iDempiere currently requires Conscrypt, which is a Google library that is only available for architectures that we consider unsafe or impractical for ERP systems. As of today, Conscrypt is only available on x86 (unsafe, ME/PSP), ARM (impractical), and MIPS (unusable).
This hard dependency on a Google library that requires the Android SDK to even build should be removed ASAP.
This should be an optional dependency since 1) JSSE does works fine for dev although it is a bit slow and 2) for production environment, this is not necessary when using together with nginx or apache proxy (proxy with java server sitting behind non-public network is also the more common setup). I don’t agree though that x86_64 is unsafe for ERP server and this needs to be removed ASAP.
Carlos Ruiz
October 22, 2019 at 9:15 AM
Thanks @Hiep Lq - in past we talked about this and defined that alpn and conscrypt must be optionally added by implementor, not forced in core.
This is mostly because the recommended approach to access the web server is via a proxy using apache or nginx and the proxies access the server using http - so all the effort and pain to maintain alpn (and now conscrypt) is to support an scenario not recommended.
iDempiere currently requires Conscrypt, which is a Google library that is only available for architectures that we consider unsafe or impractical for ERP systems. As of today, Conscrypt is only available on x86 (unsafe, ME/PSP), ARM (impractical), and MIPS (unusable).
This hard dependency on a Google library that requires the Android SDK to even build should be removed ASAP.