users@glassfish.java.net

Re: Glassfish V2 RC4 doesn't work with IE 6 SP2 and SSL

From: Ryan de Laplante <ryan_at_ijws.com>
Date: Thu, 30 Aug 2007 13:45:16 -0400

Here is what I tried:

<http-listener acceptor-threads="1" address="xxx.xxx.xxx.xxx"
blocking-enabled="true" default-virtual-server="server" enabled="true"
family="inet" id="http-listener-2" port="443" security-enabled="true"
server-name="" xpowered-by="true">
    <ssl cert-nickname="s1as" client-auth-enabled="false"
ssl2-enabled="false" ssl3-enabled="false" tls-enabled="true"
tls-rollback-enabled="true"/>
    <property name="blocking" value="true"/>
</http-listener>
       
Note that I masked the IP address for this post. The blocking-enabled
attribute of the http-listener element was set to false. I changed it
to true. I also added the <property name="blocking" value="true"/> line
as you suggested. After restarting the app server, this did not fix
the problem. IE6 still can't display the page.


I have created the following ticket:

https://glassfish.dev.java.net/issues/show_bug.cgi?id=3567

I did not assign it to you because I could not figure out what your
username is.

I think this is a show stopper bug. IE6 + SSL is a very common requirement.


Thanks,
Ryan


Jeanfrancois Arcand wrote:
>
>
> Ryan de Laplante wrote:
>> I manually edited the domain.xml based on what you've told me to try,
>> and restarted. This did not solve the problem.
>>
>
> OK Thanks for the test. Just to make sure, you added in under:
>
> <http-listener ... port=443">
> <property name="blocking" value="true"/>
> </http-listener>
>
> If yes, then there is a bug in the way Grizzly is configured
> (fortunately this time is not in Grizzly, so less risky). Can you file
> a bug under the security category and assign it to me? FCS is coming
> fast and I will make my best to have a fix for FCS.
>
> Thanks
>
> -- Jeanfrancois
>
>>
>> Thanks,
>> Ryan
>>
>> Jeanfrancois Arcand wrote:
>>> Salut,
>>>
>>> Ryan de Laplante wrote:
>>>> I went to Configurations> server-config> HTTP Service> HTTP
>>>> Listeners> http-listener-2, then in the "Additional Properties"
>>>> section I added a blocking-enabled for the name, and true for the
>>>> value. After saving this did not make a difference. Next I
>>>> restarted the application server, and it still does not work in
>>>> IE6. I will now remove that property.
>>>
>>> I was talking about the attribute on the <http-listener...> (which
>>> is missing from the gui ;-)...kind of a bug :-)). The property name
>>> is blocking and should be reflected in domain.xml as:
>>>
>>> <property name="blocking" value="true"/>
>>>
>>>>
>>>>
>>>> It's running on Debian Linux with JDK 1.5.0_12-b04. The
>>>> GlassfishV2 beta 2 works fine with IE 6 + SSL on the same computer.
>>>
>>> Thanks for the info. Most probably we have a regression.
>>>
>>>>
>>>>
>>>> If you would like to see the web app in IE 6, and log into the
>>>> Glassfish admin console, I can arrange that. It is a not a
>>>> production server.
>>>>
>>>
>>> So far the info you are giving as quite good.
>>>
>>> Thanks
>>>
>>> -- Jeanfrancois
>>>
>>>>
>>>> Thanks,
>>>> Ryan
>>>>
>>>>
>>>> Jeanfrancois Arcand wrote:
>>>>> Hi,
>>>>>
>>>>> if you set the http-listener's attribute blocking-enabled="true"
>>>>> on port 443, does it work? If yes, can you file a bug:
>>>>>
>>>>> https://glassfish.dev.java.net/servlets/ProjectIssues
>>>>>
>>>>> Which platform the server runs on?
>>>>>
>>>>> Thanks
>>>>>
>>>>> -- Jeanfrancois
>>>>>
>>>>> Ryan de Laplante wrote:
>>>>>> Here are some interesting things from the server log with web
