users@glassfish.java.net

Re: Glassfish V2 RC4 doesn't work with IE 6 SP2 and SSL

From: Ryan de Laplante <ryan_at_ijws.com>
Date: Thu, 30 Aug 2007 14:56:28 -0400

> More to come :-)
>
> Many Thanks :-)

I have been very impressed with Sun's quick response time to bugs I have
found in Glassfish and NetBeans, and also to questions I have on the
mailing lists. Thank you!

I put the section of config file that I modified back to the way it was,
and commented out the line you mentioned. It now works with IE6. Will
the release on Sept 17 have this issue resolved, or do you think users
will have to manually edit the domain.xml file to use IE6 + SSL?


Thanks,
Ryan


Jeanfrancois Arcand wrote:
>
>
> Ryan de Laplante wrote:
>> Here is what I tried:
>>
>> <http-listener acceptor-threads="1" address="xxx.xxx.xxx.xxx"
>> blocking-enabled="true" default-virtual-server="server"
>> enabled="true" family="inet" id="http-listener-2" port="443"
>> security-enabled="true" server-name="" xpowered-by="true">
>> <ssl cert-nickname="s1as" client-auth-enabled="false"
>> ssl2-enabled="false" ssl3-enabled="false" tls-enabled="true"
>> tls-rollback-enabled="true"/>
>> <property name="blocking" value="true"/>
>> </http-listener>
>> Note that I masked the IP address for this post. The
>> blocking-enabled attribute of the http-listener element was set to
>> false. I changed it to true. I also added the <property
>> name="blocking" value="true"/> line as you suggested. After
>> restarting the app server, this did not fix the problem. IE6 still
>> can't display the page.
>>
>>
>> I have created the following ticket:
>>
>> https://glassfish.dev.java.net/issues/show_bug.cgi?id=3567
>>
>> I did not assign it to you because I could not figure out what your
>> username is.
>>
>> I think this is a show stopper bug. IE6 + SSL is a very common
>> requirement.
>
> Thanks! jfarcand is my ID. This is a regression introduced when:
>
> http://bugs.sun.com/bugdatabase/view_bug.do?bug_id=2148021
>
> SSL configuration in IE 6 isn't the same as Mozilla and IE 7. I'm
> asking for more info about why that line was added:
>
> <ssl cert-nickname="s1as" ssl3-enabled="false"/>
>
> More to come :-)
>
> Many Thanks :-)
>
> -- Jeanfrancois
>
>
>>
>>
>> Thanks,
>> Ryan
>>
>>
>> Jeanfrancois Arcand wrote:
>>>
>>>
>>> Ryan de Laplante wrote:
>>>> I manually edited the domain.xml based on what you've told me to
>>>> try, and restarted. This did not solve the problem.
>>>>
>>>
>>> OK Thanks for the test. Just to make sure, you added in under:
>>>
>>> <http-listener ... port=443">
>>> <property name="blocking" value="true"/>
>>> </http-listener>
>>>
>>> If yes, then there is a bug in the way Grizzly is configured
>>> (fortunately this time is not in Grizzly, so less risky). Can you
>>> file a bug under the security category and assign it to me? FCS is
>>> coming fast and I will make my best to have a fix for FCS.
>>>
>>> Thanks
>>>
>>> -- Jeanfrancois
>>>
>>>>
>>>> Thanks,
>>>> Ryan
>>>>
>>>> Jeanfrancois Arcand wrote:
>>>>> Salut,
>>>>>
>>>>> Ryan de Laplante wrote:
>>>>>> I went to Configurations> server-config> HTTP Service> HTTP
