users@tyrus.java.net

Re: WSS in standalone server - how to configure SSL to support TLSv1, TLSv1.1 and TLSv1.2?

From: Isart Canyameres <isart.canyameres_at_i2cat.net>
Date: Wed, 15 Oct 2014 15:15:09 +0200

Hi again, I noticed that web browsers issue a ClientHello with every
supported protocol (included TLSv1) as part of the negotiation process:

*** ClientHello, TLSv1.2
*** ClientHello, TLSv1.1
*** ClientHello, TLSv1
*** ClientHello, SSLv3

Being that the case, the error I'm experimenting can't be caused by
TLS protocol version.

Thus, instead of knowing how to configure SSL to support TLSv1,
TLSv1.1 and TLSv1.2, the important question for me now is how to
specify SSL configuration to the server. Is it enough to configure
desired keystore using System Properties?

Thank you again,
Isart

El 15/10/14 a les 14:57, Isart Canyameres ha escrit:
> Hello,
>
> I'm using a standalone server to expose some WSS endpoints.
>
> Looking at the archives, I found following explanation and
> successfully crafted suggested hack in order to enable WSS in the
> standalone server:
> https://java.net/projects/tyrus/lists/users/archive/2014-02/message/1
>
> That done, I though about configuring SSL properties by passing
> an SslContextConfigurator to the server just as if it was a
> client:
> https://tyrus.java.net/documentation/1.8.3/user-guide.html#d0e1128
> However, reviewing
> org.glassfish.tyrus.container.grizzly.server.GrizzlyServerContainer
>
>
source code I've been unable to find the place where it may read such
> SslContextConfigurator. Am I looking at the right place?
>
>
> Although it may be ignoring given SslContextConfigurator, by
> configuring System Properties with desired keystore and its
> password, the server is able to successfully stablish a wss session
> with correctly configured
> org.glassfish.tyrus.client.ClientManager.
>
> However SSL handshake fails when trying to stablish a session
> using websocket implementations of common browsers. It reports
> javax.net.ssl.SSLHandshakeException: no cipher suites in common
>
> Looking at log output, one can identify that ClientManager uses
> TLSv1, while browsers native websocket implementation issue
> ClientHello messages specifying TLSv1.2 or TLSv1.1 (depending on
> the browser).
>
> Is it possible to configure the server to use these versions?
>
> Many thanks,
>
> Isart
> 

-- 
Isart Canyameres Giménez
Distributed Applications and Networks Area (DANA)
Fundació i2CAT, Internet i Innovació Digital a Catalunya, Barcelona, Spain
T: +34 93 553 25 49 - http://dana.i2cat.net
© Oracle | By contributing to this project, you are agreeing to the terms of use described here.