OF-946: Should have single point of SSLContext instantiation

The code to get an instance of SSLContext is duplicated all over the codebase. Code gets more maintainable by replacing all duplicate code blocks with one utility method. This already fixes an issue where Clearspace integration used a SSL instead of TLS algorithm.

OF-946: Should have single point of SSLContext instantiation
The code to get an instance of SSLContext is duplicated all over the codebase. Code gets more maintainable by replacing all duplicate code blocks with one utility method. This already fixes an issue where Clearspace integration used a SSL instead of TLS algorithm.
e78559b1 · Guus der Kinderen · cc6be12e · e78559b1 · e78559b1 · e78559b1
Commit e78559b1 authored Oct 22, 2015 by Guus der Kinderen
7 changed files
--- a/src/java/org/jivesoftware/openfire/clearspace/SSLProtocolSocketFactory.java
+++ b/src/java/org/jivesoftware/openfire/clearspace/SSLProtocolSocketFactory.java
@@ -63,7 +63,7 @@ public class SSLProtocolSocketFactory implements SecureProtocolSocketFactory {
    private SSLContext createSSLContext(String host) {
        try {
-            SSLContext context = SSLContext.getInstance("SSL");
+            final SSLContext context = SSLConfig.getSSLContext();
            context.init(
                    null,
                    new TrustManager[] {

--- a/src/java/org/jivesoftware/openfire/net/SSLConfig.java
+++ b/src/java/org/jivesoftware/openfire/net/SSLConfig.java
@@ -21,10 +21,12 @@
 package org.jivesoftware.openfire.net;
 import org.jivesoftware.openfire.keystore.*;
+import org.jivesoftware.openfire.session.ConnectionSettings;
 import org.jivesoftware.util.JiveGlobals;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
+import javax.net.ssl.SSLContext;
 import java.io.*;
 import java.nio.file.Path;
 import java.nio.file.Paths;
@@ -368,4 +370,11 @@ public class SSLConfig
        return file.getCanonicalPath();
    }
+    public static SSLContext getSSLContext() throws NoSuchAlgorithmException
+    {
+        // TODO: allow different algorithms for differetn connection types (eg client/server/bosh etc)
+        final String algorithm = JiveGlobals.getProperty( ConnectionSettings.Client.TLS_ALGORITHM, "TLS" );
+        return SSLContext.getInstance( algorithm );
+    }
 }
--- a/src/java/org/jivesoftware/openfire/net/SSLConfigSocketFactory.java
+++ b/src/java/org/jivesoftware/openfire/net/SSLConfigSocketFactory.java
@@ -105,8 +105,7 @@ public class SSLConfigSocketFactory
        final IdentityStoreConfig identityStoreConfig = (IdentityStoreConfig) SSLConfig.getInstance().getStoreConfig( Purpose.SOCKETBASED_IDENTITYSTORE );
        final TrustStoreConfig trustStoreConfig = (TrustStoreConfig) SSLConfig.getInstance().getStoreConfig( Purpose.SOCKETBASED_C2S_TRUSTSTORE );
-        final String algorithm = JiveGlobals.getProperty( ConnectionSettings.Client.TLS_ALGORITHM, "TLS" );
+        final SSLContext context = SSLConfig.getSSLContext();
-        final SSLContext context = SSLContext.getInstance( algorithm );
        context.init( identityStoreConfig.getKeyManagers(), trustStoreConfig.getTrustManagers(), new java.security.SecureRandom() );
        return context.getServerSocketFactory();
@@ -117,8 +116,7 @@ public class SSLConfigSocketFactory
        final IdentityStoreConfig identityStoreConfig = (IdentityStoreConfig) SSLConfig.getInstance().getStoreConfig( Purpose.SOCKETBASED_IDENTITYSTORE );
        final TrustStoreConfig trustStoreConfig = (TrustStoreConfig) SSLConfig.getInstance().getStoreConfig( Purpose.SOCKETBASED_S2S_TRUSTSTORE );
-        final String algorithm = JiveGlobals.getProperty( ConnectionSettings.Client.TLS_ALGORITHM, "TLS" );
+        final SSLContext context = SSLConfig.getSSLContext();
-        final SSLContext context = SSLContext.getInstance( algorithm );
        context.init( identityStoreConfig.getKeyManagers(), trustStoreConfig.getTrustManagers(), new java.security.SecureRandom() );
        return context.getServerSocketFactory();

--- a/src/java/org/jivesoftware/openfire/net/TLSWrapper.java
+++ b/src/java/org/jivesoftware/openfire/net/TLSWrapper.java
@@ -97,8 +97,7 @@ public class TLSWrapper {
            }
            final IdentityStoreConfig identityStoreConfig = (IdentityStoreConfig) sslConfig.getStoreConfig( Purpose.SOCKETBASED_IDENTITYSTORE );
-            final String algorithm = JiveGlobals.getProperty( ConnectionSettings.Client.TLS_ALGORITHM, "TLS" );
+            final SSLContext tlsContext = SSLConfig.getSSLContext();
-            final SSLContext tlsContext = SSLContext.getInstance(algorithm);
            tlsContext.init( identityStoreConfig.getKeyManagers(), tm, null);
            /*

--- a/src/java/org/jivesoftware/openfire/nio/NIOConnection.java
+++ b/src/java/org/jivesoftware/openfire/nio/NIOConnection.java
@@ -397,8 +397,7 @@ public class NIOConnection implements Connection {
            tm = storeConfig.getTrustManagers();
        }
-        String algorithm = JiveGlobals.getProperty(ConnectionSettings.Client.TLS_ALGORITHM, "TLS");
+        final SSLContext tlsContext = SSLConfig.getSSLContext();
-        SSLContext tlsContext = SSLContext.getInstance( algorithm );
        final IdentityStoreConfig identityStoreConfig = (IdentityStoreConfig) sslConfig.getStoreConfig( Purpose.SOCKETBASED_IDENTITYSTORE );
        tlsContext.init( identityStoreConfig.getKeyManagers(), tm, null);

--- a/src/java/org/jivesoftware/openfire/spi/ConnectionManagerImpl.java
+++ b/src/java/org/jivesoftware/openfire/spi/ConnectionManagerImpl.java
 /**
 * $RCSfile: ConnectionManagerImpl.java,v $
 * $Revision: $
 * $Date: $
 *
 * Copyright (C) 2005-2008 Jive Software. All rights reserved.