>>>>>> Listeners> http-listener-2, then in the "Additional Properties"
>>>>>> section I added a blocking-enabled for the name, and true for the
>>>>>> value. After saving this did not make a difference. Next I
>>>>>> restarted the application server, and it still does not work in
>>>>>> IE6. I will now remove that property.
>>>>>
>>>>> I was talking about the attribute on the <http-listener...> (which
>>>>> is missing from the gui ;-)...kind of a bug :-)). The property
>>>>> name is blocking and should be reflected in domain.xml as:
>>>>>
>>>>> <property name="blocking" value="true"/>
>>>>>
>>>>>>
>>>>>>
>>>>>> It's running on Debian Linux with JDK 1.5.0_12-b04. The
>>>>>> GlassfishV2 beta 2 works fine with IE 6 + SSL on the same computer.
>>>>>
>>>>> Thanks for the info. Most probably we have a regression.
>>>>>
>>>>>>
>>>>>>
>>>>>> If you would like to see the web app in IE 6, and log into the
>>>>>> Glassfish admin console, I can arrange that. It is a not a
>>>>>> production server.
>>>>>>
>>>>>
>>>>> So far the info you are giving as quite good.
>>>>>
>>>>> Thanks
>>>>>
>>>>> -- Jeanfrancois
>>>>>
>>>>>>
>>>>>> Thanks,
>>>>>> Ryan
>>>>>>
>>>>>>
>>>>>> Jeanfrancois Arcand wrote:
>>>>>>> Hi,
>>>>>>>
>>>>>>> if you set the http-listener's attribute blocking-enabled="true"
>>>>>>> on port 443, does it work? If yes, can you file a bug:
>>>>>>>
>>>>>>> https://glassfish.dev.java.net/servlets/ProjectIssues
>>>>>>>
>>>>>>> Which platform the server runs on?
>>>>>>>
>>>>>>> Thanks
>>>>>>>
>>>>>>> -- Jeanfrancois
>>>>>>>
>>>>>>> Ryan de Laplante wrote:
>>>>>>>> Here are some interesting things from the server log with web
>>>>>>>> container logging set to fine:
>>>>>>>>
>>>>>>>> Timestamp
>>>>>>>> Aug 30, 2007 11:15:16.421
>>>>>>>> Log Level
>>>>>>>> FINE
>>>>>>>> Logger
>>>>>>>> javax.enterprise.system.container.web
>>>>>>>> Name-Value Pairs
>>>>>>>>
>>>>>>>> _ThreadID=18;_ThreadName=httpSSLWorkerThread-443-1;ClassName=com.sun.enterprise.web.connector.grizzly.DefaultReadTask;MethodName=manageKeepAlive;_RequestID=0789559f-00ec-4478-add4-e613b6fb4637;
>>>>>>>>
>>>>>>>> Record Number
>>>>>>>> 2225
>>>>>>>> Message ID
>>>>>>>> SocketChannel Read Exception
>>>>>>>> Complete Message
>>>>>>>> javax.net.ssl.SSLHandshakeException: Client requested
>>>>>>>> protocol SSLv3 not enabled or not supported at
>>>>>>>> com.sun.net.ssl.internal.ssl.Handshaker.checkThrown(Handshaker.java:994)
>>>>>>>> at
>>>>>>>> com.sun.net.ssl.internal.ssl.SSLEngineImpl.checkTaskThrown(SSLEngineImpl.java:459)
>>>>>>>> at
>>>>>>>> com.sun.net.ssl.internal.ssl.SSLEngineImpl.writeAppRecord(SSLEngineImpl.java:1058)
>>>>>>>> at
>>>>>>>> com.sun.net.ssl.internal.ssl.SSLEngineImpl.wrap(SSLEngineImpl.java:1030)
>>>>>>>> at javax.net.ssl.SSLEngine.wrap(SSLEngine.java:411) at
>>>>>>>> com.sun.enterprise.web.connector.grizzly.ssl.SSLUtils.wrap(SSLUtils.java:360)
>>>>>>>> at
>>>>>>>> com.sun.enterprise.web.connector.grizzly.ssl.SSLUtils.doHandshake(SSLUtils.java:489)
>>>>>>>> at
>>>>>>>> com.sun.enterprise.web.connector.grizzly.ssl.SSLReadTask.doHandshake(SSLReadTask.java:289)
>>>>>>>> at
>>>>>>>> com.sun.enterprise.web.connector.grizzly.ssl.SSLReadTask.doTask(SSLReadTask.java:212)
