>
 <li>Create a filter that bypasses the message that should not be encrypted, or encapsulate it into an instance that implements the <strong>DisableEncryptWriteRequest</strong> interface.</li>
 </ul>
 <p>and that&rsquo;s it !</p>


         </div>
         <div id="endContent"></div>
     </div>

     <div id="footer">
     &copy; 2003-2024, <a href="https://www.apache.org">The Apache Software Foundation</a> - <a href="https://privacy.apache.org/policies/privacy-policy-public.html">Privacy Policy</a><br />
     Apache MINA, MINA, Apache Vysper, Vysper, Apache SSHd, SSHd, Apache FtpServer, FtpServer, Apache AsyncWeb, AsyncWeb,
     Apache, the Apache feather logo, and the Apache Mina project logos are trademarks of The Apache Software Foundation.
 </div>

 </div>

 </body>

 </html>
	<!DOCTYPE html>

	<html lang="en">
	<head>
	<title>MINA 2.2.x vs MINA 2.1.x — Apache MINA</title>

	<link href="/assets/css/common.css" rel="stylesheet" type="text/css"/>
	<link href="/assets/css/mina.css" rel="stylesheet" type="text/css"/>
	</head>
	<body>
	<script src="https://www.apachecon.com/event-images/snippet.js"></script>
	<div id="container">
	<div id="header">
	<div id="subProjectsNavBar">
	<a href="/">

	Apache MINA Project

	</a>
	\|
	<a href="/mina-project/">

	<strong>MINA</strong>

	</a>
	\|
	<a href="/asyncweb-project/">

	AsyncWeb

	</a>
	\|
	<a href="/ftpserver-project/">

	FtpServer

	</a>
	\|
	<a href="/sshd-project/">

	SSHD

	</a>
	\|
	<a href="/vysper-project/">

	Vysper

	</a>
	</div>
	</div>


	<div id="content">
	<div id="leftColumn">
	<div id="navigation">
	<a class="acevent" data-format="wide" data-width="170"></a>
	<h5>Social Networks</h5>
	<ul>
	<li><a href="https://fosstodon.org/@apachemina">Apache MINA Mastodon</a></li>
	</ul>
	<h5>Latest Downloads</h5>
	<ul>
	<li><a href="/mina-project/downloads_2_0.html">Mina 2.0.25</a></li>
	<li><a href="/mina-project/downloads_2_1.html">Mina 2.1.8</a></li>
	<li><a href="/mina-project/downloads_2_2.html">Mina 2.2.3</a></li>
	<li><a href="/mina-project/downloads_old.html">Mina old versions</a></li>
	</ul>
	<h5>Documentation</h5>
	<ul>
	<li><a href="/mina-project/documentation.html" class="external-link" rel="nofollow">Base documentation</a></li>
	<li><a href="/mina-project/userguide/user-guide-toc.html" class="external-link" rel="nofollow">User guide</a></li>
	<li><a href="/mina-project/2.2-vs-2.1.html" class="external-link" rel="nofollow">2.2 vs 2.1</a></li>
	<li><a href="/mina-project/2.1-vs-2.0.html" class="external-link" rel="nofollow">2.1 vs 2.0</a></li>
	<li><a href="/mina-project/features.html" class="external-link" rel="nofollow">Features</a></li>
	<li><a href="/mina-project/road-map.html" class="external-link" rel="nofollow">Road Map</a></li>
	<li><a href="/mina-project/quick-start-guide.html" class="external-link" rel="nofollow">Quick Start Guide</a></li>
	<li><a href="/mina-project/faq.html" class="external-link" rel="nofollow">FAQ</a></li>
	</ul>
	<h5>Resources</h5>
	<ul>
	<li><a href="/mina-project/mailing-lists.html" class="external-link" rel="nofollow">Mailing lists & IRC</a></li>
	<li><a href="/mina-project/issue-tracking.html" class="external-link" rel="nofollow">Issue tracking</a></li>
	<li><a href="/mina-project/sources.html" class="external-link" rel="nofollow">Sources</a></li>
	<li><a href="/mina-project/gen-docs/latest-2.0/apidocs/index.html" class="external-link" rel="nofollow">API Javadoc 2.0.25</a></li>
	<li><a href="/mina-project/gen-docs/latest-2.1/apidocs/index.html" class="external-link" rel="nofollow">API Javadoc 2.1.8</a></li>
	<li><a href="/mina-project/gen-docs/latest-2.2/apidocs/index.html" class="external-link" rel="nofollow">API Javadoc 2.2.3</a></li>
	<li><a href="/mina-project/gen-docs/latest-2.0/xref/index.html" class="external-link" rel="nofollow">API xref 2.0.25</a></li>
	<li><a href="/mina-project/gen-docs/latest-2.1/xref/index.html" class="external-link" rel="nofollow">API xref 2.1.8</a></li>
	<li><a href="/mina-project/gen-docs/latest-2.2/xref/index.html" class="external-link" rel="nofollow">API xref 2.2.3</a></li>
	<li><a href="/mina-project/performances.html" class="external-link" rel="nofollow">Performances</a></li>
	<li><a href="/mina-project/testimonials.html" class="external-link" rel="nofollow">Testimonials</a></li>
	<li><a href="/mina-project/conferences.html" class="external-link" rel="nofollow">Conferences</a></li>
	<li><a href="/mina-project/developer-guide.html" class="external-link" rel="nofollow">Developers Guide</a></li>
	<li><a href="/mina-project/related-projects.html" class="external-link" rel="nofollow">Related Projects</a></li>
	<li><a href="https://people.apache.org/~vgritsenko/stats/projects/mina.html" class="external-link" rel="nofollow">Statistics</a></li>
	</ul>

