users@glassfish.java.net

Re: Glassfish V2 RC4 doesn't work with IE 6 SP2 and SSL

From: Ryan de Laplante <ryan_at_ijws.com>
Date: Fri, 31 Aug 2007 22:33:26 -0400

That's great news, and your welcome! I accept cash, checks, and Sun
Ultra 20 workstations :)


Ryan


Jeanfrancois Arcand wrote:
> Hi,
>
> fixed now on FSC branch and trunk.
>
> Many many thanks for that!
>
> -- Jeanfrancois
>
> Jeanfrancois Arcand wrote:
>>
>>
>> Ryan de Laplante wrote:
>>>> More to come :-)
>>>>
>>>> Many Thanks :-)
>>>
>>> I have been very impressed with Sun's quick response time to bugs I
>>> have found in Glassfish and NetBeans, and also to questions I have
>>> on the mailing lists. Thank you!
>>
>> Thanks :-)
>>
>>>
>>> I put the section of config file that I modified back to the way it
>>> was, and commented out the line you mentioned. It now works with
>>> IE6. Will the release on Sept 17 have this issue resolved, or do
>>> you think users will have to manually edit the domain.xml file to
>>> use IE6 + SSL?
>>
>> We are working on it an I think it will make it for FCS (kind of
>> embarrassing to not support IE 6 by default :-)).
>>
>> More to come...
>>
>> -- Jeanfrancois
>>
>>
>>>
>>>
>>> Thanks,
>>> Ryan
>>>
>>>
>>> Jeanfrancois Arcand wrote:
>>>>
>>>>
>>>> Ryan de Laplante wrote:
>>>>> Here is what I tried:
>>>>>
>>>>> <http-listener acceptor-threads="1" address="xxx.xxx.xxx.xxx"
>>>>> blocking-enabled="true" default-virtual-server="server"
>>>>> enabled="true" family="inet" id="http-listener-2" port="443"
>>>>> security-enabled="true" server-name="" xpowered-by="true">
>>>>> <ssl cert-nickname="s1as" client-auth-enabled="false"
>>>>> ssl2-enabled="false" ssl3-enabled="false" tls-enabled="true"
>>>>> tls-rollback-enabled="true"/>
>>>>> <property name="blocking" value="true"/>
>>>>> </http-listener>
>>>>> Note that I masked the IP address for this post. The
>>>>> blocking-enabled attribute of the http-listener element was set to
>>>>> false. I changed it to true. I also added the <property
>>>>> name="blocking" value="true"/> line as you suggested. After
>>>>> restarting the app server, this did not fix the problem. IE6
>>>>> still can't display the page.
>>>>>
>>>>>
>>>>> I have created the following ticket:
>>>>>
>>>>> https://glassfish.dev.java.net/issues/show_bug.cgi?id=3567
>>>>>
>>>>> I did not assign it to you because I could not figure out what
>>>>> your username is.
>>>>>
>>>>> I think this is a show stopper bug. IE6 + SSL is a very common
>>>>> requirement.
>>>>
>>>> Thanks! jfarcand is my ID. This is a regression introduced when:
>>>>
>>>> http://bugs.sun.com/bugdatabase/view_bug.do?bug_id=2148021
>>>>
>>>> SSL configuration in IE 6 isn't the same as Mozilla and IE 7. I'm
>>>> asking for more info about why that line was added:
>>>>
>>>> <ssl cert-nickname="s1as" ssl3-enabled="false"/>
>>>>
>>>> More to come :-)
>>>>
>>>> Many Thanks :-)
>>>>
>>>> -- Jeanfrancois
>>>>
>>>>
>>>>>
>>>>>
>>>>> Thanks,
>>>>> Ryan
>>>>>
>>>>>
>>>>> Jeanfrancois Arcand wrote:
>>>>>>
>>>>>>
>>>>>> Ryan de Laplante wrote:
>>>>>>> I manually edited the domain.xml based on what you've told me to
>>>>>>> try, and restarted. This did not solve the problem.
