Thanks for your pull request. We've seen also requests to enable configuration of a custom hostname validator. It would make sense to tie this setting to SslOptions. We should come up with a more flexible approach to SSL configuration and expose more low-level interfaces to achieve customization where needed.

Thank you for the quick response. Yes agreed. What other low-level interfaces were you referring to? like allowing the user to pick their desired cipher suits or in other words are there other things you would like to see?

Codecov Report

Merging #1167 into master will decrease coverage by 0.07%.
The diff coverage is 30%.

@@             Coverage Diff              @@
##             master    #1167      +/-   ##
============================================
- Coverage     80.45%   80.38%   -0.08%     
- Complexity     5829     5830       +1     
============================================
  Files           418      417       -1     
  Lines         19151    19125      -26     
  Branches       2222     2213       -9     
============================================
- Hits          15408    15373      -35     
- Misses         2721     2728       +7     
- Partials       1022     1024       +2

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update 03c7740...67d6ac4. Read the comment docs.

Basically, all the things that are possible with SslContextBuilder or SslContext. Certificates, key and trustmanager factories, various protocol levels. SSL config can be tricky, so there is probably no one-fits-all.

I have moved the SSLParamaters's protocols and ciphersuites into ssloptions. @mp911de could you please review this and let me know what you think ?

I will have a look next week. Thanks a lot!

Okay sounds good. Happy Thanks giving.

Hi @mp911de, are there any update on this ?

It will take me a bit more time until I get to this.

I took a look and configuring ciphers and protocols makes sense. I will take this PR from here to polish it (e.g. use varargs instead of String and String[] overloads) and add PEM-based certificate options.

I would also like to move SslContextBuilder and SSLParameters creations into SslOptions.

Thanks a lot. That's squashed, merged and polished for 5.3.0. I also added a configuration option for PEM-based keys and certificates.