>>>>>>>> at
>>>>>>>> com.sun.enterprise.web.connector.grizzly.TaskBase.run(TaskBase.java:265)
>>>>>>>> at
>>>>>>>> com.sun.enterprise.web.connector.grizzly.ssl.SSLWorkerThread.run(SSLWorkerThread.java:106)
>>>>>>>> Caused by: javax.net.ssl.SSLHandshakeException: Client
>>>>>>>> requested protocol SSLv3 not enabled or not supported at
>>>>>>>> com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Alerts.java:150)
>>>>>>>> at
>>>>>>>> com.sun.net.ssl.internal.ssl.SSLEngineImpl.fatal(SSLEngineImpl.java:1356)
>>>>>>>> at
>>>>>>>> com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Handshaker.java:176)
>>>>>>>> at
>>>>>>>> com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Handshaker.java:164)
>>>>>>>> at
>>>>>>>> com.sun.net.ssl.internal.ssl.ServerHandshaker.clientHello(ServerHandshaker.java:294)
>>>>>>>> at
>>>>>>>> com.sun.net.ssl.internal.ssl.ServerHandshaker.processMessage(ServerHandshaker.java:178)
>>>>>>>> at
>>>>>>>> com.sun.net.ssl.internal.ssl.Handshaker.processLoop(Handshaker.java:495)
>>>>>>>> at
>>>>>>>> com.sun.net.ssl.internal.ssl.Handshaker$1.run(Handshaker.java:437)
>>>>>>>> at java.security.AccessController.doPrivileged(Native Method)
>>>>>>>> at
>>>>>>>> com.sun.net.ssl.internal.ssl.Handshaker$DelegatedTask.run(Handshaker.java:932)
>>>>>>>> at
>>>>>>>> com.sun.enterprise.web.connector.grizzly.ssl.SSLUtils.executeDelegatedTask(SSLUtils.java:393)
>>>>>>>> at
>>>>>>>> com.sun.enterprise.web.connector.grizzly.ssl.SSLUtils.doHandshake(SSLUtils.java:468)
>>>>>>>> ... 4 more
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>> Timestamp
>>>>>>>> Aug 30, 2007 11:15:17.313
>>>>>>>> Log Level
>>>>>>>> FINE
>>>>>>>> Logger
>>>>>>>> javax.enterprise.system.container.web
>>>>>>>> Name-Value Pairs
>>>>>>>>
>>>>>>>> _ThreadID=19;_ThreadName=httpSSLWorkerThread-443-0;ClassName=com.sun.enterprise.web.connector.grizzly.DefaultReadTask;MethodName=manageKeepAlive;_RequestID=60a45aa3-2321-4cb2-b519-d9fdbc40afd7;
>>>>>>>>
>>>>>>>> Record Number
>>>>>>>> 2226
>>>>>>>> Message ID
>>>>>>>> SocketChannel Read Exception
>>>>>>>> Complete Message
>>>>>>>> javax.net.ssl.SSLException: Unsupported SSL v2.0
>>>>>>>> ClientHello at
>>>>>>>> com.sun.net.ssl.internal.ssl.InputRecord.handleUnknownRecord(InputRecord.java:469)
>>>>>>>> at
>>>>>>>> com.sun.net.ssl.internal.ssl.InputRecord.read(InputRecord.java:355)
>>>>>>>> at
>>>>>>>> com.sun.net.ssl.internal.ssl.EngineInputRecord.read(EngineInputRecord.java:290)
>>>>>>>> at
>>>>>>>> com.sun.net.ssl.internal.ssl.SSLEngineImpl.readRecord(SSLEngineImpl.java:844)
>>>>>>>> at
>>>>>>>> com.sun.net.ssl.internal.ssl.SSLEngineImpl.readNetRecord(SSLEngineImpl.java:787)
>>>>>>>> at
>>>>>>>> com.sun.net.ssl.internal.ssl.SSLEngineImpl.unwrap(SSLEngineImpl.java:663)
>>>>>>>> at javax.net.ssl.SSLEngine.unwrap(SSLEngine.java:566) at
>>>>>>>> com.sun.enterprise.web.connector.grizzly.ssl.SSLUtils.unwrap(SSLUtils.java:343)
>>>>>>>> at
>>>>>>>> com.sun.enterprise.web.connector.grizzly.ssl.SSLUtils.doHandshake(SSLUtils.java:454)
>>>>>>>> at
>>>>>>>> com.sun.enterprise.web.connector.grizzly.ssl.SSLReadTask.doHandshake(SSLReadTask.java:289)
>>>>>>>> at