>>>>>>>
>>>>>>
>>>>>> OK Thanks for the test. Just to make sure, you added in under:
>>>>>>
>>>>>> <http-listener ... port=443">
>>>>>> <property name="blocking" value="true"/>
>>>>>> </http-listener>
>>>>>>
>>>>>> If yes, then there is a bug in the way Grizzly is configured
>>>>>> (fortunately this time is not in Grizzly, so less risky). Can you
>>>>>> file a bug under the security category and assign it to me? FCS
>>>>>> is coming fast and I will make my best to have a fix for FCS.
>>>>>>
>>>>>> Thanks
>>>>>>
>>>>>> -- Jeanfrancois
>>>>>>
>>>>>>>
>>>>>>> Thanks,
>>>>>>> Ryan
>>>>>>>
>>>>>>> Jeanfrancois Arcand wrote:
>>>>>>>> Salut,
>>>>>>>>
>>>>>>>> Ryan de Laplante wrote:
>>>>>>>>> I went to Configurations> server-config> HTTP Service> HTTP
>>>>>>>>> Listeners> http-listener-2, then in the "Additional
>>>>>>>>> Properties" section I added a blocking-enabled for the name,
>>>>>>>>> and true for the value. After saving this did not make a
>>>>>>>>> difference. Next I restarted the application server, and it
>>>>>>>>> still does not work in IE6. I will now remove that property.
>>>>>>>>
>>>>>>>> I was talking about the attribute on the <http-listener...>
>>>>>>>> (which is missing from the gui ;-)...kind of a bug :-)). The
>>>>>>>> property name is blocking and should be reflected in domain.xml
>>>>>>>> as:
>>>>>>>>
>>>>>>>> <property name="blocking" value="true"/>
>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>> It's running on Debian Linux with JDK 1.5.0_12-b04. The
>>>>>>>>> GlassfishV2 beta 2 works fine with IE 6 + SSL on the same
>>>>>>>>> computer.
>>>>>>>>
>>>>>>>> Thanks for the info. Most probably we have a regression.
>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>> If you would like to see the web app in IE 6, and log into the
>>>>>>>>> Glassfish admin console, I can arrange that. It is a not a
>>>>>>>>> production server.
>>>>>>>>>
>>>>>>>>
>>>>>>>> So far the info you are giving as quite good.
>>>>>>>>
>>>>>>>> Thanks
>>>>>>>>
>>>>>>>> -- Jeanfrancois
>>>>>>>>
>>>>>>>>>
>>>>>>>>> Thanks,
>>>>>>>>> Ryan
>>>>>>>>>
>>>>>>>>>
>>>>>>>>> Jeanfrancois Arcand wrote:
>>>>>>>>>> Hi,
>>>>>>>>>>
>>>>>>>>>> if you set the http-listener's attribute
>>>>>>>>>> blocking-enabled="true" on port 443, does it work? If yes,
>>>>>>>>>> can you file a bug:
>>>>>>>>>>
>>>>>>>>>> https://glassfish.dev.java.net/servlets/ProjectIssues
>>>>>>>>>>
>>>>>>>>>> Which platform the server runs on?
