One alternative to worrying about SSL in your Java application is a confrontation like nginx ( http://wiki.nginx.org/SSL-Offloader ) as a reverse proxy.
This has the advantage of your application, which does not need to worry about SSL, but requires another layer in your stack.
Clients will connect to the nginx server instead of directly accessing your client, and nginx will redirect these connections to your Thrift server.
To do this, you do not necessarily need two different servers, just configure the Thrift server only for listening on localhost (127.0.0.1 for ipv4) and listen to nginx on the external interfaces and go to the local host.
Edit: client -> server in the last paragraph
Bryan
source share