Lines Matching +full:runtime +full:- +full:versions
6 [gRPC CVE Process]: https://github.com/grpc/proposal/blob/master/P4-grpc-cve-process.md
21 [Play Services Provider](#tls-on-android) and for non-Android systems we
22 recommend [netty-tcnative with
23 BoringSSL](#tls-with-netty-tcnative-on-boringssl).
28 Provider][] to ensure your application has an up-to-date OpenSSL library with
29 the necessary cipher-suites and a reliable ALPN implementation. This requires
30 [updating the security provider at runtime][config-psdsp].
35 Dynamic Security Provider for all Android versions.
42 … Provider]: https://www.appfoundry.be/blog/2014/11/18/Google-Play-Services-Dynamic-Security-Provid…
43 [config-psdsp]: https://developer.android.com/training/articles/security-gms-provider.html
49 on [Maven Central][conscrypt-maven].
62 [conscrypt-maven]: https://search.maven.org/#search%7Cga%7C1%7Cg%3Aorg.conscrypt%20a%3Aconscrypt-an…
64 ## TLS on non-Android
66 OpenJDK versions prior to Java 8u252 do not support ALPN. Java 8 has 10% the
69 We recommend most users use grpc-netty-shaded, which includes netty-tcnative on
70 BoringSSL. It includes pre-built libraries for 64 bit Windows, OS X, and 64 bit
74 For users of xDS management protocol, the grpc-netty-shaded transport is
76 protocol and is a runtime dependency of grpc-xds.
78 For users of grpc-netty we recommend [netty-tcnative with
79 BoringSSL](#tls-with-netty-tcnative-on-boringssl), although using the built-in
80 JDK support in Java 9+, [Conscrypt](#tls-with-conscrypt), and [netty-tcnative
81 with OpenSSL](#tls-with-netty-tcnative-on-openssl) are other valid options.
83 [Netty TCNative](https://github.com/netty/netty-tcnative) is a fork of
84 [Apache Tomcat's tcnative](https://tomcat.apache.org/native-doc/) and is a JNI
90 ### TLS with netty-tcnative on BoringSSL
92 Netty-tcnative with BoringSSL includes BoringSSL statically linked in the
93 binary. This means the system's pre-installed TLS libraries will not be used.
95 security vulnerabilities may want to use [netty-tcnative on
96 OpenSSL](#tls-with-netty-tcnative-on-openssl) instead.
98 Users of grpc-netty-shaded will automatically use netty-tcnative with
101 grpc-netty users will need to add the appropriate
102 `netty-tcnative-boringssl-static` artifact to the application's classpath.
105 Depending on netty-tcnative-boringssl-static will include binaries for all
112 <artifactId>netty-tcnative-boringssl-static</artifactId>
113 <version>2.0.20.Final</version> <!-- See table for correct version -->
114 <scope>runtime</scope>
124 runtime 'io.netty:netty-tcnative-boringssl-static:2.0.20.Final'
129 platform you need: `windows-x86_64`, `osx-x86_64`, `linux-x86_64`. You can also
130 use [os-maven-plugin](https://github.com/trustin/os-maven-plugin) or
131 [osdetector-gradle-plugin](https://github.com/google/osdetector-gradle-plugin),
134 ### TLS with netty-tcnative on OpenSSL
137 your OS's OpenSSL version is recent and kept up-to-date with security fixes.
141 To use OpenSSL you will use the `netty-tcnative` artifact. It requires:
144 2. [Apache APR library (libapr-1)](https://apr.apache.org/) version >= 1.5.2.
146 You must specify a classifier for the correct netty-tcnative binary:
147 `windows-x86_64`, `osx-x86_64`, `linux-x86_64`, or `linux-x86_64-fedora`.
152 [os-maven-plugin](https://github.com/trustin/os-maven-plugin) to help simplify
160 <artifactId>netty-tcnative</artifactId>
161 <version>2.0.20.Final</version> <!-- see table for correct version -->
163 <scope>runtime</scope>
169 <!-- Use os-maven-plugin to initialize the "os.detected" properties -->
172 <artifactId>os-maven-plugin</artifactId>
177 <!-- Use Ant to configure the appropriate "tcnative.classifier" property -->
180 <artifactId>maven-antrun-plugin</artifactId>
188 value="${os.detected.classifier}-fedora"
206 [osdetector-gradle-plugin](https://github.com/google/osdetector-gradle-plugin).
214 classpath 'com.google.gradle:osdetector-gradle-plugin:1.4.0'
218 // Use the osdetector-gradle-plugin
223 // (see http://netty.io/wiki/forked-tomcat-native.html).
225 tcnative_classifier += "-fedora";
229 runtime 'io.netty:netty-tcnative:2.0.20.Final:' + tcnative_classifier
236 security APIs based on BoringSSL. Pre-built binaries are available for 32 and
239 Depend on `conscrypt-openjdk-uber` for binaries of all supported JRE platforms.
240 For projects sensitive to binary size, depend on `conscrypt-openjdk` and
241 specify the appropriate classifier. `os-maven-plugin` and
242 `osdetector-gradle-plugin` may also be used. See the documentation for
243 [netty-tcnative-boringssl-static](#tls-with-netty-tcnative-on-boringssl) for
277 [Mutual authentication][] (or "client-side authentication") configuration is similar to the server …
303 // certificate. Avoid exposing low-level details (like SSLSession) and
304 // instead provide a higher-level concept like "authenticated user."
