Details

    • Type: Bug Bug
    • Status: Resolved
    • Priority: Major Major
    • Resolution: Fixed
    • Affects Version/s: V3
    • Fix Version/s: v3.0.1
    • Component/s: grizzly-kernel
    • Labels:
      None
    • Environment:

      Operating System: All
      Platform: All

    • Issuezilla Id:
      11,618

      Description

      The SSL configuration page in admin GUI says: "If no cipher suite is added, ALL cipher suites will be
      chosen."

      But, when any app is run with no cipher suite explicitly configured, the following error is observed in
      the server log.
      [#|2010-02-
      26T16:11:55.318+0530|WARNING|glassfishv3.0|com.sun.grizzly.config.GrizzlyServiceListener|_ThreadI
      D=27;_ThreadName=http-thread-pool-8181(3);|pewebcontainer.all_ssl_ciphers_disabled|#]

      This essentially means that no cipher suites are configured.

      The correct behavior must be to enable a default set which is returned by
      SSLSocketFactory.getDefault().getDefaultCipherSuites(), when there are no cipher suites enabled.

        Activity

        Hide
        Justin Lee added a comment -

        One problem here is that the key used to find the logging message in grizzly is
        out of sync with what's used in glassfish. I'ved updated that key to match and
        changed the logging level to FINE instead of warning. Here's what glassfish
        should be logging:

        WEB0308: All SSL cipher suites disabled for network-listener

        {0}, using SSL
        implementation specific default [{0}

        ]s

        So in the absence of any configured ciphers (and protocols), grizzly will use
        the defaults as defined by the JDK implementation.

        Given the logging level change (to reduce unnecessary chatter) and the
        explanation given by the message, I think this bug can be marked as
        closed/fixed. Does this satisfy everyone?

        Show
        Justin Lee added a comment - One problem here is that the key used to find the logging message in grizzly is out of sync with what's used in glassfish. I'ved updated that key to match and changed the logging level to FINE instead of warning. Here's what glassfish should be logging: WEB0308: All SSL cipher suites disabled for network-listener {0}, using SSL implementation specific default [{0} ]s So in the absence of any configured ciphers (and protocols), grizzly will use the defaults as defined by the JDK implementation. Given the logging level change (to reduce unnecessary chatter) and the explanation given by the message, I think this bug can be marked as closed/fixed. Does this satisfy everyone?
        Hide
        Justin Lee added a comment -

        alexey removed the logging of this message in grizzly commit 4303

        Show
        Justin Lee added a comment - alexey removed the logging of this message in grizzly commit 4303
        Hide
        Justin Lee added a comment -

        updated messages in grizzly commit 4307

        Show
        Justin Lee added a comment - updated messages in grizzly commit 4307
        Hide
        Justin Lee added a comment -

        updating target version to 3.0.1. Will require a grizzly integration whose exact
        version has not been formally stated. Probably another 1.9.18 mini-release but
        that needs to be decided soon.

        Show
        Justin Lee added a comment - updating target version to 3.0.1. Will require a grizzly integration whose exact version has not been formally stated. Probably another 1.9.18 mini-release but that needs to be decided soon.
        Hide
        HeinBloed added a comment - - edited

        Is it possible that this bug reappeared in GF 4.1 ...? At least I'm getting this log message with 4.1: "WARNING: All SSL cipher suites disabled for network-listener(s). Using SSL implementation specific defaults", although I didn't add any cipher suite in the admin GUI, as described above. I also stumbled across this thread: http://stackoverflow.com/questions/29726581/cant-use-localhost-version-of-glassfish-4-1-server-on-eclipse-luna, where someone else seems to get the same log message, presumably after not doing any (SSL) reconfigurations either.

        EDIT: Actually, I made one modification to the SSL settings (in http-listener-2), I replaced the default certificate with a self-made one.

        Show
        HeinBloed added a comment - - edited Is it possible that this bug reappeared in GF 4.1 ...? At least I'm getting this log message with 4.1: "WARNING: All SSL cipher suites disabled for network-listener(s). Using SSL implementation specific defaults", although I didn't add any cipher suite in the admin GUI, as described above. I also stumbled across this thread: http://stackoverflow.com/questions/29726581/cant-use-localhost-version-of-glassfish-4-1-server-on-eclipse-luna , where someone else seems to get the same log message, presumably after not doing any (SSL) reconfigurations either. EDIT: Actually, I made one modification to the SSL settings (in http-listener-2), I replaced the default certificate with a self-made one.

          People

          • Assignee:
            Justin Lee
            Reporter:
            nasradu8
          • Votes:
            0 Vote for this issue
            Watchers:
            4 Start watching this issue

            Dates

            • Created:
              Updated:
              Resolved: