users@grizzly.java.net

Re: Grizzly 2 and SSL

From: Oleksiy Stashok <oleksiy.stashok_at_oracle.com>
Date: Mon, 12 Sep 2011 19:04:46 +0200

Hi David,

> While writing a simple test case this afternoon, I found what was wrong.
>
> The main problem was the usage of Response.getOutputStream().
>
> This is my understanding :
>
> Before Grizzly 2.1.2, there were only 1 method :
> Response.getOutputStream().
>
> AFAIU : This method return a blocking stream.
>
AFAIR it was non-blocking :)

> But from Grizzly 2.1.2, they are 2 methods :
>
> Response.getOutputStream() and Response.getOutputStream( Boolean
> blocking )
>
> The problem is that Response.getOutputStream() call the method
> Response.getOutputStream( false ); and it change the behavior
> comparing to the previous Grizzly version. Do you agree ?
>
We added ability to retrieve blocking OutputStream. Earlier it was
non-blocking only.
>
> But, I also use Jersey, and I had problem with it.
>
> And basically the problem is the same, in Jersey 1.9, the Grizzly 2
> connector use the method getOutputStream() and I have the same problem.
>
> I quickly rewrite the Jersey connector by putting getOutputStream(
> false ) in the Jersey writer and now it works !
>
> Is it really wanted to put the Jersey connector in non blocking mode ?
> I feel it's a mistake bug. But I may be wrong.
>
That's very interesting, can you pls. give us a testcase? :)) Don't
understand why the mode of output stream makes any difference.

> I don't know if it's normal/ok to assert that the non blocking mode is
> enable by default.
>
It's probably not. We're going to refactor this part of code and
separate methods, which return blocking and non-blocking streams.
We even have issue to track this:

http://java.net/jira/browse/GRIZZLY-1070


> For me it's an advanced feature and should be enabled only by using
> the getOutputStream( Boolean blocking ) method.
>
Agree.

Thanks.

WBR,
Alexey.

> *From:*Oleksiy Stashok [mailto:oleksiy.stashok_at_oracle.com]
> *Sent:* vendredi 9 septembre 2011 18:53
> *To:* users_at_grizzly.java.net
> *Subject:* Re: Grizzly 2 and SSL
>
> Hi David,
>
> I believe it's something configuration related.
> Can you pls. send us a testcase to reproduce the issue?
>
> Thanks.
>
> WBR,
> Alexey.
>
> On 09/09/2011 04:15 PM, Gay David (Annecy) wrote:
>
> Hi all,
>
> I'm using Grizzly 2.1.2 and I have a problem when turning on SLL. I
> have this exception :
>
> 2011-09-09 15:59:23,697 GMT+0200 - [Grizzly(1)] WARN
> (DefaultFilterChain.execute:177) - Exception during FilterChain execution
>
> org.glassfish.grizzly.TransformationException:
> javax.net.ssl.SSLException: Received fatal alert: unexpected_message
>
> at
> org.glassfish.grizzly.ssl.SSLDecoderTransformer.transformImpl(SSLDecoderTransformer.java:175)
>
> at
> org.glassfish.grizzly.ssl.SSLDecoderTransformer.transformImpl(SSLDecoderTransformer.java:66)
>
> at
> org.glassfish.grizzly.AbstractTransformer.transform(AbstractTransformer.java:73)
>
> at
> org.glassfish.grizzly.filterchain.AbstractCodecFilter.handleRead(AbstractCodecFilter.java:71)
>
> at
> org.glassfish.grizzly.ssl.SSLFilter.handleRead(SSLFilter.java:176)
>
> at
> org.glassfish.grizzly.filterchain.ExecutorResolver$9.execute(ExecutorResolver.java:119)
>
> at
> org.glassfish.grizzly.filterchain.DefaultFilterChain.executeFilter(DefaultFilterChain.java:286)
>
> at
> org.glassfish.grizzly.filterchain.DefaultFilterChain.executeChainPart(DefaultFilterChain.java:223)
>
> at
> org.glassfish.grizzly.filterchain.DefaultFilterChain.execute(DefaultFilterChain.java:155)
>
> at
> org.glassfish.grizzly.filterchain.DefaultFilterChain.process(DefaultFilterChain.java:134)
>
> at
> org.glassfish.grizzly.ProcessorExecutor.execute(ProcessorExecutor.java:78)
>
> at
> org.glassfish.grizzly.nio.transport.TCPNIOTransport.fireIOEvent(TCPNIOTransport.java:827)
>
> at
> org.glassfish.grizzly.strategies.AbstractIOStrategy.fireIOEvent(AbstractIOStrategy.java:103)
>
> at
> org.glassfish.grizzly.strategies.WorkerThreadIOStrategy.run0(WorkerThreadIOStrategy.java:111)
>
> at
> org.glassfish.grizzly.strategies.WorkerThreadIOStrategy.access$100(WorkerThreadIOStrategy.java:55)
>
> at
> org.glassfish.grizzly.strategies.WorkerThreadIOStrategy$WorkerThreadRunnable.run(WorkerThreadIOStrategy.java:131)
>
> at
> org.glassfish.grizzly.threadpool.AbstractThreadPool$Worker.doWork(AbstractThreadPool.java:508)
>
> at
> org.glassfish.grizzly.threadpool.AbstractThreadPool$Worker.run(AbstractThreadPool.java:488)
>
> at java.lang.Thread.run(Thread.java:662)
>
> Caused by: javax.net.ssl.SSLException: Received fatal alert:
> unexpected_message
>
> at
> com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Alerts.java:190)
>
> at
> com.sun.net.ssl.internal.ssl.SSLEngineImpl.fatal(SSLEngineImpl.java:1429)
>
> at
> com.sun.net.ssl.internal.ssl.SSLEngineImpl.fatal(SSLEngineImpl.java:1397)
>
> at
> com.sun.net.ssl.internal.ssl.SSLEngineImpl.recvAlert(SSLEngineImpl.java:1563)
>
> at
> com.sun.net.ssl.internal.ssl.SSLEngineImpl.readRecord(SSLEngineImpl.java:1023)
>
> at
> com.sun.net.ssl.internal.ssl.SSLEngineImpl.readNetRecord(SSLEngineImpl.java:837)
>
> at
> com.sun.net.ssl.internal.ssl.SSLEngineImpl.unwrap(SSLEngineImpl.java:713)
>
> at javax.net.ssl.SSLEngine.unwrap(SSLEngine.java:607)
>
> at
> org.glassfish.grizzly.ssl.SSLDecoderTransformer.transformImpl(SSLDecoderTransformer.java:127)
>
> ... 18 more
>
> And this is the code I use to init the SSL in Grizzly :
>
> private static final String SSLCTX_TLS = "TLS";
>
> private static final String KSTYPE_PKCS12 = "PKCS12";
>
> public void startServer( SomeConfigurationObject conf
> ) throws Exception
>
> {
>
> ...
>
> HttpServer server = new HttpServer();
>
> NetworkListener nl = new
> NetworkListener( identifier, host, port );
>
> if( useSsl )
>
> {
>
> nl.setSecure( true );
>
> nl.setSSLEngineConfig(
> createSSLConfiguration(conf) );
>
> }
>
> nl.setRcmSupportEnabled( false );
>
> nl.setCompression( "on" );
>
> nl.setChunkingEnabled( true );
>
> nl.setDisableUploadTimeout( true );
>
> nl.getFileCache().setEnabled( false );
>
> server.addListener( nl );
>
> // Add the http handlers
>
> ....
>
> // Start
>
> server.start();
>
> }
>
> private SSLEngineConfigurator createSSLConfiguration(
> SomeConfigurationObject conf ) throws IOException
>
> {
>
> ByteArrayInputStream bais;
>
> KeyStore ks;
>
> KeyManagerFactory kmFactory;
>
> SSLContext sslContext;
>
> SSLEngineConfigurator engineConf;
>
> engineConf = null;
>
> try
>
> {
>
> // Prepare a key manager using the provided keystore
>
> kmFactory = KeyManagerFactory.getInstance(
> KeyManagerFactory.getDefaultAlgorithm() );
>
> // .... some code to
> init the KeyManagerFactory
>
> // Initialize the SSL context with the certificate as the
> server identity
>
> sslContext = SSLContext.getInstance( SSLCTX_TLS );
>
> sslContext.init( kmFactory.getKeyManagers(), null, null );
>
> // Create the engine conf
>
> engineConf = new SSLEngineConfigurator( sslContext, false,
> false, false );
>
> engineConf.setEnabledProtocols( new String[] { "TLSv1",
> "SSLv3" } );
>
> engineConf.setProtocolConfigured( true );
>
> engineConf.setEnabledCipherSuites(
> conf.getEnabledCipherSuites() );
>
> engineConf.setCipherConfigured( true );
>
> }
>
> catch( ... ) { .... }
>
> Did someone have a clue of what's could be wrong ?
>
> Thanks and regards
>
> David
>
© Oracle | By contributing to this project, you are agreeing to the terms of use described here.