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
 * You may obtain a copy of the License at
 *
 *     http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 */
 package org.jivesoftware.openfire.spi;
 import java.io.IOException;
 import java.lang.management.ManagementFactory;
 import java.net.InetAddress;
 import java.net.InetSocketAddress;
 import java.net.Socket;
 import java.net.UnknownHostException;
 import java.security.KeyStore;
 import java.security.KeyStoreException;
 import java.security.cert.X509Certificate;
 import java.util.ArrayList;
 import java.util.Collection;
 import java.util.List;
 import java.util.Map;
 import java.util.concurrent.ThreadFactory;
 import java.util.concurrent.ThreadPoolExecutor;
 import java.util.concurrent.TimeUnit;
 import java.util.concurrent.atomic.AtomicInteger;
 import javax.management.JMException;
 import javax.management.MBeanServer;
 import javax.management.ObjectName;
 import javax.net.ssl.SSLContext;
 import org.apache.mina.core.buffer.IoBuffer;
 import org.apache.mina.core.buffer.SimpleBufferAllocator;
 import org.apache.mina.core.service.IoService;
 import org.apache.mina.core.service.IoServiceListener;
 import org.apache.mina.core.session.IdleStatus;
 import org.apache.mina.core.session.IoSession;
 import org.apache.mina.filter.codec.ProtocolCodecFilter;
 import org.apache.mina.filter.executor.ExecutorFilter;
 import org.apache.mina.filter.ssl.SslFilter;
 import org.apache.mina.integration.jmx.IoServiceMBean;
 import org.apache.mina.integration.jmx.IoSessionMBean;
 import org.apache.mina.transport.socket.SocketSessionConfig;
 import org.apache.mina.transport.socket.nio.NioSocketAcceptor;
 import org.jivesoftware.openfire.ConnectionManager;
 import org.jivesoftware.openfire.JMXManager;
 import org.jivesoftware.openfire.PacketDeliverer;
 import org.jivesoftware.openfire.PacketRouter;
 import org.jivesoftware.openfire.RoutingTable;
 import org.jivesoftware.openfire.ServerPort;
 import org.jivesoftware.openfire.SessionManager;
 import org.jivesoftware.openfire.XMPPServer;
 import org.jivesoftware.openfire.container.BasicModule;
 import org.jivesoftware.openfire.container.PluginManager;
 import org.jivesoftware.openfire.container.PluginManagerListener;
 import org.jivesoftware.openfire.http.HttpBindManager;
 import org.jivesoftware.openfire.keystore.IdentityStoreConfig;
 import org.jivesoftware.openfire.keystore.Purpose;
 import org.jivesoftware.openfire.keystore.TrustStoreConfig;
 import org.jivesoftware.openfire.net.*;
 import org.jivesoftware.openfire.nio.ClientConnectionHandler;
 import org.jivesoftware.openfire.nio.ComponentConnectionHandler;
 import org.jivesoftware.openfire.nio.MultiplexerConnectionHandler;
 import org.jivesoftware.openfire.nio.XMPPCodecFactory;
 import org.jivesoftware.openfire.session.ConnectionSettings;
 import org.jivesoftware.util.*;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 public class ConnectionManagerImpl extends BasicModule implements ConnectionManager, CertificateEventListener, PropertyEventListener {
 	private static final int MB = 1024 * 1024;
    public static final String EXECUTOR_FILTER_NAME = "threadModel";
    public static final String TLS_FILTER_NAME = "tls";
    public static final String COMPRESSION_FILTER_NAME = "compression";
    public static final String XMPP_CODEC_FILTER_NAME = "xmpp";
    public static final String CAPACITY_FILTER_NAME = "outCap";
    private static final String CLIENT_SOCKET_ACCEPTOR_NAME = "client";
    private static final String CLIENT_SSL_SOCKET_ACCEPTOR_NAME = "client_ssl";
    private static final String COMPONENT_SOCKET_ACCEPTOR_NAME = "component";
    private static final String MULTIPLEXER_SOCKET_ACCEPTOR_NAME = "multiplexer";
    private static final Logger Log = LoggerFactory.getLogger(ConnectionManagerImpl.class);
    private NioSocketAcceptor socketAcceptor;
    private NioSocketAcceptor sslSocketAcceptor;
    private NioSocketAcceptor componentAcceptor;
    private SocketAcceptThread serverSocketThread;
    private NioSocketAcceptor multiplexerSocketAcceptor;
    private ArrayList<ServerPort> ports;
    private SessionManager sessionManager;
    private PacketDeliverer deliverer;
    private PacketRouter router;
    private RoutingTable routingTable;
    private String serverName;
    private String localIPAddress = null;
    // Used to know if the sockets have been started
    private boolean isSocketStarted = false;
    public ConnectionManagerImpl() {
        super("Connection Manager");
        ports = new ArrayList<>(4);
    }
    private synchronized void createListeners() {
        if (isSocketStarted || sessionManager == null || deliverer == null || router == null || serverName == null) {
            return;
        }
        // Create the port listener for s2s communication
        createServerListener(localIPAddress);
        // Create the port listener for Connections Multiplexers
        createConnectionManagerListener();
        // Create the port listener for external components
        createComponentListener();
        // Create the port listener for clients
        createClientListeners();
        // Create the port listener for secured clients
        createClientSSLListeners();
    }
    private synchronized void startListeners() {
        if (isSocketStarted || sessionManager == null || deliverer == null || router == null || serverName == null) {
            return;
        }
        // Check if plugins have been loaded
        PluginManager pluginManager = XMPPServer.getInstance().getPluginManager();
        if (!pluginManager.isExecuted()) {
            pluginManager.addPluginManagerListener(new PluginManagerListener() {
                @Override
                public void pluginsMonitored() {
                    // Stop listening for plugin events
                    XMPPServer.getInstance().getPluginManager().removePluginManagerListener(this);
                    // Start listeners
                    startListeners();
                }
            });
            return;
        }
        isSocketStarted = true;
        // Setup port info
        try {
            localIPAddress = InetAddress.getLocalHost().getHostAddress();
        }
        catch (UnknownHostException e) {
            if (localIPAddress == null) {
                localIPAddress = "Unknown";
            }
        }
        // Start the port listener for s2s communication
        startServerListener();
        // Start the port listener for Connections Multiplexers
        startConnectionManagerListener(localIPAddress);
        // Start the port listener for external components
        startComponentListener();
        // Start the port listener for clients
        startClientListeners(localIPAddress);
        // Start the port listener for secured clients
        startClientSSLListeners(localIPAddress);
        // Start the HTTP client listener
        startHTTPBindListeners();
    }
    private void createServerListener(String localIPAddress) {
        // Start servers socket unless it's been disabled.