>>>>>>>> com.sun.enterprise.web.connector.grizzly.ssl.SSLReadTask.doTask(SSLReadTask.java:212)
>>>>>>>> at
>>>>>>>> com.sun.enterprise.web.connector.grizzly.TaskBase.run(TaskBase.java:265)
>>>>>>>> at
>>>>>>>> com.sun.enterprise.web.connector.grizzly.ssl.SSLWorkerThread.run(SSLWorkerThread.java:106)
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>> Ryan de Laplante wrote:
>>>>>>>>> Today I noticed that I cannot access my SSL web application on
>>>>>>>>> GlassfishV2 RC4 using IE 6.0. I haven't tried IE 6 since
>>>>>>>>> upgrading to RC4, but know ithat IE6 used to work before. It
>>>>>>>>> works fine in IE 7, and Firefox. IE 6 shows "Cannot find
>>>>>>>>> server or DNS error". We've tried it on 5 separate computers
>>>>>>>>> with the same result.
>>>>>>>>>
>>>>>>>>>
>>>>>>>>> I re-generated the SSL certificate on Glassfish and
>>>>>>>>> restarted. That did not solve the problem.
>>>>>>>>> The URL is on the Internet. If a Sun employee would like to
>>>>>>>>> see for themselves, please email me directly.
>>>>>>>>>
>>>>>>>>>
>>>>>>>>> Thanks,
>>>>>>>>> Ryan
>>>>>>>>>
>>>>>>>>> ---------------------------------------------------------------------
>>>>>>>>>
>>>>>>>>> To unsubscribe, e-mail: users-unsubscribe_at_glassfish.dev.java.net
>>>>>>>>> For additional commands, e-mail:
>>>>>>>>> users-help_at_glassfish.dev.java.net
>>>>>>>>>
>>>>>>>>>
>>>>>>>>
>>>>>>>> ---------------------------------------------------------------------
>>>>>>>>
>>>>>>>> To unsubscribe, e-mail: users-unsubscribe_at_glassfish.dev.java.net
>>>>>>>> For additional commands, e-mail: users-help_at_glassfish.dev.java.net
>>>>>>>>
>>>>>>>
>>>>>>> ---------------------------------------------------------------------
>>>>>>>
>>>>>>> To unsubscribe, e-mail: users-unsubscribe_at_glassfish.dev.java.net
>>>>>>> For additional commands, e-mail: users-help_at_glassfish.dev.java.net
>>>>>>>
>>>>>>>
>>>>>>
>>>>>> ---------------------------------------------------------------------
>>>>>>
>>>>>> To unsubscribe, e-mail: users-unsubscribe_at_glassfish.dev.java.net
>>>>>> For additional commands, e-mail: users-help_at_glassfish.dev.java.net
>>>>>>
>>>>>
>>>>> ---------------------------------------------------------------------
>>>>> To unsubscribe, e-mail: users-unsubscribe_at_glassfish.dev.java.net
>>>>> For additional commands, e-mail: users-help_at_glassfish.dev.java.net
>>>>>
>>>>>
>>>>
>>>> ---------------------------------------------------------------------
>>>> To unsubscribe, e-mail: users-unsubscribe_at_glassfish.dev.java.net
>>>> For additional commands, e-mail: users-help_at_glassfish.dev.java.net
>>>>
>>>
>>> ---------------------------------------------------------------------
>>> To unsubscribe, e-mail: users-unsubscribe_at_glassfish.dev.java.net
>>> For additional commands, e-mail: users-help_at_glassfish.dev.java.net
>>>
>>>
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: users-unsubscribe_at_glassfish.dev.java.net
>> For additional commands, e-mail: users-help_at_glassfish.dev.java.net
>>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe_at_glassfish.dev.java.net
> For additional commands, e-mail: users-help_at_glassfish.dev.java.net
>
>