Sorry for the delay. It appears to be an issue with the admin gui.
I've logged an issue [1] to track the problem.
[1]
https://glassfish.dev.java.net/issues/show_bug.cgi?id=12289
The quick/dirty workaround is to remove the '+' from the beginning of
each of the cipher names.
On 6/16/10 8:02 PM, Ryan Lubke wrote:
> On 6/16/10 5:24 AM, webtier_at_javadesktop.org wrote:
>> My apologies in advance if I am posting this on the wrong forum - if
>> so, please let me know where I should post this...
>>
>> I am trying to configure Glassfish v3 to limit the acceptable SSL
>> cipher suites that a client can use to establish an SSL (TLS)
>> connection with a web service available at port 8181 - which
>> corresponds to the network listener "http-listener-2".
>>
>> I did what I thought was the correct procedure through the Glassfish
>> admin console. Under Configuration | Network Config | Network
>> Listeners | http-listener-2, I selected the SSL tab and then selected
>> the cipher suites I wanted to allow (I am trying to force an AES 256
>> cipher to be used). After saving these changes, the<ssl> tag for
>> http-listener-2 in domain.xml looks like this:
>>
>> <ssl
>> ssl3-tls-ciphers="+TLS_RSA_WITH_AES_256_CBC_SHA,+TLS_DHE_RSA_WITH_AES_256_CBC_SHA,+TLS_DHE_DSS_WITH_AES_256_CBC_SHA"
>> ssl3-enabled="false" cert-nickname="s1as" />
>>
>> However, after I limit the allowable cipher suites, I can no longer
>> connect to anything on port 8181. Every time I try, I get the error
>> below. This happens even if I allow 128-bit cipher suites. The only
>> way connections are successful is if I allow all cipher suites. I am
>> trying to connect with a Java client that I know has JCE installed
>> (cipher suite strength is not limited to 128 bits).
>>
>> Can somebody tell me what I'm doing wrong?
> I'll take a look and get back with you asap.
>> Error stack trace:
>> [#|2010-06-15T18:41:15.807-0400|SEVERE|glassfishv3.0|com.sun.grizzly.config.GrizzlyServiceListener|_ThreadID=30;_ThreadName=Thread-1;|ProtocolChain
>> exception
>> java.lang.IllegalArgumentException: CipherSuites may not be null
>> at
>> com.sun.net.ssl.internal.ssl.CipherSuiteList.<init>(CipherSuiteList.java:58)
>>
>> at
>> com.sun.net.ssl.internal.ssl.SSLEngineImpl.setEnabledCipherSuites(SSLEngineImpl.java:1735)
>>
>> at
>> com.sun.grizzly.filter.SSLReadFilter.newSSLEngine(SSLReadFilter.java:358)
>>
>> at
>> com.sun.grizzly.filter.SSLReadFilter.obtainSSLEngine(SSLReadFilter.java:394)
>>
>> at
>> com.sun.grizzly.filter.SSLReadFilter.execute(SSLReadFilter.java:154)
>> at
>> com.sun.grizzly.DefaultProtocolChain.executeProtocolFilter(DefaultProtocolChain.java:135)
>>
>> at
>> com.sun.grizzly.DefaultProtocolChain.execute(DefaultProtocolChain.java:102)
>>
>> at
>> com.sun.grizzly.DefaultProtocolChain.execute(DefaultProtocolChain.java:88)
>>
>> at
>> com.sun.grizzly.http.HttpProtocolChain.execute(HttpProtocolChain.java:76)
>>
>> at
>> com.sun.grizzly.ProtocolChainContextTask.doCall(ProtocolChainContextTask.java:53)
>>
>> at
>> com.sun.grizzly.SelectionKeyContextTask.call(SelectionKeyContextTask.java:57)
>>
>> at com.sun.grizzly.ContextTask.run(ContextTask.java:69)
>> at
>> com.sun.grizzly.util.AbstractThreadPool$Worker.doWork(AbstractThreadPool.java:330)
>>
>> at
>> com.sun.grizzly.util.AbstractThreadPool$Worker.run(AbstractThreadPool.java:309)
>>
>> at java.lang.Thread.run(Thread.java:619)
>> |#]
>> [Message sent by forum member 'davidwarren']
>>
>> http://forums.java.net/jive/thread.jspa?messageID=474475
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: webtier-unsubscribe_at_glassfish.dev.java.net
>> For additional commands, e-mail: webtier-help_at_glassfish.dev.java.net
>>
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: webtier-unsubscribe_at_glassfish.dev.java.net
> For additional commands, e-mail: webtier-help_at_glassfish.dev.java.net
>