        if (isServerListenerEnabled()) {
            int port = getServerListenerPort();
            try {
                serverSocketThread = new SocketAcceptThread(this, new ServerPort(port, serverName,
                        localIPAddress, false, null, ServerPort.Type.server));
                ports.add(serverSocketThread.getServerPort());
                serverSocketThread.setDaemon(true);
                serverSocketThread.setPriority(Thread.MAX_PRIORITY);
            }
            catch (Exception e) {
                System.err.println("Error creating server listener on port " + port + ": " +
                        e.getMessage());
                Log.error(LocaleUtils.getLocalizedString("admin.error.socket-setup"), e);
            }
        }
    }
    private void startServerListener() {
        // Start servers socket unless it's been disabled.
        if (isServerListenerEnabled()) {
            int port = getServerListenerPort();
            try {
                serverSocketThread.start();
                List<String> params = new ArrayList<>();
                params.add(Integer.toString(serverSocketThread.getPort()));
                Log.info(LocaleUtils.getLocalizedString("startup.server", params));
            }
            catch (Exception e) {
                System.err.println("Error starting server listener on port " + port + ": " +
                        e.getMessage());
                Log.error(LocaleUtils.getLocalizedString("admin.error.socket-setup"), e);
            }
        }
    }
    private void stopServerListener() {
        if (serverSocketThread != null) {
            serverSocketThread.shutdown();
            ports.remove(serverSocketThread.getServerPort());
            serverSocketThread = null;
        }
    }
    private void createConnectionManagerListener() {
        // Start multiplexers socket unless it's been disabled.
        if (isConnectionManagerListenerEnabled()) {
            // Create SocketAcceptor with correct number of processors
            multiplexerSocketAcceptor = buildSocketAcceptor(MULTIPLEXER_SOCKET_ACCEPTOR_NAME);
            // Customize Executor that will be used by processors to process incoming stanzas
            int maxPoolSize = JiveGlobals.getIntProperty("xmpp.multiplex.processing.threads", 16);
            ExecutorFilter executorFilter = new ExecutorFilter(getCorePoolSize(maxPoolSize), maxPoolSize, 60, TimeUnit.SECONDS);
            ThreadPoolExecutor eventExecutor = (ThreadPoolExecutor)executorFilter.getExecutor();
            ThreadFactory threadFactory = eventExecutor.getThreadFactory();
            threadFactory = new DelegatingThreadFactory("Multiplexer-Thread-", threadFactory);
            eventExecutor.setThreadFactory(threadFactory);
            multiplexerSocketAcceptor.getFilterChain().addFirst(EXECUTOR_FILTER_NAME, executorFilter);
            // Add the XMPP codec filter
            multiplexerSocketAcceptor.getFilterChain().addAfter(EXECUTOR_FILTER_NAME, XMPP_CODEC_FILTER_NAME, new ProtocolCodecFilter(new XMPPCodecFactory()));
        }
    }
    private void startConnectionManagerListener(String localIPAddress) {
        // Start multiplexers socket unless it's been disabled.
        if (isConnectionManagerListenerEnabled()) {
            int port = getConnectionManagerListenerPort();
            try {
                // Listen on a specific network interface if it has been set.
                String interfaceName = JiveGlobals.getXMLProperty("network.interface");
                InetAddress bindInterface = null;
                if (interfaceName != null) {
                    if (interfaceName.trim().length() > 0) {
                        bindInterface = InetAddress.getByName(interfaceName);
                    }
                }
                // Start accepting connections
                multiplexerSocketAcceptor.setHandler(new MultiplexerConnectionHandler(serverName));
                multiplexerSocketAcceptor.bind(new InetSocketAddress(bindInterface, port));
                ports.add(new ServerPort(port, serverName, localIPAddress, false, null, ServerPort.Type.connectionManager));
-                List<String> params = new ArrayList<>();
+                List<String> params = new ArrayList<String>();
                params.add(Integer.toString(port));
                Log.info(LocaleUtils.getLocalizedString("startup.multiplexer", params));
            }
            catch (Exception e) {
                System.err.println("Error starting multiplexer listener on port " + port + ": " +
                        e.getMessage());
                Log.error(LocaleUtils.getLocalizedString("admin.error.socket-setup"), e);
            }
        }
    }
    private void stopConnectionManagerListener() {
        if (multiplexerSocketAcceptor != null) {
            multiplexerSocketAcceptor.unbind();
            for (ServerPort port : ports) {
                if (port.isConnectionManagerPort()) {
                    ports.remove(port);
                    break;
                }
            }
            multiplexerSocketAcceptor = null;
        }
    }
    private void createComponentListener() {
        // Start components socket unless it's been disabled.
