Issue Details (XML | Word | Printable)

Key: GLASSFISH-18949
Type: Bug Bug
Status: Resolved Resolved
Resolution: Fixed
Priority: Major Major
Assignee: oleksiys
Reporter: momaison
Votes: 0
Watchers: 3
Operations

If you were logged in you would be able to see more operations.
glassfish

Unable to use protocol TLSv1.2

Created: 26/Jul/12 09:34 AM   Updated: 12/Mar/13 08:25 PM   Resolved: 12/Mar/13 08:25 PM
Component/s: grizzly-kernel
Affects Version/s: 3.1.2
Fix Version/s: 4.0

Time Tracking:
Not Specified

File Attachments: 1. Java Archive File grizzly-config.jar (100 kB) 27/Jul/12 09:28 PM - oleksiys

Environment:

Linux 32 bits / JDK 7u3


Tags:
Participants: momaison and oleksiys


 Description  « Hide

We used https with GF-2.1 and Java6 and it worked fine, until we got TLS-1.2 clients. We upgraded to JDK 7, which supports TLSv1.2, and this solved our problem.
However, after an upgrade to GF-3.1.2, this does not work anymore.
I have tried to set https.protocols=TLSv1.2 in JMV properties, but this does not work.

Admin console only has a boolean parameter "Enable TLS" which is quite rough. It would be nice to define protocols like cipher suites, by cherry picking.

We managed to use TLSv1.2 (as a proof of concept) in a small test program inspired from grizzly-embed-samples v1.9.50. Source code sample :

final GrizzlyWebServer ws = new GrizzlyWebServer( port, path, true );
ws.setSSLConfig( getSSLConfig() ); // nothing important in there : only keystore & truststore

// THIS is required (at least the last protocol actually) :
( ( SSLSelectorThread ) ws.getSelectorThread() ).setEnabledProtocols( new String[]{ "TLSv1", "TLSv1.1", "TLSv1.2" } );

Tried also to patch class com.sun.enterprise.web.connector.coyote.PECoyoteConnector.configureSSL() in web-glue.jar (by replacing "TLSv1" with "TLSv1, TLSv1.1, TLSv1.2", but this does seem to work either.



Sort Order: Ascending order - Click to sort in descending order
oleksiys made changes - 27/Jul/12 09:28 PM
Field Original Value New Value
Attachment grizzly-config.jar [ 50711 ]
oleksiys made changes - 12/Mar/13 08:25 PM
Status Open [ 1 ] Resolved [ 5 ]
Fix Version/s 4.0 [ 10970 ]
Resolution Fixed [ 1 ]