311 [Mutual authentication]: http://en.wikipedia.org/wiki/Transport_Layer_Security#Client-authenticated…
316 - ALPN related dependencies are either not present in the classpath
317 - or that there is a classpath conflict
318 - or that a wrong version is used due to dependency management
319 - or you are on an unsupported platform (e.g., 32-bit OS). See [Transport
320 Security](#transport-security-tls) for supported platforms.
323 If you aren't using gRPC on Android devices, you are most likely using `grpc-netty` transport.
325 …roid and have a dependency on `grpc-netty`, you should remove it as `grpc-netty` is unsupported on…
327 If you are on a 32-bit operating system, using Java 11+ may be the easiest
328 solution, as ALPN was added to Java in Java 9. If on 32-bit Windows, [Conscrypt
329 is an option](#tls-with-conscrypt). Otherwise you need to [build your own 32-bit
331 `netty-tcnative`](https://netty.io/wiki/forked-tomcat-native.html#wiki-h2-6).
334 such file or directory". Run `apk update && apk add libc6-compat` to install the
337 If on Alpine Linux, try to use `grpc-netty-shaded` instead of `grpc-netty` or
338 (if you need `grpc-netty`) `netty-tcnative-boringssl-static` instead of
339 `netty-tcnative`. If those are not an option, you may consider using
340 [netty-tcnative-alpine](https://github.com/pires/netty-tcnative-alpine).
343 file: No such file or directory". Run `dnf -y install libxcrypt-compat` to
347 `io.grpc:grpc-netty-shaded` instead of `io.grpc:grpc-netty`, although this also
348 limits your usage of the Netty-specific APIs. `io.grpc:grpc-netty-shaded`
349 includes the proper version of Netty and `netty-tcnative-boringssl-static` in a
352 Find the dependency tree (e.g., `mvn dependency:tree`), and look for versions of:
353 - `io.grpc:grpc-netty`
354 - `io.netty:netty-handler` (really, make sure all of io.netty except for
355 netty-tcnative has the same version)
356 - `io.netty:netty-tcnative-boringssl-static:jar`
358 If `netty-tcnative-boringssl-static` is missing, then you either need to add it as a dependency, or…
360 …-handler` and `netty-tcnative-boringssl-static` dependencies, then check the versions carefully. T…
362 …-all`, that are pulled in from other libraries, then ultimately you should make sure only one `net…
364 …runtime environment that also uses Netty (e.g., Hadoop, Spark, Spring Boot 2) and you have no cont…
365 - Remove `io.grpc:grpc-netty` dependency
366 - Add `io.grpc:grpc-netty-shaded` dependency
370 grpc-netty version | netty-handler version | netty-tcnative-boringssl-static version
371 ------------------ |-----------------------| ---------------------------------------
372 1.0.0-1.0.1 | 4.1.3.Final | 1.1.33.Fork19
373 1.0.2-1.0.3 | 4.1.6.Final | 1.1.33.Fork23
374 1.1.x-1.3.x | 4.1.8.Final | 1.1.33.Fork26
378 1.7.x-1.8.x | 4.1.16.Final | 2.0.6.Final
379 1.9.x-1.10.x | 4.1.17.Final | 2.0.7.Final
380 1.11.x-1.12.x | 4.1.22.Final | 2.0.7.Final
382 1.14.x-1.15.x | 4.1.27.Final | 2.0.12.Final
383 1.16.x-1.17.x | 4.1.30.Final | 2.0.17.Final
384 1.18.x-1.19.x | 4.1.32.Final | 2.0.20.Final
385 1.20.x-1.21.x | 4.1.34.Final | 2.0.22.Final
387 1.23.x-1.24.x | 4.1.38.Final | 2.0.25.Final
388 1.25.x-1.27.x | 4.1.42.Final | 2.0.26.Final
390 1.29.x-1.31.x | 4.1.48.Final | 2.0.30.Final
391 1.32.x-1.34.x | 4.1.51.Final | 2.0.31.Final
392 1.35.x-1.41.x | 4.1.52.Final | 2.0.34.Final
393 1.42.x-1.43.x | 4.1.63.Final | 2.0.38.Final
394 1.44.x-1.47.x | 4.1.72.Final | 2.0.46.Final
395 1.48.x-1.49.x | 4.1.77.Final | 2.0.53.Final
396 1.50.x-1.53.x | 4.1.79.Final | 2.0.54.Final
397 1.54.x-1.55.x | 4.1.87.Final | 2.0.56.Final
398 1.56.x- | 4.1.87.Final | 2.0.61.Final
400 _(grpc-netty-shaded avoids issues with keeping these versions in sync.)_
404 `grpc-okhttp` transport.
407 `io.grpc:grpc-okhttp`. If you don't have `grpc-okhttp`, you should add it as a
416 …th a service account. The credentials are loaded from a key stored in a well-known location or by …