Details

    • Type: Bug Bug
    • Status: Resolved
    • Priority: Major Major
    • Resolution: Fixed
    • Affects Version/s: 3.1.2
    • Fix Version/s: 4.0
    • Component/s: grizzly-kernel
    • Labels:
      None
    • Environment:

      Linux 32 bits / JDK 7u3

      Description

      We used https with GF-2.1 and Java6 and it worked fine, until we got TLS-1.2 clients. We upgraded to JDK 7, which supports TLSv1.2, and this solved our problem.
      However, after an upgrade to GF-3.1.2, this does not work anymore.
      I have tried to set https.protocols=TLSv1.2 in JMV properties, but this does not work.

      Admin console only has a boolean parameter "Enable TLS" which is quite rough. It would be nice to define protocols like cipher suites, by cherry picking.

      We managed to use TLSv1.2 (as a proof of concept) in a small test program inspired from grizzly-embed-samples v1.9.50. Source code sample :

      final GrizzlyWebServer ws = new GrizzlyWebServer( port, path, true );
      ws.setSSLConfig( getSSLConfig() ); // nothing important in there : only keystore & truststore

      // THIS is required (at least the last protocol actually) :
      ( ( SSLSelectorThread ) ws.getSelectorThread() ).setEnabledProtocols( new String[]

      { "TLSv1", "TLSv1.1", "TLSv1.2" }

      );

      Tried also to patch class com.sun.enterprise.web.connector.coyote.PECoyoteConnector.configureSSL() in web-glue.jar (by replacing "TLSv1" with "TLSv1, TLSv1.1, TLSv1.2", but this does seem to work either.

        Activity

        Hide
        oleksiys added a comment -

        fixed in GF 4.0

        Show
        oleksiys added a comment - fixed in GF 4.0
        Hide
        oleksiys added a comment -
        Show
        oleksiys added a comment - grizzly issue http://java.net/jira/browse/GRIZZLY-1306
        Hide
        oleksiys added a comment -

        pls. try this patch. (for GF 3.1.2.2).
        copy the attached file to gfv3/glassfish/modules folder.

        Show
        oleksiys added a comment - pls. try this patch. (for GF 3.1.2.2). copy the attached file to gfv3/glassfish/modules folder.

          People

          • Assignee:
            oleksiys
            Reporter:
            momaison
          • Votes:
            0 Vote for this issue
            Watchers:
            4 Start watching this issue

            Dates

            • Created:
              Updated:
              Resolved: