A suggestion about specifying a source of secure randomness for better security
Closed this issue · 5 comments
Gax-c commented
Hello everyone! I'm new to netty and when I was browsing the code I found the following code in JdkSslServerContext.java
here:
ctx.init(keyManagerFactory.getKeyManagers(),
wrapTrustManagerIfNeeded(trustManagerFactory.getTrustManagers()),
null);
The code here use a "null", which means using the default securerandom. Although securerandom has already provided enough security, specifying one will ensure better security. For example, using SunJSSE.cryptoProvider for fip mode will be better.
hyperxpro commented
Looks valid. @normanmaurer WDYT?
normanmaurer commented
@hyperxpro @Gax-c I think we could add another constructor that take one ?
hyperxpro commented
Yup. Shall I go ahead with a PR?
normanmaurer commented
@hyperxpro sure
thxwelchs commented
Hi @normanmaurer, @hyperxpro, @Gax-c
I'm interested in this so I created a PR. Could you please review this?