in omega/omega-connector/omega-connector-grpc/src/main/java/org/apache/servicecomb/pack/omega/connector/grpc/core/LoadBalanceContextBuilder.java [124:154]
private Optional<SslContext> buildSslContext(AlphaClusterConfig clusterConfig) {
if (!clusterConfig.isEnableSSL()) {
return Optional.absent();
}
SslContextBuilder builder = GrpcSslContexts.forClient();
// openssl must be used because some older JDk does not support cipher suites required by http2,
// and the performance of JDK ssl is pretty low compared to openssl.
builder.sslProvider(SslProvider.OPENSSL);
Properties prop = new Properties();
try {
prop.load(LoadBalanceContextBuilder.class.getClassLoader().getResourceAsStream("ssl.properties"));
} catch (IOException e) {
throw new IllegalArgumentException("Unable to read ssl.properties.", e);
}
builder.protocols(prop.getProperty("protocols").split(","));
builder.ciphers(Arrays.asList(prop.getProperty("ciphers").split(",")));
builder.trustManager(new File(clusterConfig.getCertChain()));
if (clusterConfig.isEnableMutualAuth()) {
builder.keyManager(new File(clusterConfig.getCert()), new File(clusterConfig.getKey()));
}
try {
return Optional.of(builder.build());
} catch (SSLException e) {
throw new IllegalArgumentException("Unable to build SslContext", e);
}
}