        if (isComponentListenerEnabled() && componentAcceptor == null) {
            // Create SocketAcceptor with correct number of processors
            componentAcceptor = buildSocketAcceptor(COMPONENT_SOCKET_ACCEPTOR_NAME);
            int maxPoolSize = JiveGlobals.getIntProperty("xmpp.component.processing.threads", 16);
            ExecutorFilter executorFilter = new ExecutorFilter(getCorePoolSize(maxPoolSize), maxPoolSize, 60, TimeUnit.SECONDS);
            ThreadPoolExecutor eventExecutor = (ThreadPoolExecutor)executorFilter.getExecutor();
            ThreadFactory threadFactory = eventExecutor.getThreadFactory();
            threadFactory = new DelegatingThreadFactory("Component-Thread-", threadFactory);
            eventExecutor.setThreadFactory(threadFactory);
            componentAcceptor.getFilterChain().addFirst(EXECUTOR_FILTER_NAME, executorFilter);
            // Add the XMPP codec filter
            componentAcceptor.getFilterChain().addAfter(EXECUTOR_FILTER_NAME, XMPP_CODEC_FILTER_NAME, new ProtocolCodecFilter(new XMPPCodecFactory()));
        }
    }
    private void startComponentListener() {
        // Start components socket unless it's been disabled.
        if (isComponentListenerEnabled() && componentAcceptor != null &&
                componentAcceptor.getManagedSessionCount() == 0) {
            int port = getComponentListenerPort();
            try {
                // Listen on a specific network interface if it has been set.
                String interfaceName = JiveGlobals.getXMLProperty("network.interface");
                InetAddress bindInterface = null;
                if (interfaceName != null) {
                    if (interfaceName.trim().length() > 0) {
                        bindInterface = InetAddress.getByName(interfaceName);
                    }
                }
                // Start accepting connections
                componentAcceptor.setHandler(new ComponentConnectionHandler(serverName));
                componentAcceptor.bind(new InetSocketAddress(bindInterface, port));
                ports.add(new ServerPort(port, serverName, localIPAddress, false, null, ServerPort.Type.component));
-                List<String> params = new ArrayList<>();
+                List<String> params = new ArrayList<String>();
                params.add(Integer.toString(port));
                Log.info(LocaleUtils.getLocalizedString("startup.component", params));
            }
            catch (Exception e) {
                System.err.println("Error starting component listener on port " + port + ": " +
                        e.getMessage());
                Log.error(LocaleUtils.getLocalizedString("admin.error.socket-setup"), e);
            }
        }
    }
    private void stopComponentListener() {
        if (componentAcceptor != null) {
            componentAcceptor.unbind();
            for (ServerPort port : ports) {
                if (port.isComponentPort()) {
                    ports.remove(port);
                    break;
                }
            }
            componentAcceptor = null;
        }
    }
    private void createClientListeners() {
        // Start clients plain socket unless it's been disabled.
        if (isClientListenerEnabled()) {
            // Create SocketAcceptor with correct number of processors
            socketAcceptor = buildSocketAcceptor(CLIENT_SOCKET_ACCEPTOR_NAME);
            // Customize Executor that will be used by processors to process incoming stanzas
            int maxPoolSize = JiveGlobals.getIntProperty(ConnectionSettings.Client.MAX_THREADS, 16);
            ExecutorFilter executorFilter = new ExecutorFilter(getCorePoolSize(maxPoolSize), maxPoolSize, 60, TimeUnit.SECONDS);
            ThreadPoolExecutor eventExecutor = (ThreadPoolExecutor)executorFilter.getExecutor();
            ThreadFactory threadFactory = eventExecutor.getThreadFactory();
            threadFactory = new DelegatingThreadFactory("C2S-Thread-", threadFactory);
            eventExecutor.setThreadFactory(threadFactory);
            // Add the XMPP codec filter
            socketAcceptor.getFilterChain().addFirst(EXECUTOR_FILTER_NAME, executorFilter);
            socketAcceptor.getFilterChain().addAfter(EXECUTOR_FILTER_NAME, XMPP_CODEC_FILTER_NAME, new ProtocolCodecFilter(new XMPPCodecFactory()));
            // Kill sessions whose outgoing queues keep growing and fail to send traffic
            socketAcceptor.getFilterChain().addAfter(XMPP_CODEC_FILTER_NAME, CAPACITY_FILTER_NAME, new StalledSessionsFilter());
            // Throttle sessions who send data too fast
            int maxBufferSize = JiveGlobals.getIntProperty(ConnectionSettings.Client.MAX_READ_BUFFER, 10 * MB);
            socketAcceptor.getSessionConfig().setMaxReadBufferSize(maxBufferSize);
 	        Log.debug("Throttling read buffer for connections from socketAcceptor={} to max={} bytes",
 	                  socketAcceptor, maxBufferSize);
        }
    }
    private void startClientListeners(String localIPAddress) {
        // Start clients plain socket unless it's been disabled.
        if (isClientListenerEnabled()) {
            int port = getClientListenerPort();
            try {
                // Listen on a specific network interface if it has been set.
                String interfaceName = JiveGlobals.getXMLProperty("network.interface");
                InetAddress bindInterface = null;
                if (interfaceName != null) {
                    if (interfaceName.trim().length() > 0) {
                        bindInterface = InetAddress.getByName(interfaceName);
                    }
                }
                // Start accepting connections
                socketAcceptor.setHandler(new ClientConnectionHandler(serverName));
                socketAcceptor.bind(new InetSocketAddress(bindInterface, port));
                ports.add(new ServerPort(port, serverName, localIPAddress, false, null, ServerPort.Type.client));
-                List<String> params = new ArrayList<>();
+                List<String> params = new ArrayList<String>();
                params.add(Integer.toString(port));
                Log.info(LocaleUtils.getLocalizedString("startup.plain", params));
            }
            catch (Exception e) {
                System.err.println("Error starting XMPP listener on port " + port + ": " +
                        e.getMessage());
                Log.error(LocaleUtils.getLocalizedString("admin.error.socket-setup"), e);
            }
        }
    }
    private void stopClientListeners() {
        if (socketAcceptor != null) {
            socketAcceptor.unbind();
            for (ServerPort port : ports) {
                if (port.isClientPort() && !port.isSecure()) {
                    ports.remove(port);
                    break;
                }
            }
            socketAcceptor = null;
        }
    }
    private void createClientSSLListeners() {
        // Start clients SSL unless it's been disabled.
