[GLASSFISH-19350] GlassFish admin GUI stores "+com.sun.webui.jsf.separator" as one of the selected cipher suites Created: 15/Nov/12  Updated: 02/Apr/13  Resolved: 02/Apr/13

Status: Resolved
Project: glassfish
Component/s: admin_gui
Affects Version/s: 3.1.2.2
Fix Version/s: 4.0_b83

Type: Bug Priority: Major
Reporter: rdelaplante Assignee: Anissa Lam
Resolution: Fixed Votes: 0
Labels: None
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified
Environment:

GlassFish 3.1.2.2, Windows 7 professional, JDK 7



 Description   

I chose "select all" for all cipher suites in the http-listener-2 SSL tab and saved. After seeing warnings about unrecognized ciphers I tried to remove all, but it left one or two items in each list on the right including a "---------------" separator. It also looked like the list on the left now had duplicate items. When I pressed save I saw the following in the glassfish log:

INFO: Grizzly Framework 1.9.50 started in: 0ms - bound to [0.0.0.0:8181]
INFO: WEB0169: Created HTTP listener [http-listener-2] on host/port [0.0.0.0:8181]
WARNING: WEB0309: Unrecognized cipher: com.sun.webui.jsf.separator

This is what is in the domain.xml:

<ssl ssl3-tls-ciphers="+SSL_RSA_WITH_RC4_128_SHA,+TLS_RSA_WITH_AES_128_CBC_SHA,+SSL_RSA_WITH_RC4_128_MD5,+SSL_RSA_WITH_3DES_EDE_CBC_SHA,+com.sun.webui.jsf.separator"

Also, are the + characters supposed to be there? Not according to this ticket which says it is resolved:

http://java.net/jira/browse/GLASSFISH-12289



 Comments   
Comment by rdelaplante [ 15/Nov/12 ]

FYI I don't understand the purpose of the "----------" separator. Why are some items above, some items below, and when I say "remove all", it left the separator and one cipher?

Comment by Anissa Lam [ 12/Feb/13 ]

Fix by HCF (3/25)

Comment by Anissa Lam [ 12/Feb/13 ]

Issues need to be addressed before 4.0 HCF (3/25)

Comment by Anissa Lam [ 27/Mar/13 ]

First, the "+" sign is required when preserving the cipher name in domain.xml for backward compatibility.
I don't think Ryan marked GLASSFISH-12289 as resolved means that the '+' sign is no longer needed.

GUI is calling list-supported-cipher-suites to get the entire list to be displayed on screen, and then grouped them to 4 different groups. There is a bug in the grouping that some of them happens to be put in more than 1 group.
Still working on the solution to this.

Comment by Anissa Lam [ 02/Apr/13 ]

Fixed to ensure that the cipher name will not appear in more than 1 group.

Log Message:
------------
GLASSFISH-19350. Fix ssl ciphers selections.

Revisions:
----------
61085

Modified Paths:
---------------
trunk/main/appserver/admingui/common/src/main/java/org/glassfish/admingui/common/handlers/NewSSLHandlers.java

Generated at Fri Sep 04 15:31:42 UTC 2015 using JIRA 6.2.3#6260-sha1:63ef1d6dac3f4f4d7db4c1effd405ba38ccdc558.