>>>>>>>>>>
>>>>>>>>>> Thanks
>>>>>>>>>>
>>>>>>>>>> -- Jeanfrancois
>>>>>>>>>>
>>>>>>>>>> Ryan de Laplante wrote:
>>>>>>>>>>> Here are some interesting things from the server log with
>>>>>>>>>>> web container logging set to fine:
>>>>>>>>>>>
>>>>>>>>>>> Timestamp
>>>>>>>>>>> Aug 30, 2007 11:15:16.421
>>>>>>>>>>> Log Level
>>>>>>>>>>> FINE
>>>>>>>>>>> Logger
>>>>>>>>>>> javax.enterprise.system.container.web
>>>>>>>>>>> Name-Value Pairs
>>>>>>>>>>>
>>>>>>>>>>> _ThreadID=18;_ThreadName=httpSSLWorkerThread-443-1;ClassName=com.sun.enterprise.web.connector.grizzly.DefaultReadTask;MethodName=manageKeepAlive;_RequestID=0789559f-00ec-4478-add4-e613b6fb4637;
>>>>>>>>>>>
>>>>>>>>>>> Record Number
>>>>>>>>>>> 2225
>>>>>>>>>>> Message ID
>>>>>>>>>>> SocketChannel Read Exception
>>>>>>>>>>> Complete Message
>>>>>>>>>>> javax.net.ssl.SSLHandshakeException: Client requested
>>>>>>>>>>> protocol SSLv3 not enabled or not supported at
>>>>>>>>>>> com.sun.net.ssl.internal.ssl.Handshaker.checkThrown(Handshaker.java:994)
>>>>>>>>>>> at
>>>>>>>>>>> com.sun.net.ssl.internal.ssl.SSLEngineImpl.checkTaskThrown(SSLEngineImpl.java:459)
>>>>>>>>>>> at
>>>>>>>>>>> com.sun.net.ssl.internal.ssl.SSLEngineImpl.writeAppRecord(SSLEngineImpl.java:1058)
>>>>>>>>>>> at
>>>>>>>>>>> com.sun.net.ssl.internal.ssl.SSLEngineImpl.wrap(SSLEngineImpl.java:1030)
>>>>>>>>>>> at javax.net.ssl.SSLEngine.wrap(SSLEngine.java:411) at
>>>>>>>>>>> com.sun.enterprise.web.connector.grizzly.ssl.SSLUtils.wrap(SSLUtils.java:360)
>>>>>>>>>>> at
>>>>>>>>>>> com.sun.enterprise.web.connector.grizzly.ssl.SSLUtils.doHandshake(SSLUtils.java:489)
>>>>>>>>>>> at
>>>>>>>>>>> com.sun.enterprise.web.connector.grizzly.ssl.SSLReadTask.doHandshake(SSLReadTask.java:289)
>>>>>>>>>>> at
>>>>>>>>>>> com.sun.enterprise.web.connector.grizzly.ssl.SSLReadTask.doTask(SSLReadTask.java:212)
>>>>>>>>>>> at
>>>>>>>>>>> com.sun.enterprise.web.connector.grizzly.TaskBase.run(TaskBase.java:265)
>>>>>>>>>>> at
>>>>>>>>>>> com.sun.enterprise.web.connector.grizzly.ssl.SSLWorkerThread.run(SSLWorkerThread.java:106)
>>>>>>>>>>> Caused by: javax.net.ssl.SSLHandshakeException: Client
>>>>>>>>>>> requested protocol SSLv3 not enabled or not supported at
>>>>>>>>>>> com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Alerts.java:150)
>>>>>>>>>>> at
>>>>>>>>>>> com.sun.net.ssl.internal.ssl.SSLEngineImpl.fatal(SSLEngineImpl.java:1356)
>>>>>>>>>>> at
>>>>>>>>>>> com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Handshaker.java:176)
>>>>>>>>>>> at
>>>>>>>>>>> com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Handshaker.java:164)
>>>>>>>>>>> at
>>>>>>>>>>> com.sun.net.ssl.internal.ssl.ServerHandshaker.clientHello(ServerHandshaker.java:294)
>>>>>>>>>>> at
>>>>>>>>>>> com.sun.net.ssl.internal.ssl.ServerHandshaker.processMessage(ServerHandshaker.java:178)
>>>>>>>>>>> at
>>>>>>>>>>> com.sun.net.ssl.internal.ssl.Handshaker.processLoop(Handshaker.java:495)
>>>>>>>>>>> at
>>>>>>>>>>> com.sun.net.ssl.internal.ssl.Handshaker$1.run(Handshaker.java:437)