>>>>>> container logging set to fine:
>>>>>>
>>>>>> Timestamp
>>>>>> Aug 30, 2007 11:15:16.421
>>>>>> Log Level
>>>>>> FINE
>>>>>> Logger
>>>>>> javax.enterprise.system.container.web
>>>>>> Name-Value Pairs
>>>>>>
>>>>>> _ThreadID=18;_ThreadName=httpSSLWorkerThread-443-1;ClassName=com.sun.enterprise.web.connector.grizzly.DefaultReadTask;MethodName=manageKeepAlive;_RequestID=0789559f-00ec-4478-add4-e613b6fb4637;
>>>>>>
>>>>>> Record Number
>>>>>> 2225
>>>>>> Message ID
>>>>>> SocketChannel Read Exception
>>>>>> Complete Message
>>>>>> javax.net.ssl.SSLHandshakeException: Client requested
>>>>>> protocol SSLv3 not enabled or not supported at
>>>>>> com.sun.net.ssl.internal.ssl.Handshaker.checkThrown(Handshaker.java:994)
>>>>>> at
>>>>>> com.sun.net.ssl.internal.ssl.SSLEngineImpl.checkTaskThrown(SSLEngineImpl.java:459)
>>>>>> at
>>>>>> com.sun.net.ssl.internal.ssl.SSLEngineImpl.writeAppRecord(SSLEngineImpl.java:1058)
>>>>>> at
>>>>>> com.sun.net.ssl.internal.ssl.SSLEngineImpl.wrap(SSLEngineImpl.java:1030)
>>>>>> at javax.net.ssl.SSLEngine.wrap(SSLEngine.java:411) at
>>>>>> com.sun.enterprise.web.connector.grizzly.ssl.SSLUtils.wrap(SSLUtils.java:360)
>>>>>> at
>>>>>> com.sun.enterprise.web.connector.grizzly.ssl.SSLUtils.doHandshake(SSLUtils.java:489)
>>>>>> at
>>>>>> com.sun.enterprise.web.connector.grizzly.ssl.SSLReadTask.doHandshake(SSLReadTask.java:289)
>>>>>> at
>>>>>> com.sun.enterprise.web.connector.grizzly.ssl.SSLReadTask.doTask(SSLReadTask.java:212)
>>>>>> at
>>>>>> com.sun.enterprise.web.connector.grizzly.TaskBase.run(TaskBase.java:265)
>>>>>> at
>>>>>> com.sun.enterprise.web.connector.grizzly.ssl.SSLWorkerThread.run(SSLWorkerThread.java:106)
>>>>>> Caused by: javax.net.ssl.SSLHandshakeException: Client requested
>>>>>> protocol SSLv3 not enabled or not supported at
>>>>>> com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Alerts.java:150)
>>>>>> at
>>>>>> com.sun.net.ssl.internal.ssl.SSLEngineImpl.fatal(SSLEngineImpl.java:1356)
>>>>>> at
>>>>>> com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Handshaker.java:176)
>>>>>> at
>>>>>> com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Handshaker.java:164)
>>>>>> at
>>>>>> com.sun.net.ssl.internal.ssl.ServerHandshaker.clientHello(ServerHandshaker.java:294)
>>>>>> at
>>>>>> com.sun.net.ssl.internal.ssl.ServerHandshaker.processMessage(ServerHandshaker.java:178)
>>>>>> at
>>>>>> com.sun.net.ssl.internal.ssl.Handshaker.processLoop(Handshaker.java:495)
>>>>>> at
>>>>>> com.sun.net.ssl.internal.ssl.Handshaker$1.run(Handshaker.java:437)
>>>>>> at java.security.AccessController.doPrivileged(Native Method) at
>>>>>> com.sun.net.ssl.internal.ssl.Handshaker$DelegatedTask.run(Handshaker.java:932)
>>>>>> at
>>>>>> com.sun.enterprise.web.connector.grizzly.ssl.SSLUtils.executeDelegatedTask(SSLUtils.java:393)
>>>>>> at
>>>>>> com.sun.enterprise.web.connector.grizzly.ssl.SSLUtils.doHandshake(SSLUtils.java:468)
>>>>>> ... 4 more
>>>>>>
>>>>>>
>>>>>>
>>>>>> Timestamp
>>>>>> Aug 30, 2007 11:15:17.313
>>>>>> Log Level
>>>>>> FINE
>>>>>> Logger
>>>>>> javax.enterprise.system.container.web
>>>>>> Name-Value Pairs
>>>>>>
>>>>>> _ThreadID=19;_ThreadName=httpSSLWorkerThread-443-0;ClassName=com.sun.enterprise.web.connector.grizzly.DefaultReadTask;MethodName=manageKeepAlive;_RequestID=60a45aa3-2321-4cb2-b519-d9fdbc40afd7;
>>>>>>
>>>>>> Record Number
>>>>>> 2226
>>>>>> Message ID
>>>>>> SocketChannel Read Exception
>>>>>> Complete Message
>>>>>> javax.net.ssl.SSLException: Unsupported SSL v2.0 ClientHello
>>>>>> at