	<h5>Community</h5>
	<ul>
	<li><a href="https://www.apache.org/foundation/contributing.html" class="external-link" rel="nofollow">Contributing</a></li>
	<li><a href="/contributors.html" class="external-link" rel="nofollow">Team</a></li>
	<li><a href="/special-thanks.html" class="external-link" rel="nofollow">Special Thanks</a></li>
	<li><a href="https://www.apache.org/security/" class="external-link" rel="nofollow">Security</a></li>
	</ul>

	<h5>About Apache</h5>
	<ul>
	<li><a href="https://www.apache.org" class="external-link" rel="nofollow">Apache main site</a></li>
	<li><a href="https://www.apache.org/licenses/" class="external-link" rel="nofollow">License</a></li>
	<li><a href="https://www.apache.org/foundation/sponsorship.html" title="The ASF sponsorship program" class="external-link" rel="nofollow">Sponsorship program</a></li>
	<li><a href="https://www.apache.org/foundation/thanks.html" class="external-link" rel="nofollow">Thanks</a></li>
	</ul>

	<h3><a name="Navigation-Upcoming"></a>Upcoming</h3>
	<ul>
	<li>No event</li>
	</ul>
	</div>
	</div>
	<div id="rightColumn">



	<h1 id="22x-vs-21x-differences">2.2.x vs 2.1.x differences</h1>
	<p>The <strong>SSL/TLS</strong> handling has been totally rewritten in <strong>MINA 2.2</strong>. This has an impact in many areas.</p>
	<h2 id="removal-of-the-sslfilterdisable_encryption_once-attribute">Removal of the SslFilter.DISABLE_ENCRYPTION_ONCE attribute</h2>
	<p>This attribute was used in previous <strong>MINA</strong> versions to insure that we can send a clear text message to the remote peer while establishing the TLS connection when using the <strong>startTLS</strong> command.</p>
	<p>The idea is that the <strong>startTLS</strong> command is sent by an application (an <strong>LDAP</strong> client, for instance), which tells the server it should establish the <strong>SSL/TLS</strong> layer. The problem is that the server should be able to inform the client that the <strong>SSL/TLS</strong> layer is up and running, in clear text, which is not possible as the <strong>SSL/TLS</strong> layer is already fonctionning…</p>
	<p>This kind of chicken and egg problem was solved by giving the opportunity to the <strong>SSL/TLS</strong> layer to send back the <strong>startTLS</strong> response to the client in clear text, assuming it’s the server’s first message. A bit of a hack.</p>
	<p>In <strong>MINA 2.2</strong>, this attribute has been removed and replaced by either a filter to be added, or by encapsulating the message that should not be encrypted into an instance that implements the <strong>DisableEncryptWriteRequest</strong> interface.</p>
	<p>Typically, in <strong>Apache Directory</strong>, we use this filter:</p>
	<div class="highlight"><pre style="background-color:#f8f8f8;-moz-tab-size:4;-o-tab-size:4;tab-size:4"><code class="language-java" data-lang="java"><span style="color:#a2f;font-weight:bold">public</span> <span style="color:#a2f;font-weight:bold">class</span> <span style="color:#00f">StartTlsFilter</span> <span style="color:#a2f;font-weight:bold">extends</span> IoFilterAdapter
	<span style="color:#666">{</span>
	<span style="color:#080;font-style:italic">/**
	</span><span style="color:#080;font-style:italic"> * {@inheritDoc}
	</span><span style="color:#080;font-style:italic"> */</span>
	<span style="color:#a2f">@Override</span>
	<span style="color:#a2f;font-weight:bold">public</span> <span style="color:#0b0;font-weight:bold">void</span> <span style="color:#00a000">filterWrite</span><span style="color:#666">(</span> NextFilter nextFilter<span style="color:#666">,</span> IoSession session<span style="color:#666">,</span> WriteRequest writeRequest <span style="color:#666">)</span> <span style="color:#a2f;font-weight:bold">throws</span> Exception
	<span style="color:#666">{</span>
	<span style="color:#a2f;font-weight:bold">if</span> <span style="color:#666">(</span> writeRequest<span style="color:#666">.</span><span style="color:#b44">getOriginalMessage</span><span style="color:#666">(</span><span style="color:#666">)</span> <span style="color:#a2f;font-weight:bold">instanceof</span> StartTlsResponse <span style="color:#666">)</span>
	<span style="color:#666">{</span>
	<span style="color:#080;font-style:italic">// We need to bypass the SslFilter
	</span><span style="color:#080;font-style:italic"></span> IoFilterChain chain <span style="color:#666">=</span> session<span style="color:#666">.</span><span style="color:#b44">getFilterChain</span><span style="color:#666">(</span><span style="color:#666">)</span><span style="color:#666">;</span>

