On 6/16/10 5:24 AM, webtier_at_javadesktop.org wrote:
> My apologies in advance if I am posting this on the wrong forum - if so, please let me know where I should post this...
>
> I am trying to configure Glassfish v3 to limit the acceptable SSL cipher suites that a client can use to establish an SSL (TLS) connection with a web service available at port 8181 - which corresponds to the network listener "http-listener-2".
>
> I did what I thought was the correct procedure through the Glassfish admin console. Under Configuration | Network Config | Network Listeners | http-listener-2, I selected the SSL tab and then selected the cipher suites I wanted to allow (I am trying to force an AES 256 cipher to be used). After saving these changes, the<ssl> tag for http-listener-2 in domain.xml looks like this:
>
> <ssl ssl3-tls-ciphers="+TLS_RSA_WITH_AES_256_CBC_SHA,+TLS_DHE_RSA_WITH_AES_256_CBC_SHA,+TLS_DHE_DSS_WITH_AES_256_CBC_SHA" ssl3-enabled="false" cert-nickname="s1as" />
>
> However, after I limit the allowable cipher suites, I can no longer connect to anything on port 8181. Every time I try, I get the error below. This happens even if I allow 128-bit cipher suites. The only way connections are successful is if I allow all cipher suites. I am trying to connect with a Java client that I know has JCE installed (cipher suite strength is not limited to 128 bits).
>
> Can somebody tell me what I'm doing wrong?
>
I'll take a look and get back with you asap.
> Error stack trace:
> [#|2010-06-15T18:41:15.807-0400|SEVERE|glassfishv3.0|com.sun.grizzly.config.GrizzlyServiceListener|_ThreadID=30;_ThreadName=Thread-1;|ProtocolChain exception
> java.lang.IllegalArgumentException: CipherSuites may not be null
> at com.sun.net.ssl.internal.ssl.CipherSuiteList.<init>(CipherSuiteList.java:58)
> at com.sun.net.ssl.internal.ssl.SSLEngineImpl.setEnabledCipherSuites(SSLEngineImpl.java:1735)
> at com.sun.grizzly.filter.SSLReadFilter.newSSLEngine(SSLReadFilter.java:358)
> at com.sun.grizzly.filter.SSLReadFilter.obtainSSLEngine(SSLReadFilter.java:394)
> at com.sun.grizzly.filter.SSLReadFilter.execute(SSLReadFilter.java:154)
> at com.sun.grizzly.DefaultProtocolChain.executeProtocolFilter(DefaultProtocolChain.java:135)
> at com.sun.grizzly.DefaultProtocolChain.execute(DefaultProtocolChain.java:102)
> at com.sun.grizzly.DefaultProtocolChain.execute(DefaultProtocolChain.java:88)
> at com.sun.grizzly.http.HttpProtocolChain.execute(HttpProtocolChain.java:76)
> at com.sun.grizzly.ProtocolChainContextTask.doCall(ProtocolChainContextTask.java:53)
> at com.sun.grizzly.SelectionKeyContextTask.call(SelectionKeyContextTask.java:57)
> at com.sun.grizzly.ContextTask.run(ContextTask.java:69)
> at com.sun.grizzly.util.AbstractThreadPool$Worker.doWork(AbstractThreadPool.java:330)
> at com.sun.grizzly.util.AbstractThreadPool$Worker.run(AbstractThreadPool.java:309)
> at java.lang.Thread.run(Thread.java:619)
> |#]
> [Message sent by forum member 'davidwarren']
>
> http://forums.java.net/jive/thread.jspa?messageID=474475
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: webtier-unsubscribe_at_glassfish.dev.java.net
> For additional commands, e-mail: webtier-help_at_glassfish.dev.java.net
>
>