users@glassfish.java.net

Re: upgrade problem

From: Tim Quinn <tim.quinn_at_oracle.com>
Date: Tue, 1 Mar 2011 10:11:38 -0600

Hello, Thomas.

I believe that these new symptoms - as well as the ones you described
earlier - are the result of the way the Java runtime has addressed the
problem in the SSL protocol Tom mentioned earlier.

You should run Java 1.6.0_22 or later on both the client and server
side. That is the minimum version of Java which GlassFish 3.1
requires, partly because of the SSL security issue in earlier releases
of Java.

GlassFish 3.1 and 3.0.1 are different in significant ways. One of
them is improved security of admin traffic which requires Java
1.6.0_22 or later to work correctly, which 3.0.1 did not require. We
do not recommend that users set the various security properties that
might allow you to use earlier releases because that leaves your
system more vulnerable.

- Tim

On Mar 1, 2011, at 9:55 AM, thomas_at_randspringer.de wrote:

> Hm,
>
> it worked with 3.0.1.
>
> After I deinstalled some packagages(e.g. this cluster stuff) now GF
> at least talked to me when I added the --verbose option.
>
> First I got this error:
> http://java.net/jira/browse/GLASSFISH-12041
>
> I added the property:
> -Dsun.security.ssl.allowUnsafeRenegotiation=true
> to my domain.xml
>
> and now I get:
>
> java.lang.RuntimeException: ClientAbortException:
> java.io.IOException: SSLOutputWriter: CLOSED
> at
> org
> .glassfish.admin.rest.LazyJerseyInit.reportError(LazyJerseyInit.java:
> 200)
> at
> org
> .glassfish
> .admin.rest.adapter.RestAdapter.reportError(RestAdapter.java:453)
> at
> org
> .glassfish.admin.rest.adapter.RestAdapter.service(RestAdapter.java:
> 209)
>
> What can I now do?
> I can not simply deinstall jersey because glassfish-gui and
> glassfish-management depends on it.
>
> Thomas
>
>
>
>
>
>
>
> Tom Mueller <tom.mueller_at_oracle.com> hat am 1. März 2011 um 16:13
> geschrieben:
>
> > I'm not sure that this is the problem, but GlassFish 3.1 running
> in with
> > secure admin enabled requires a minimum JVM version of 1.6.0_22. I
> see
> > from your jvm.log file that you are running 1.6.0_20.
> >
> > There was an SSL vulnerability that was fixed in _22. When
> running with
> > an older VM, the behavior of start-domain --secure is that it
> appears to
> > hang even though the DAS actually started, because start-domain
> cannot
> > establish a connection to the DAS to verify that it is up.
> >
> > Tom
> >
> >
> > On 3/1/2011 6:52 AM, thomas_at_randspringer.de wrote:
> > >
> > > Hi,
> > >
> > > today I tried to upgrade our GF 3.0.1 to 3.1. We use it only as an
> > > servlet container for our rails-application.
> > >
> > > I upgraded via the "updatetool" (source=stable.glassfish.org).
> > >
> > > After installing the new packages I stopped the domain and I
> started
> > > it with the --upgrade option like suggested.
> > >
> > > However now
> > >
> > > asadmin --secure=true start-domain domain1
> > >
> > > does not come back.
> > >
> > > jvm.log and server.log are available from
> > >
> > > http://www.randspringer.de/jvm.log
> > >
> > > http://www.randspringer.de/server.log
> > >
> > > What is the problem and how can I get the glassfish running again?
> > >
> > > Thomas
> > >