>>>>>>>>>>> at java.security.AccessController.doPrivileged(Native
>>>>>>>>>>> Method) at
>>>>>>>>>>> com.sun.net.ssl.internal.ssl.Handshaker$DelegatedTask.run(Handshaker.java:932)
>>>>>>>>>>> at
>>>>>>>>>>> com.sun.enterprise.web.connector.grizzly.ssl.SSLUtils.executeDelegatedTask(SSLUtils.java:393)
>>>>>>>>>>> at
>>>>>>>>>>> com.sun.enterprise.web.connector.grizzly.ssl.SSLUtils.doHandshake(SSLUtils.java:468)
>>>>>>>>>>> ... 4 more
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>> Timestamp
>>>>>>>>>>> Aug 30, 2007 11:15:17.313
>>>>>>>>>>> Log Level
>>>>>>>>>>> FINE
>>>>>>>>>>> Logger
>>>>>>>>>>> javax.enterprise.system.container.web
>>>>>>>>>>> Name-Value Pairs
>>>>>>>>>>>
>>>>>>>>>>> _ThreadID=19;_ThreadName=httpSSLWorkerThread-443-0;ClassName=com.sun.enterprise.web.connector.grizzly.DefaultReadTask;MethodName=manageKeepAlive;_RequestID=60a45aa3-2321-4cb2-b519-d9fdbc40afd7;
>>>>>>>>>>>
>>>>>>>>>>> Record Number
>>>>>>>>>>> 2226
>>>>>>>>>>> Message ID
>>>>>>>>>>> SocketChannel Read Exception
>>>>>>>>>>> Complete Message
>>>>>>>>>>> javax.net.ssl.SSLException: Unsupported SSL v2.0
>>>>>>>>>>> ClientHello at
>>>>>>>>>>> com.sun.net.ssl.internal.ssl.InputRecord.handleUnknownRecord(InputRecord.java:469)
>>>>>>>>>>> at
>>>>>>>>>>> com.sun.net.ssl.internal.ssl.InputRecord.read(InputRecord.java:355)
>>>>>>>>>>> at
>>>>>>>>>>> com.sun.net.ssl.internal.ssl.EngineInputRecord.read(EngineInputRecord.java:290)
>>>>>>>>>>> at
>>>>>>>>>>> com.sun.net.ssl.internal.ssl.SSLEngineImpl.readRecord(SSLEngineImpl.java:844)
>>>>>>>>>>> at
>>>>>>>>>>> com.sun.net.ssl.internal.ssl.SSLEngineImpl.readNetRecord(SSLEngineImpl.java:787)
>>>>>>>>>>> at
>>>>>>>>>>> com.sun.net.ssl.internal.ssl.SSLEngineImpl.unwrap(SSLEngineImpl.java:663)
>>>>>>>>>>> at javax.net.ssl.SSLEngine.unwrap(SSLEngine.java:566) at
>>>>>>>>>>> com.sun.enterprise.web.connector.grizzly.ssl.SSLUtils.unwrap(SSLUtils.java:343)
>>>>>>>>>>> at
>>>>>>>>>>> com.sun.enterprise.web.connector.grizzly.ssl.SSLUtils.doHandshake(SSLUtils.java:454)
>>>>>>>>>>> at
>>>>>>>>>>> com.sun.enterprise.web.connector.grizzly.ssl.SSLReadTask.doHandshake(SSLReadTask.java:289)
>>>>>>>>>>> at
>>>>>>>>>>> com.sun.enterprise.web.connector.grizzly.ssl.SSLReadTask.doTask(SSLReadTask.java:212)
>>>>>>>>>>> at
>>>>>>>>>>> com.sun.enterprise.web.connector.grizzly.TaskBase.run(TaskBase.java:265)
>>>>>>>>>>> at
>>>>>>>>>>> com.sun.enterprise.web.connector.grizzly.ssl.SSLWorkerThread.run(SSLWorkerThread.java:106)
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>> Ryan de Laplante wrote:
>>>>>>>>>>>> Today I noticed that I cannot access my SSL web application
>>>>>>>>>>>> on GlassfishV2 RC4 using IE 6.0. I haven't tried IE 6
>>>>>>>>>>>> since upgrading to RC4, but know ithat IE6 used to work
>>>>>>>>>>>> before. It works fine in IE 7, and Firefox. IE 6 shows
>>>>>>>>>>>> "Cannot find server or DNS error". We've tried it on 5
>>>>>>>>>>>> separate computers with the same result.
