Hello Corda experts: I have a question about Conclave beta 3. I downloaded conclave SDK hello world project, and ran it according to conclave document successfully. But when I tried to use RestTemplate to access an external https API from the enclave, it is failed. And the error message is "java.security.NoSuchAlgorithmException: Default SSLContext not available". Since the default JVM for enclave is Avian, I doubt that maybe Avian doesn't support SSL. Does any expert know the root cause and how to solve it? Thanks very much.
[Conclave]How to support SSL in enclave?
141 Views Asked by Lin Corey At
1
There are 1 best solutions below
Related Questions in CORDA
- Running corda in Oracle jdk1.8 is working fin but not in OpenJDK patch 1.8.392
- Unable to find the Corda CLI, has it been installed?
- Corda states data design
- Not generating .cpi file in Corda5
- Add dependency in build.gradle in corda 5
- Next-Gen Corda 5.0 - Facing issue while creating CPI file from CPB file
- Corda Shell Issue
- JSON/JSONB field support in Corda PostgreSQL
- Corda 5 Exception
- How to set persistence-enabled to false in Corda for Artemis AMQP config
- Failed to apply plugin 'net.corda.plugins.cordapp'
- Corda bridge not able to connect to peer node using proxy
- Corda node_transaction table column transaction_value
- Data class file location change in CorDapp
- How to start remote flow class using RPC in Springboot remote server
Related Questions in ENCLAVE
- Can Process B (with eid) Interact with an Enclave after Process A Has Established a Connection?
- I run Scone in Hardware Mode but occured a problem(Enclave terminated due to signal: Illegal instruction)
- Running nitro enclaves and on Amazon EKS and getting Insufficient hugepages-2Mi on pods
- How to solve SGX Exception 4012?
- 'failed to load enclave' in hardware mode with Intel SGX
- SGX enclave debugging
- How to create Enclave using Intel SGX SDK on LINUX
- How to decrypt the CiphertextForRecipient using the private key in the enclave?
- Apple secure enclave with RFC6979
- SQL Server Always Encrypted w/ Secure Enclave - Key Management Strategy
- Porting LUA to SGX application
- AWS Nitro Enclave Socket Connection to Database
- Integration of Intel SGX and MYsql server
- Run arbitrary app in a secure enclave (SGX)
- How to prove the data are generated or calculated by TEE (e.g., Intel SGX)?
Trending Questions
- UIImageView Frame Doesn't Reflect Constraints
- Is it possible to use adb commands to click on a view by finding its ID?
- How to create a new web character symbol recognizable by html/javascript?
- Why isn't my CSS3 animation smooth in Google Chrome (but very smooth on other browsers)?
- Heap Gives Page Fault
- Connect ffmpeg to Visual Studio 2008
- Both Object- and ValueAnimator jumps when Duration is set above API LvL 24
- How to avoid default initialization of objects in std::vector?
- second argument of the command line arguments in a format other than char** argv or char* argv[]
- How to improve efficiency of algorithm which generates next lexicographic permutation?
- Navigating to the another actvity app getting crash in android
- How to read the particular message format in android and store in sqlite database?
- Resetting inventory status after order is cancelled
- Efficiently compute powers of X in SSE/AVX
- Insert into an external database using ajax and php : POST 500 (Internal Server Error)
Popular # Hahtags
Popular Questions
- How do I undo the most recent local commits in Git?
- How can I remove a specific item from an array in JavaScript?
- How do I delete a Git branch locally and remotely?
- Find all files containing a specific text (string) on Linux?
- How do I revert a Git repository to a previous commit?
- How do I create an HTML button that acts like a link?
- How do I check out a remote Git branch?
- How do I force "git pull" to overwrite local files?
- How do I list all files of a directory?
- How to check whether a string contains a substring in JavaScript?
- How do I redirect to another webpage?
- How can I iterate over rows in a Pandas DataFrame?
- How do I convert a String to an int in Java?
- Does Python have a string 'contains' substring method?
- How do I check if a string contains a specific word?
At this time Conclave doesn't support outbound SSL connections. It's something we'd like to support and is a high priority but it must be done very carefully. For example, we will have to ship a root cert store with the enclave embedded in the binary (or a signed version that's injectable by the host), there are questions about how to handle expiry checking given that the host controls the clock, whatever credentials are used to access the external service (if any) need to be securely sealed and stored, it will only make sense to support OCSP Stapling as a form of revocation checking with all others needing to be disabled and so on.
You don't technically need us to solve these issues for you. You can load the SSLEngine and relay packets from it in and out of the host using the call mechanism. It'd be a bit awkward but should be possible.