Uploaded image for project: 'JBoss Enterprise Application Platform'
  1. JBoss Enterprise Application Platform
  2. JBEAP-10944

JDK8HackAlpnProvider doesn't work for client when used with elytron ssl-context

    XMLWordPrintable

Details

    • Bug
    • Resolution: Done
    • Major
    • 7.1.0.DR19
    • 7.1.0.DR18
    • Security, Undertow
    • None
    • Hide
      1. unzip two installations of EAP, one shall be used as balancer and one as worker.
      2. update paths to keystores in the attached configuration files to point to directory in which you unpacked the attached certs.zip
      3. start the balancer => ./standalone.sh -c standalone-load-balancer.xml
      4. start the worker and deploy to it some application (as you have them on the same machine, you need to shift ports) => ./standalone.sh -c standalone-ha.xml -Djboss.socket.binding.port-offset=100
      5. create http2 request to the balancer https listener and see in worker access-log whether HTTP/2 was actually used.
      Show
      unzip two installations of EAP, one shall be used as balancer and one as worker. update paths to keystores in the attached configuration files to point to directory in which you unpacked the attached certs.zip start the balancer => ./standalone.sh -c standalone-load-balancer.xml start the worker and deploy to it some application (as you have them on the same machine, you need to shift ports) => ./standalone.sh -c standalone-ha.xml -Djboss.socket.binding.port-offset=100 create http2 request to the balancer https listener and see in worker access-log whether HTTP/2 was actually used.

    Description

      When I setup undertow as proxy and one server behind it, even when I define that there should be used HTTP/2 (possible with mod_cluster filter) for proxy to worker communication it isn't used for default undertow ALPN JDK8 implementation.

      It is possible to make it work with openssl ALPN provider but not with the default one, which I believe it should work with as well.

      EDIT: doesn't work only with elytron based ssl-context.

      Attachments

        1. certs.zip
          12 kB
        2. standalone-ha.xml
          34 kB
        3. standalone-load-balancer.xml
          17 kB

        Issue Links

          is cloned by

          Bug - A problem that impairs or prevents the functions of the product. WFCORE-2824 JDK8HackAlpnProvider doesn't work for client when used with elytron ssl-context

          • Major - To be worked after higher priority work items are addressed. When the severity is high and the effort to change it is low to moderate, this term is chosen. Issues in this category likely have an existing workaround but implementation or execution may be non-trivial.
          • Resolved
          is incorporated by

          Component Upgrade - A task tracking an update to a bundled component or revision of component upstream of the project. JBEAP-10845 (7.1.0) Upgrade to WildFly Core to 3.0.0.Beta23

          • Major - To be worked after higher priority work items are addressed. When the severity is high and the effort to change it is low to moderate, this term is chosen. Issues in this category likely have an existing workaround but implementation or execution may be non-trivial.
          • Verified

          Activity

            People

              sdouglas1@redhat.com Stuart Douglas
              rhatlapa@redhat.com Radim Hatlapatka (Inactive)
              Radim Hatlapatka Radim Hatlapatka (Inactive)
              Radim Hatlapatka Radim Hatlapatka (Inactive)
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: