users@grizzly.java.net

RE: Grizzly 2 and SSL

From: Gay David (Annecy) <"Gay>
Date: Mon, 12 Sep 2011 14:57:36 +0000

Hi Alexey,

While writing a simple test case this afternoon, I found what was wrong.

The main problem was the usage of Response.getOutputStream().

This is my understanding :

Before Grizzly 2.1.2, there were only 1 method : Response.getOutputStream().
AFAIU : This method return a blocking stream.

But from Grizzly 2.1.2, they are 2 methods :
Response.getOutputStream() and Response.getOutputStream( Boolean blocking )
The problem is that Response.getOutputStream() call the method Response.getOutputStream( false ); and it change the behavior comparing to the previous Grizzly version. Do you agree ?

Once I realize that, I modify my code to put getOutputStream(true), and now, no more problem.
My first tests seems ok.


But, I also use Jersey, and I had problem with it.
And basically the problem is the same, in Jersey 1.9, the Grizzly 2 connector use the method getOutputStream() and I have the same problem.
I quickly rewrite the Jersey connector by putting getOutputStream( false ) in the Jersey writer and now it works !
Is it really wanted to put the Jersey connector in non blocking mode ? I feel it's a mistake bug. But I may be wrong.

I don't know if it's normal/ok to assert that the non blocking mode is enable by default.
For me it's an advanced feature and should be enabled only by using the getOutputStream( Boolean blocking ) method.


Thanks and Regards
David

From: Oleksiy Stashok [mailto:oleksiy.stashok_at_oracle.com]
Sent: vendredi 9 septembre 2011 18:53
To: users_at_grizzly.java.net
Subject: Re: Grizzly 2 and SSL

Hi David,

I believe it's something configuration related.
Can you pls. send us a testcase to reproduce the issue?

Thanks.

WBR,
Alexey.

On 09/09/2011 04:15 PM, Gay David (Annecy) wrote:
Hi all,

I'm using Grizzly 2.1.2 and I have a problem when turning on SLL. I have this exception :

2011-09-09 15:59:23,697 GMT+0200 - [Grizzly(1)] WARN (DefaultFilterChain.execute:177) - Exception during FilterChain execution
org.glassfish.grizzly.TransformationException: javax.net.ssl.SSLException: Received fatal alert: unexpected_message
                at org.glassfish.grizzly.ssl.SSLDecoderTransformer.transformImpl(SSLDecoderTransformer.java:175)
                at org.glassfish.grizzly.ssl.SSLDecoderTransformer.transformImpl(SSLDecoderTransformer.java:66)
                at org.glassfish.grizzly.AbstractTransformer.transform(AbstractTransformer.java:73)
                at org.glassfish.grizzly.filterchain.AbstractCodecFilter.handleRead(AbstractCodecFilter.java:71)
                at org.glassfish.grizzly.ssl.SSLFilter.handleRead(SSLFilter.java:176)
                at org.glassfish.grizzly.filterchain.ExecutorResolver$9.execute(ExecutorResolver.java:119)
                at org.glassfish.grizzly.filterchain.DefaultFilterChain.executeFilter(DefaultFilterChain.java:286)
                at org.glassfish.grizzly.filterchain.DefaultFilterChain.executeChainPart(DefaultFilterChain.java:223)
                at org.glassfish.grizzly.filterchain.DefaultFilterChain.execute(DefaultFilterChain.java:155)
                at org.glassfish.grizzly.filterchain.DefaultFilterChain.process(DefaultFilterChain.java:134)
                at org.glassfish.grizzly.ProcessorExecutor.execute(ProcessorExecutor.java:78)
                at org.glassfish.grizzly.nio.transport.TCPNIOTransport.fireIOEvent(TCPNIOTransport.java:827)
                at org.glassfish.grizzly.strategies.AbstractIOStrategy.fireIOEvent(AbstractIOStrategy.java:103)
                at org.glassfish.grizzly.strategies.WorkerThreadIOStrategy.run0(WorkerThreadIOStrategy.java:111)
                at org.glassfish.grizzly.strategies.WorkerThreadIOStrategy.access$100(WorkerThreadIOStrategy.java:55)
                at org.glassfish.grizzly.strategies.WorkerThreadIOStrategy$WorkerThreadRunnable.run(WorkerThreadIOStrategy.java:131)
                at org.glassfish.grizzly.threadpool.AbstractThreadPool$Worker.doWork(AbstractThreadPool.java:508)
                at org.glassfish.grizzly.threadpool.AbstractThreadPool$Worker.run(AbstractThreadPool.java:488)
                at java.lang.Thread.run(Thread.java:662)
Caused by: javax.net.ssl.SSLException: Received fatal alert: unexpected_message
                at com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Alerts.java:190)
                at com.sun.net.ssl.internal.ssl.SSLEngineImpl.fatal(SSLEngineImpl.java:1429)
                at com.sun.net.ssl.internal.ssl.SSLEngineImpl.fatal(SSLEngineImpl.java:1397)
                at com.sun.net.ssl.internal.ssl.SSLEngineImpl.recvAlert(SSLEngineImpl.java:1563)
                at com.sun.net.ssl.internal.ssl.SSLEngineImpl.readRecord(SSLEngineImpl.java:1023)
                at com.sun.net.ssl.internal.ssl.SSLEngineImpl.readNetRecord(SSLEngineImpl.java:837)
                at com.sun.net.ssl.internal.ssl.SSLEngineImpl.unwrap(SSLEngineImpl.java:713)
                at javax.net.ssl.SSLEngine.unwrap(SSLEngine.java:607)
                at org.glassfish.grizzly.ssl.SSLDecoderTransformer.transformImpl(SSLDecoderTransformer.java:127)
                ... 18 more