        if (isClientSSLListenerEnabled()) {
            int port = getClientSSLListenerPort();
            String algorithm = JiveGlobals.getProperty(ConnectionSettings.Client.TLS_ALGORITHM, "TLS");
            try {
                // Customize Executor that will be used by processors to process incoming stanzas
                int maxPoolSize = JiveGlobals.getIntProperty(ConnectionSettings.Client.MAX_THREADS_SSL, 16);
                ExecutorFilter executorFilter = new ExecutorFilter(getCorePoolSize(maxPoolSize), maxPoolSize, 60, TimeUnit.SECONDS);
                ThreadPoolExecutor eventExecutor = (ThreadPoolExecutor)executorFilter.getExecutor();
                ThreadFactory threadFactory = eventExecutor.getThreadFactory();
                threadFactory = new DelegatingThreadFactory("LegacySSL-Thread-", threadFactory);
                eventExecutor.setThreadFactory(threadFactory);
                // Create SocketAcceptor with correct number of processors
                sslSocketAcceptor = buildSocketAcceptor(CLIENT_SSL_SOCKET_ACCEPTOR_NAME);
                sslSocketAcceptor.getFilterChain().addFirst(EXECUTOR_FILTER_NAME, executorFilter);
                // Add the XMPP codec filter
                sslSocketAcceptor.getFilterChain().addAfter(EXECUTOR_FILTER_NAME, XMPP_CODEC_FILTER_NAME, new ProtocolCodecFilter(new XMPPCodecFactory()));
                // Kill sessions whose outgoing queues keep growing and fail to send traffic
                sslSocketAcceptor.getFilterChain().addAfter(XMPP_CODEC_FILTER_NAME, CAPACITY_FILTER_NAME, new StalledSessionsFilter());
 				// Throttle sessions who send data too fast
 				int maxBufferSize = JiveGlobals.getIntProperty(ConnectionSettings.Client.MAX_READ_BUFFER_SSL, 10 * MB);
 				sslSocketAcceptor.getSessionConfig().setMaxReadBufferSize(maxBufferSize);
 		        Log.debug("Throttling read buffer for connections from sslSocketAcceptor={} to max={} bytes",
 		                  sslSocketAcceptor, maxBufferSize);
                // Add the SSL filter now since sockets are "borned" encrypted in the old ssl method
                final IdentityStoreConfig identityStoreConfig = (IdentityStoreConfig) SSLConfig.getInstance().getStoreConfig( Purpose.SOCKETBASED_IDENTITYSTORE );
                final TrustStoreConfig trustStoreConfig = (TrustStoreConfig) SSLConfig.getInstance().getStoreConfig( Purpose.SOCKETBASED_C2S_TRUSTSTORE );
-                final SSLContext sslContext = SSLContext.getInstance( algorithm );
+                final SSLContext sslContext = SSLConfig.getSSLContext();
                sslContext.init( identityStoreConfig.getKeyManagers(), trustStoreConfig.getTrustManagers(), new java.security.SecureRandom());
                SslFilter sslFilter = new SslFilter(sslContext);
                if (JiveGlobals.getProperty(ConnectionSettings.Client.AUTH_PER_CLIENTCERT_POLICY,"disabled").equals("needed")) {
                    sslFilter.setNeedClientAuth(true);
                }
                else if(JiveGlobals.getProperty(ConnectionSettings.Client.AUTH_PER_CLIENTCERT_POLICY,"disabled").equals("wanted")) {
                    sslFilter.setWantClientAuth(true);
                }
                sslSocketAcceptor.getFilterChain().addAfter(EXECUTOR_FILTER_NAME, TLS_FILTER_NAME, sslFilter);
            }
            catch (Exception e) {
                System.err.println("Error starting SSL XMPP listener on port " + port + ": " +
                        e.getMessage());
                Log.error(LocaleUtils.getLocalizedString("admin.error.ssl"), e);
            }
        }
    }
    private void startClientSSLListeners(String localIPAddress) {
        // Start clients SSL unless it's been disabled.
        if (isClientSSLListenerEnabled()) {
            int port = getClientSSLListenerPort();
            try {
                // Listen on a specific network interface if it has been set.
