Hi Isart,
you can influence the protocol by calling method
SslContextConfigurator.setSecurityProtocol(...) [1] with "TLSv1.2" as a
parameter (when dealing with Tyrus client - ClientManager - SSL
configuration).
Answer to your second question is no; standalone server does not
currently support SSL configuraiton, you'll need to modify the sources
and somehow let the ServerContainerFactory to know about where to find
it, or invoke that directly. The first post you linked says what needs
to be done. There might be additional work required for Grizzly (you
would need to do something similar as we currently do for Grizzly client
- transform Tyrus Ssl*Configurator classes to Grizzly alternatives).
Feel free to create new enhancement request at [2] (or maybe consider
contributing if you can).
Thanks and regards,
Pavel
[1]
https://tyrus.java.net/apidocs/1.8.3/org/glassfish/tyrus/client/SslContextConfigurator.html#setSecurityProtocol(java.lang.String)
[2]
https://java.net/jira/browse/TYRUS
On 15/10/14 15:15, Isart Canyameres wrote:
> Hi again, I noticed that web browsers issue a ClientHello with every
> supported protocol (included TLSv1) as part of the negotiation process:
>
> *** ClientHello, TLSv1.2
> *** ClientHello, TLSv1.1
> *** ClientHello, TLSv1
> *** ClientHello, SSLv3
>
> Being that the case, the error I'm experimenting can't be caused by
> TLS protocol version.
>
> Thus, instead of knowing how to configure SSL to support TLSv1,
> TLSv1.1 and TLSv1.2, the important question for me now is how to
> specify SSL configuration to the server. Is it enough to configure
> desired keystore using System Properties?
>
> Thank you again,
> Isart
>
> El 15/10/14 a les 14:57, Isart Canyameres ha escrit:
>> Hello,
>>
>> I'm using a standalone server to expose some WSS endpoints.
>>
>> Looking at the archives, I found following explanation and
>> successfully crafted suggested hack in order to enable WSS in the
>> standalone server:
>> https://java.net/projects/tyrus/lists/users/archive/2014-02/message/1
>>
>> That done, I though about configuring SSL properties by passing
>> an SslContextConfigurator to the server just as if it was a
>> client:
>> https://tyrus.java.net/documentation/1.8.3/user-guide.html#d0e1128
>> However, reviewing
>> org.glassfish.tyrus.container.grizzly.server.GrizzlyServerContainer
>>
>>
> source code I've been unable to find the place where it may read such
>> SslContextConfigurator. Am I looking at the right place?
>>
>>
>> Although it may be ignoring given SslContextConfigurator, by
>> configuring System Properties with desired keystore and its
>> password, the server is able to successfully stablish a wss session
>> with correctly configured
>> org.glassfish.tyrus.client.ClientManager.
>>
>> However SSL handshake fails when trying to stablish a session
>> using websocket implementations of common browsers. It reports
>> javax.net.ssl.SSLHandshakeException: no cipher suites in common
>>
>> Looking at log output, one can identify that ClientManager uses
>> TLSv1, while browsers native websocket implementation issue
>> ClientHello messages specifying TLSv1.2 or TLSv1.1 (depending on
>> the browser).
>>
>> Is it possible to configure the server to use these versions?
>>
>> Many thanks,
>>
>> Isart
>>