>>>>>>>>>>>>
>>>>>>>>>>>>
>>>>>>>>>>>> I re-generated the SSL certificate on Glassfish and
>>>>>>>>>>>> restarted. That did not solve the problem.
>>>>>>>>>>>> The URL is on the Internet. If a Sun employee would like
>>>>>>>>>>>> to see for themselves, please email me directly.
>>>>>>>>>>>>
>>>>>>>>>>>>
>>>>>>>>>>>> Thanks,
>>>>>>>>>>>> Ryan
>>>>>>>>>>>>
>>>>>>>>>>>> ---------------------------------------------------------------------
>>>>>>>>>>>>
>>>>>>>>>>>> To unsubscribe, e-mail:
>>>>>>>>>>>> users-unsubscribe_at_glassfish.dev.java.net
>>>>>>>>>>>> For additional commands, e-mail:
>>>>>>>>>>>> users-help_at_glassfish.dev.java.net
>>>>>>>>>>>>
>>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>> ---------------------------------------------------------------------
>>>>>>>>>>>
>>>>>>>>>>> To unsubscribe, e-mail:
>>>>>>>>>>> users-unsubscribe_at_glassfish.dev.java.net
>>>>>>>>>>> For additional commands, e-mail:
>>>>>>>>>>> users-help_at_glassfish.dev.java.net
>>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>> ---------------------------------------------------------------------
>>>>>>>>>>
>>>>>>>>>> To unsubscribe, e-mail: users-unsubscribe_at_glassfish.dev.java.net
>>>>>>>>>> For additional commands, e-mail:
>>>>>>>>>> users-help_at_glassfish.dev.java.net
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>
>>>>>>>>> ---------------------------------------------------------------------
>>>>>>>>>
>>>>>>>>> To unsubscribe, e-mail: users-unsubscribe_at_glassfish.dev.java.net
>>>>>>>>> For additional commands, e-mail:
>>>>>>>>> users-help_at_glassfish.dev.java.net
>>>>>>>>>
>>>>>>>>
>>>>>>>> ---------------------------------------------------------------------
>>>>>>>>
>>>>>>>> To unsubscribe, e-mail: users-unsubscribe_at_glassfish.dev.java.net
>>>>>>>> For additional commands, e-mail: users-help_at_glassfish.dev.java.net
>>>>>>>>
>>>>>>>>
>>>>>>>
>>>>>>> ---------------------------------------------------------------------
>>>>>>>
>>>>>>> To unsubscribe, e-mail: users-unsubscribe_at_glassfish.dev.java.net
>>>>>>> For additional commands, e-mail: users-help_at_glassfish.dev.java.net
>>>>>>>
>>>>>>
>>>>>> ---------------------------------------------------------------------
>>>>>>
>>>>>> To unsubscribe, e-mail: users-unsubscribe_at_glassfish.dev.java.net
>>>>>> For additional commands, e-mail: users-help_at_glassfish.dev.java.net
>>>>>>
>>>>>>
>>>>>
>>>>> ---------------------------------------------------------------------
>>>>> To unsubscribe, e-mail: users-unsubscribe_at_glassfish.dev.java.net
>>>>> For additional commands, e-mail: users-help_at_glassfish.dev.java.net
>>>>>
>>>>
>>>> ---------------------------------------------------------------------
>>>> To unsubscribe, e-mail: users-unsubscribe_at_glassfish.dev.java.net
>>>> For additional commands, e-mail: users-help_at_glassfish.dev.java.net
>>>>
>>>>
>>>
>>> ---------------------------------------------------------------------
>>> To unsubscribe, e-mail: users-unsubscribe_at_glassfish.dev.java.net
>>> For additional commands, e-mail: users-help_at_glassfish.dev.java.net
>>>
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: users-unsubscribe_at_glassfish.dev.java.net
>> For additional commands, e-mail: users-help_at_glassfish.dev.java.net
>>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe_at_glassfish.dev.java.net
> For additional commands, e-mail: users-help_at_glassfish.dev.java.net
>
>