                String interfaceName = JiveGlobals.getXMLProperty("network.interface");
                InetAddress bindInterface = null;
                if (interfaceName != null) {
                    if (interfaceName.trim().length() > 0) {
                        bindInterface = InetAddress.getByName(interfaceName);
                    }
                }
                // Start accepting connections
                sslSocketAcceptor.setHandler(new ClientConnectionHandler(serverName));
                sslSocketAcceptor.bind(new InetSocketAddress(bindInterface, port));
                ports.add(new ServerPort(port, serverName, localIPAddress, true, null, ServerPort.Type.client));
                List<String> params = new ArrayList<>();
                params.add(Integer.toString(port));
                Log.info(LocaleUtils.getLocalizedString("startup.ssl", params));
            }
            catch (Exception e) {
                System.err.println("Error starting SSL XMPP listener on port " + port + ": " +
                        e.getMessage());
                Log.error(LocaleUtils.getLocalizedString("admin.error.ssl"), e);
            }
        }
    }
    private void stopClientSSLListeners() {
        if (sslSocketAcceptor != null) {
            sslSocketAcceptor.unbind();
            for (ServerPort port : ports) {
                if (port.isClientPort() && port.isSecure()) {
                    ports.remove(port);
                    break;
                }
            }
            sslSocketAcceptor = null;
        }
    }
    private void restartClientSSLListeners() {
        if (!isSocketStarted) {
            return;
        }
        // Setup port info
        try {
            localIPAddress = InetAddress.getLocalHost().getHostAddress();
        }
        catch (UnknownHostException e) {
            if (localIPAddress == null) {
                localIPAddress = "Unknown";
            }
        }
        stopClientSSLListeners();
        createClientSSLListeners();
        startClientSSLListeners(localIPAddress);
    }
    @Override
    public Collection<ServerPort> getPorts() {
        return ports;
    }
    @Override
    public SocketReader createSocketReader(Socket sock, boolean isSecure, ServerPort serverPort,
            boolean useBlockingMode) throws IOException {
        if (serverPort.isServerPort()) {
            SocketConnection conn = new SocketConnection(deliverer, sock, isSecure);
            return new ServerSocketReader(router, routingTable, serverName, sock, conn,
                    useBlockingMode);
        }
        return null;
    }
    private void startHTTPBindListeners() {
        HttpBindManager.getInstance().start();
    }
    @Override
 	public void initialize(XMPPServer server) {
        super.initialize(server);
        serverName = server.getServerInfo().getXMPPDomain();
        router = server.getPacketRouter();
        routingTable = server.getRoutingTable();
        deliverer = server.getPacketDeliverer();
        sessionManager = server.getSessionManager();
        // Check if we need to configure MINA to use Direct or Heap Buffers
        // Note: It has been reported that heap buffers are 50% faster than direct buffers
        if (JiveGlobals.getBooleanProperty("xmpp.socket.heapBuffer", true)) {
            IoBuffer.setUseDirectBuffer(false);
            IoBuffer.setAllocator(new SimpleBufferAllocator());
        }
    }
    @Override
    public void enableClientListener(boolean enabled) {
        if (enabled == isClientListenerEnabled()) {
            // Ignore new setting
            return;
        }
        if (enabled) {
            JiveGlobals.setProperty(ConnectionSettings.Client.SOCKET_ACTIVE, "true");
            // Start the port listener for clients
            createClientListeners();
            startClientListeners(localIPAddress);
        }
        else {
            JiveGlobals.setProperty(ConnectionSettings.Client.SOCKET_ACTIVE, "false");
            // Stop the port listener for clients
            stopClientListeners();
        }
    }
    @Override
    public boolean isClientListenerEnabled() {
        return JiveGlobals.getBooleanProperty(ConnectionSettings.Client.SOCKET_ACTIVE, true);
    }
    @Override
    public void enableClientSSLListener(boolean enabled) {
        if (enabled == isClientSSLListenerEnabled()) {
            // Ignore new setting
            return;
        }
        if (enabled) {
            JiveGlobals.setProperty(ConnectionSettings.Client.ENABLE_OLD_SSLPORT, "true");
            // Start the port listener for secured clients
            createClientSSLListeners();
            startClientSSLListeners(localIPAddress);
        }
        else {
            JiveGlobals.setProperty(ConnectionSettings.Client.ENABLE_OLD_SSLPORT, "false");
            // Stop the port listener for secured clients
            stopClientSSLListeners();
        }
    }
    @Override
    public boolean isClientSSLListenerEnabled() {
        try {
            return JiveGlobals.getBooleanProperty(ConnectionSettings.Client.ENABLE_OLD_SSLPORT, false) && SSLConfig.getStore( Purpose.SOCKETBASED_IDENTITYSTORE ).size() > 0;
        } catch (KeyStoreException e) {
            return false;
        }
    }
    @Override
    public void enableComponentListener(boolean enabled) {
        if (enabled == isComponentListenerEnabled()) {
            // Ignore new setting
            return;
        }
        if (enabled) {
            JiveGlobals.setProperty(ConnectionSettings.Component.SOCKET_ACTIVE, "true");
            // Start the port listener for external components
            createComponentListener();
            startComponentListener();
        }
        else {
            JiveGlobals.setProperty(ConnectionSettings.Component.SOCKET_ACTIVE, "false");
            // Stop the port listener for external components
            stopComponentListener();
        }
    }
    @Override
    public boolean isComponentListenerEnabled() {
        return JiveGlobals.getBooleanProperty(ConnectionSettings.Component.SOCKET_ACTIVE, false);
    }
    @Override
    public void enableServerListener(boolean enabled) {
        if (enabled == isServerListenerEnabled()) {
            // Ignore new setting
            return;
        }
        if (enabled) {
            JiveGlobals.setProperty(ConnectionSettings.Server.SOCKET_ACTIVE, "true");
            // Start the port listener for s2s communication
            createServerListener(localIPAddress);
            startServerListener();
        }
        else {
            JiveGlobals.setProperty(ConnectionSettings.Server.SOCKET_ACTIVE, "false");
            // Stop the port listener for s2s communication
            stopServerListener();
        }
    }
    @Override
    public boolean isServerListenerEnabled() {
        return JiveGlobals.getBooleanProperty(ConnectionSettings.Server.SOCKET_ACTIVE, true);
    }
    @Override
    public void enableConnectionManagerListener(boolean enabled) {
        if (enabled == isConnectionManagerListenerEnabled()) {
