Question 1

How to hot reload SSL certificates with Ayza?

Accepted Answer

Use SSLFactory with swappable identity and trust material, then call SSLFactoryUtils.reload() to update at runtime. The README provides examples for servers like Jetty and Netty, ensuring no downtime during certificate rotations.

Question 2

Ayza vs traditional Java SSL configuration

Accepted Answer

Ayza simplifies configuration by abstracting SSLContext creation and supporting multiple materials, whereas traditional Java requires manual KeyManager and TrustManager setup. It's better for complex scenarios like hot reloading, but may add overhead for basic uses.

Question 3

How to load PEM files in Ayza?

Accepted Answer

Add the ayza-for-pem dependency and use PemUtils.loadIdentityMaterial() or loadTrustMaterial() with file paths or streams. The README shows examples for encrypted PEMs and string content, making it flexible for various sources.

Question 4

Does Ayza support TLS 1.3?

Accepted Answer

Yes, Ayza supports TLS 1.3 and allows protocol customization via the builder API. The README specifies using .withProtocols("TLSv1.3") for Java 11+ environments, ensuring modern encryption standards.

Question 5

How to use Ayza with OkHttp?

Accepted Answer

Configure OkHttp by setting the SSLContext and hostname verifier from SSLFactory, similar to Apache HttpClient examples. The README lists tested HTTP clients, including OkHttp, with mapping utilities available.

Question 6

Can Ayza handle mutual authentication?

Accepted Answer

Yes, Ayza supports mutual TLS by loading both identity and trust materials. The README provides examples for two-way authentication, including identity routing for specific hosts and runtime updates.

Ayza

What is Ayza?

Overview

Use Cases

Best For

Related Projects

Found a gem we're missing?

Not Ideal For

Pros & Cons

Pros

Cons

Frequently Asked Questions