>>>>>> com.sun.net.ssl.internal.ssl.InputRecord.handleUnknownRecord(InputRecord.java:469)
>>>>>> at
>>>>>> com.sun.net.ssl.internal.ssl.InputRecord.read(InputRecord.java:355)
>>>>>> at
>>>>>> com.sun.net.ssl.internal.ssl.EngineInputRecord.read(EngineInputRecord.java:290)
>>>>>> at
>>>>>> com.sun.net.ssl.internal.ssl.SSLEngineImpl.readRecord(SSLEngineImpl.java:844)
>>>>>> at
>>>>>> com.sun.net.ssl.internal.ssl.SSLEngineImpl.readNetRecord(SSLEngineImpl.java:787)
>>>>>> at
>>>>>> com.sun.net.ssl.internal.ssl.SSLEngineImpl.unwrap(SSLEngineImpl.java:663)
>>>>>> at javax.net.ssl.SSLEngine.unwrap(SSLEngine.java:566) at
>>>>>> com.sun.enterprise.web.connector.grizzly.ssl.SSLUtils.unwrap(SSLUtils.java:343)
>>>>>> at
>>>>>> com.sun.enterprise.web.connector.grizzly.ssl.SSLUtils.doHandshake(SSLUtils.java:454)
>>>>>> at
>>>>>> com.sun.enterprise.web.connector.grizzly.ssl.SSLReadTask.doHandshake(SSLReadTask.java:289)
>>>>>> at
>>>>>> com.sun.enterprise.web.connector.grizzly.ssl.SSLReadTask.doTask(SSLReadTask.java:212)
>>>>>> at
>>>>>> com.sun.enterprise.web.connector.grizzly.TaskBase.run(TaskBase.java:265)
>>>>>> at
>>>>>> com.sun.enterprise.web.connector.grizzly.ssl.SSLWorkerThread.run(SSLWorkerThread.java:106)
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>> Ryan de Laplante wrote:
>>>>>>> Today I noticed that I cannot access my SSL web application on
>>>>>>> GlassfishV2 RC4 using IE 6.0. I haven't tried IE 6 since
>>>>>>> upgrading to RC4, but know ithat IE6 used to work before. It
>>>>>>> works fine in IE 7, and Firefox. IE 6 shows "Cannot find
>>>>>>> server or DNS error". We've tried it on 5 separate computers
>>>>>>> with the same result.
>>>>>>>
>>>>>>>
>>>>>>> I re-generated the SSL certificate on Glassfish and restarted.
>>>>>>> That did not solve the problem.
>>>>>>> The URL is on the Internet. If a Sun employee would like to see
>>>>>>> for themselves, please email me directly.
>>>>>>>
>>>>>>>
>>>>>>> Thanks,
>>>>>>> Ryan
>>>>>>>
>>>>>>> ---------------------------------------------------------------------
>>>>>>>
>>>>>>> To unsubscribe, e-mail: users-unsubscribe_at_glassfish.dev.java.net
>>>>>>> For additional commands, e-mail: users-help_at_glassfish.dev.java.net
>>>>>>>
>>>>>>>
>>>>>>
>>>>>> ---------------------------------------------------------------------
>>>>>>
>>>>>> To unsubscribe, e-mail: users-unsubscribe_at_glassfish.dev.java.net
>>>>>> For additional commands, e-mail: users-help_at_glassfish.dev.java.net
>>>>>>
>>>>>
>>>>> ---------------------------------------------------------------------
>>>>> To unsubscribe, e-mail: users-unsubscribe_at_glassfish.dev.java.net
>>>>> For additional commands, e-mail: users-help_at_glassfish.dev.java.net
>>>>>
>>>>>
>>>>
>>>> ---------------------------------------------------------------------
>>>> To unsubscribe, e-mail: users-unsubscribe_at_glassfish.dev.java.net
>>>> For additional commands, e-mail: users-help_at_glassfish.dev.java.net
>>>>
>>>
>>> ---------------------------------------------------------------------
>>> To unsubscribe, e-mail: users-unsubscribe_at_glassfish.dev.java.net
>>> For additional commands, e-mail: users-help_at_glassfish.dev.java.net
>>>
>>>
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: users-unsubscribe_at_glassfish.dev.java.net
>> For additional commands, e-mail: users-help_at_glassfish.dev.java.net
>>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe_at_glassfish.dev.java.net
> For additional commands, e-mail: users-help_at_glassfish.dev.java.net
>
>
© Oracle | By contributing to this project, you are agreeing to the terms of use described here.