            // Ignore new setting
            return;
        }
        if (enabled) {
            JiveGlobals.setProperty(ConnectionSettings.Multiplex.SOCKET_ACTIVE, "true");
            // Start the port listener for s2s communication
            createConnectionManagerListener();
            startConnectionManagerListener(localIPAddress);
        }
        else {
            JiveGlobals.setProperty(ConnectionSettings.Multiplex.SOCKET_ACTIVE, "false");
            // Stop the port listener for s2s communication
            stopConnectionManagerListener();
        }
    }
    @Override
    public boolean isConnectionManagerListenerEnabled() {
        return JiveGlobals.getBooleanProperty(ConnectionSettings.Multiplex.SOCKET_ACTIVE, false);
    }
    @Override
    public void setClientListenerPort(int port) {
        if (port == getClientListenerPort()) {
            // Ignore new setting
            return;
        }
        JiveGlobals.setProperty(ConnectionSettings.Client.PORT, String.valueOf(port));
        // Stop the port listener for clients
        stopClientListeners();
        if (isClientListenerEnabled()) {
            // Start the port listener for clients
            createClientListeners();
            startClientListeners(localIPAddress);
        }
    }
    public NioSocketAcceptor getSocketAcceptor() {
        return socketAcceptor;
    }
    @Override
    public int getClientListenerPort() {
        return JiveGlobals.getIntProperty(ConnectionSettings.Client.PORT, DEFAULT_PORT);
    }
    public NioSocketAcceptor getSSLSocketAcceptor() {
        return sslSocketAcceptor;
    }
    @Override
    public void setClientSSLListenerPort(int port) {
        if (port == getClientSSLListenerPort()) {
            // Ignore new setting
            return;
        }
        JiveGlobals.setProperty(ConnectionSettings.Client.OLD_SSLPORT, String.valueOf(port));
        // Stop the port listener for secured clients
        stopClientSSLListeners();
        if (isClientSSLListenerEnabled()) {
            // Start the port listener for secured clients
            createClientSSLListeners();
            startClientSSLListeners(localIPAddress);
        }
    }
    @Override
    public int getClientSSLListenerPort() {
        return JiveGlobals.getIntProperty(ConnectionSettings.Client.OLD_SSLPORT, DEFAULT_SSL_PORT);
    }
    @Override
    public void setComponentListenerPort(int port) {
        if (port == getComponentListenerPort()) {
            // Ignore new setting
            return;
        }
        JiveGlobals.setProperty(ConnectionSettings.Component.PORT, String.valueOf(port));
        // Stop the port listener for external components
        stopComponentListener();
        if (isComponentListenerEnabled()) {
            // Start the port listener for external components
            createComponentListener();
            startComponentListener();
        }
    }
    public NioSocketAcceptor getComponentAcceptor() {
        return componentAcceptor;
    }
    @Override
    public int getComponentListenerPort() {
        return JiveGlobals.getIntProperty(ConnectionSettings.Component.PORT, DEFAULT_COMPONENT_PORT);
    }
    @Override
    public void setServerListenerPort(int port) {
        if (port == getServerListenerPort()) {
            // Ignore new setting
            return;
        }
        JiveGlobals.setProperty(ConnectionSettings.Server.PORT, String.valueOf(port));
        // Stop the port listener for s2s communication
        stopServerListener();
        if (isServerListenerEnabled()) {
            // Start the port listener for s2s communication
            createServerListener(localIPAddress);
            startServerListener();
        }
    }
    @Override
    public int getServerListenerPort() {
        return JiveGlobals.getIntProperty(ConnectionSettings.Server.PORT, DEFAULT_SERVER_PORT);
    }
    public NioSocketAcceptor getMultiplexerSocketAcceptor() {
        return multiplexerSocketAcceptor;
    }
    @Override
    public void setConnectionManagerListenerPort(int port) {
        if (port == getConnectionManagerListenerPort()) {
            // Ignore new setting
            return;
        }
        JiveGlobals.setProperty(ConnectionSettings.Multiplex.PORT, String.valueOf(port));
        // Stop the port listener for connection managers
        stopConnectionManagerListener();
        if (isConnectionManagerListenerEnabled()) {
            // Start the port listener for connection managers
            createConnectionManagerListener();
            startConnectionManagerListener(localIPAddress);
        }
    }
    @Override
    public int getConnectionManagerListenerPort() {
        return JiveGlobals.getIntProperty(ConnectionSettings.Multiplex.PORT, DEFAULT_MULTIPLEX_PORT);
    }
    // #####################################################################
    // Certificates events
    // #####################################################################
    @Override
    public void certificateCreated(KeyStore keyStore, String alias, X509Certificate cert) {
        restartClientSSLListeners();
    }
    @Override
    public void certificateDeleted(KeyStore keyStore, String alias) {
        restartClientSSLListeners();
    }
    @Override
    public void certificateSigned(KeyStore keyStore, String alias, List<X509Certificate> certificates) {
        restartClientSSLListeners();
    }
    // #####################################################################
    // Property events
    // #####################################################################
    @Override
    public void propertySet( String property, Map<String, Object> params ) {
        processPropertyValueChange( property, params );
    }
    @Override
    public void propertyDeleted( String property, Map<String, Object> params ) {
        processPropertyValueChange( property, params );
    }
    @Override
    public void xmlPropertySet( String property, Map<String, Object> params ) {
        processPropertyValueChange( property, params );
    }
    @Override
    public void xmlPropertyDeleted( String property, Map<String, Object> params ) {
        processPropertyValueChange( property, params );
    }
    private void processPropertyValueChange( String property, Map<String, Object> params ) {
        Log.debug( "Processing property value change for '"+property +"'." );
        if ("xmpp.client.cert.policy".equalsIgnoreCase( property )) {
            restartClientSSLListeners();
        }
    }
    private NioSocketAcceptor buildSocketAcceptor(String name) {
        NioSocketAcceptor socketAcceptor;
        // Create SocketAcceptor with correct number of processors
        int processorCount = JiveGlobals.getIntProperty("xmpp.processor.count", Runtime.getRuntime().availableProcessors());
        socketAcceptor = new NioSocketAcceptor(processorCount);
        // Set that it will be possible to bind a socket if there is a connection in the timeout state
        socketAcceptor.setReuseAddress(true);
        // Set the listen backlog (queue) length. Default is 50.