	<span style="color:#a2f;font-weight:bold">for</span> <span style="color:#666">(</span> IoFilterChain<span style="color:#666">.</span><span style="color:#b44">Entry</span> entry <span style="color:#666">:</span> chain<span style="color:#666">.</span><span style="color:#b44">getAll</span><span style="color:#666">(</span><span style="color:#666">)</span> <span style="color:#666">)</span>
	<span style="color:#666">{</span>
	IoFilter filter <span style="color:#666">=</span> entry<span style="color:#666">.</span><span style="color:#b44">getFilter</span><span style="color:#666">(</span><span style="color:#666">)</span><span style="color:#666">;</span>

	<span style="color:#a2f;font-weight:bold">if</span> <span style="color:#666">(</span> filter <span style="color:#a2f;font-weight:bold">instanceof</span> SslFilter <span style="color:#666">)</span>
	<span style="color:#666">{</span>
	entry<span style="color:#666">.</span><span style="color:#b44">getNextFilter</span><span style="color:#666">(</span><span style="color:#666">)</span><span style="color:#666">.</span><span style="color:#b44">filterWrite</span><span style="color:#666">(</span> session<span style="color:#666">,</span> writeRequest <span style="color:#666">)</span><span style="color:#666">;</span>
	<span style="color:#666">}</span>
	<span style="color:#666">}</span>
	<span style="color:#666">}</span>
	<span style="color:#a2f;font-weight:bold">else</span>
	<span style="color:#666">{</span>
	nextFilter<span style="color:#666">.</span><span style="color:#b44">filterWrite</span><span style="color:#666">(</span> session<span style="color:#666">,</span> writeRequest <span style="color:#666">)</span><span style="color:#666">;</span>
	<span style="color:#666">}</span>
	<span style="color:#666">}</span>
	<span style="color:#666">}</span>

	</code></pre></div><p>As you can see in the code above, we check if the message is a <strong>startTLS</strong> response, and if so, we bypass the <strong>SSLFilter</strong>, which leads to the message to be sent in clear text.</p>
	<h2 id="addition-of-the-iosessionisserver-method">Addition of the IoSession.isServer() method</h2>
	<p>This method tells if the underlaying service is an <em>IoAcceptor</em> or not. It’s useful to quickly find out if we have to set the <strong>Tls</strong> flag to client or server when initializing the <strong>SslEngine</strong> instance, we also use it for the <strong>SslFilter</strong> logs.</p>
	<h2 id="removal-of-the-sslfiltergetsslsession-method">Removal of the SslFilter.getSslSession() method</h2>
	<p>This method is not used. Would you like to get the <strong>SSLSession</strong> instance, it’s a matter of calling the <em>IoSession.getAttribute()</em> method with <strong>SslFilter.SSL_SECURED</strong> as a parameter:</p>
	<div class="highlight"><pre style="background-color:#f8f8f8;-moz-tab-size:4;-o-tab-size:4;tab-size:4"><code class="language-java" data-lang="java"><span style="color:#666">.</span><span style="color:#666">.</span><span style="color:#666">.</span>
	SSLSession sslSession <span style="color:#666">=</span> SSLSession<span style="color:#666">.</span><span style="color:#b44">class</span><span style="color:#666">.</span><span style="color:#b44">cast</span><span style="color:#666">(</span>getAttribute<span style="color:#666">(</span>SslFilter<span style="color:#666">.</span><span style="color:#b44">SSL_SECURED</span><span style="color:#666">)</span><span style="color:#666">)</span><span style="color:#666">;</span>
	<span style="color:#666">.</span><span style="color:#666">.</span><span style="color:#666">.</span>
	</code></pre></div><h2 id="why-is-it-api-incompatible-">Why is it API incompatible ?</h2>
	<p>The removal of the <strong>SslFilter.DISABLE_ENCRYPTION_ONCE</strong> attribute makes it impossible for application that leverage the <strong>startTLS</strong> command to work, without some code change.</p>
	<h2 id="migration">Migration</h2>
	<p>This is pretty straightforward :</p>
	<ul>
	<li>Create a filter that bypasses the message that should not be encrypted, or encapsulate it into an instance that implements the <strong>DisableEncryptWriteRequest</strong> interface.</li>
	</ul>
	<p>and that’s it !</p>




	</div>
	<div id="endContent"></div>
	</div>

	<div id="footer">
	© 2003-2024, <a href="https://www.apache.org">The Apache Software Foundation</a> - <a href="https://privacy.apache.org/policies/privacy-policy-public.html">Privacy Policy</a><br />
	Apache MINA, MINA, Apache Vysper, Vysper, Apache SSHd, SSHd, Apache FtpServer, FtpServer, Apache AsyncWeb, AsyncWeb,
	Apache, the Apache feather logo, and the Apache Mina project logos are trademarks of The Apache Software Foundation.
	</div>

	</div>

	</body>

	</html>