And this is the code I use to init the SSL in Grizzly :

    private static final String SSLCTX_TLS = "TLS";
    private static final String KSTYPE_PKCS12 = "PKCS12";

                public void startServer( SomeConfigurationObject conf ) throws Exception
                {
                               ...
                               HttpServer server = new HttpServer();

                               NetworkListener nl = new NetworkListener( identifier, host, port );
                               if( useSsl )
                               {
                                               nl.setSecure( true );
                                               nl.setSSLEngineConfig( createSSLConfiguration(conf) );
                               }
                               nl.setRcmSupportEnabled( false );
                               nl.setCompression( "on" );
                               nl.setChunkingEnabled( true );
                               nl.setDisableUploadTimeout( true );
                               nl.getFileCache().setEnabled( false );
                               server.addListener( nl );

                               // Add the http handlers
                               ....

                               // Start
                               server.start();
                }


    private SSLEngineConfigurator createSSLConfiguration( SomeConfigurationObject conf ) throws IOException
    {
        ByteArrayInputStream bais;
        KeyStore ks;
        KeyManagerFactory kmFactory;
        SSLContext sslContext;
        SSLEngineConfigurator engineConf;

        engineConf = null;
        try
        {
            // Prepare a key manager using the provided keystore
            kmFactory = KeyManagerFactory.getInstance( KeyManagerFactory.getDefaultAlgorithm() );

                                               // .... some code to init the KeyManagerFactory

            // Initialize the SSL context with the certificate as the server identity
            sslContext = SSLContext.getInstance( SSLCTX_TLS );
            sslContext.init( kmFactory.getKeyManagers(), null, null );

            // Create the engine conf
            engineConf = new SSLEngineConfigurator( sslContext, false, false, false );
            engineConf.setEnabledProtocols( new String[] { "TLSv1", "SSLv3" } );
            engineConf.setProtocolConfigured( true );
            engineConf.setEnabledCipherSuites( conf.getEnabledCipherSuites() );
            engineConf.setCipherConfigured( true );
        }
                               catch( ... ) { .... }


Did someone have a clue of what's could be wrong ?

Thanks and regards
David
© Oracle | By contributing to this project, you are agreeing to the terms of use described here.