        socketAcceptor.setBacklog(JiveGlobals.getIntProperty("xmpp.socket.backlog", 50));
        // Set default (low level) settings for new socket connections
        SocketSessionConfig socketSessionConfig = socketAcceptor.getSessionConfig();
        //socketSessionConfig.setKeepAlive();
        int receiveBuffer = JiveGlobals.getIntProperty("xmpp.socket.buffer.receive", -1);
        if (receiveBuffer > 0 ) {
            socketSessionConfig.setReceiveBufferSize(receiveBuffer);
        }
        int sendBuffer = JiveGlobals.getIntProperty("xmpp.socket.buffer.send", -1);
        if (sendBuffer > 0 ) {
            socketSessionConfig.setSendBufferSize(sendBuffer);
        }
        int linger = JiveGlobals.getIntProperty("xmpp.socket.linger", -1);
        if (linger > 0 ) {
            socketSessionConfig.setSoLinger(linger);
        }
        socketSessionConfig.setTcpNoDelay(
                JiveGlobals.getBooleanProperty("xmpp.socket.tcp-nodelay", socketSessionConfig.isTcpNoDelay()));
        if (JMXManager.isEnabled()) {
        	configureJMX(socketAcceptor, name);
        }
        return socketAcceptor;
    }
    private void configureJMX(NioSocketAcceptor acceptor, String suffix) {
        final String prefix = IoServiceMBean.class.getPackage().getName();
        // monitor the IoService
        try {
            IoServiceMBean mbean = new IoServiceMBean(acceptor);
            MBeanServer mbs = ManagementFactory.getPlatformMBeanServer();  
            ObjectName name = new ObjectName(prefix + ":type=SocketAcceptor,name=" + suffix);
            mbs.registerMBean( mbean, name );
 //        	mbean.startCollectingStats(JiveGlobals.getIntProperty("xmpp.socket.jmx.interval", 60000));
    	} catch (JMException ex) {
    		Log.warn("Failed to register MINA acceptor mbean (JMX): " + ex);
    	}
    	// optionally register IoSession mbeans (one per session)
    	if (JiveGlobals.getBooleanProperty("xmpp.socket.jmx.sessions", false)) {
 	    	acceptor.addListener(new IoServiceListener() {
 	    	    @Override
-                public void sessionCreated(IoSession session) {
+	    	    public void sessionCreated(IoSession session) {
 	    	        try {
                        IoSessionMBean mbean = new IoSessionMBean(session);
 	    	            MBeanServer mbs = ManagementFactory.getPlatformMBeanServer();  
 	    	            ObjectName name = new ObjectName(prefix + ":type=IoSession,name=" + 
 	    	            					session.getRemoteAddress().toString().replace(':', '/'));
 	    	            mbs.registerMBean(mbean, name);
 	    	        } catch(JMException ex) {
 	    	            Log.warn("Failed to register MINA session mbean (JMX): " + ex);
 	    	        }      
 	    	    }
 	    	    @Override
-                public void sessionDestroyed(IoSession session) {
+	    	    public void sessionDestroyed(IoSession session) {
 	    	        try {
 	    	            ObjectName name = new ObjectName(prefix + ":type=IoSession,name=" + 
 	    	            					session.getRemoteAddress().toString().replace(':', '/'));
 	    	            ManagementFactory.getPlatformMBeanServer().unregisterMBean(name);
 	    	        } catch(JMException ex) {
 	    	            Log.warn("Failed to unregister MINA session mbean (JMX): " + ex);
 	    	        }      
 	    	    }
                @Override
                public void serviceActivated(IoService service) throws Exception { }
                @Override
                public void serviceDeactivated(IoService service) throws Exception { }
                @Override
                public void serviceIdle(IoService service, IdleStatus idleStatus) throws Exception { }
 	    	});
    	}
    }
 	private int getCorePoolSize(int maxPoolSize) {
 		return (maxPoolSize/4)+1;
 	}
 	// #####################################################################
    // Module management
    // #####################################################################
    @Override
 	public void start() {
        super.start();
        createListeners();
        startListeners();
        SocketSendingTracker.getInstance().start();
        CertificateManager.addListener(this);
    }
    @Override
 	public void stop() {
        super.stop();
        stopClientListeners();
        stopClientSSLListeners();
        stopComponentListener();
        stopConnectionManagerListener();
        stopServerListener();
        HttpBindManager.getInstance().stop();
        SocketSendingTracker.getInstance().shutdown();
        CertificateManager.removeListener(this);
        serverName = null;
    }
    private static class DelegatingThreadFactory implements ThreadFactory {
        private final AtomicInteger threadId;
        private final ThreadFactory originalThreadFactory;
        private String threadNamePrefix;
        public DelegatingThreadFactory(String threadNamePrefix, ThreadFactory originalThreadFactory) {
            this.originalThreadFactory = originalThreadFactory;
            threadId = new AtomicInteger(0);
            this.threadNamePrefix = threadNamePrefix;
        }
        @Override
        public Thread newThread(Runnable runnable)
        {
            Thread t = originalThreadFactory.newThread(runnable);
            t.setName(threadNamePrefix + threadId.incrementAndGet());
            t.setDaemon(true);
            return t;
        }
    }
 }
--- a/src/java/org/jivesoftware/util/SimpleSSLSocketFactory.java
+++ b/src/java/org/jivesoftware/util/SimpleSSLSocketFactory.java
@@ -40,6 +40,7 @@ import java.security.cert.X509Certificate;
 import java.util.Comparator;
+import org.jivesoftware.openfire.net.SSLConfig;
 import org.jivesoftware.openfire.session.ConnectionSettings;
 /**
@@ -57,12 +58,11 @@ public class SimpleSSLSocketFactory extends SSLSocketFactory implements Comparat
    public SimpleSSLSocketFactory() {
        try {
-            String algorithm = JiveGlobals.getProperty( ConnectionSettings.Client.TLS_ALGORITHM, "TLS" );
+            final SSLContext sslContext = SSLConfig.getSSLContext();
-            SSLContext sslcontent = SSLContext.getInstance(algorithm);
+            sslContext.init(null, // KeyManager not required
-            sslcontent.init(null, // KeyManager not required
                            new TrustManager[] { new DummyTrustManager() },
                            new java.security.SecureRandom());
-            factory = sslcontent.getSocketFactory();
+            factory = sslContext.getSocketFactory();
        }
        catch (NoSuchAlgorithmException | KeyManagementException e) {
            Log.error(e.getMessage(), e);