Uploaded image for project: 'JBoss Enterprise Application Platform'
  1. JBoss Enterprise Application Platform
  2. JBEAP-10944

JDK8HackAlpnProvider doesn't work for client when used with elytron ssl-context

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Done
    • Icon: Major Major
    • 7.1.0.DR19
    • 7.1.0.DR18
    • Security, Undertow
    • None
    • Hide
      1. unzip two installations of EAP, one shall be used as balancer and one as worker.
      2. update paths to keystores in the attached configuration files to point to directory in which you unpacked the attached certs.zip
      3. start the balancer => ./standalone.sh -c standalone-load-balancer.xml
      4. start the worker and deploy to it some application (as you have them on the same machine, you need to shift ports) => ./standalone.sh -c standalone-ha.xml -Djboss.socket.binding.port-offset=100
      5. create http2 request to the balancer https listener and see in worker access-log whether HTTP/2 was actually used.
      Show
      unzip two installations of EAP, one shall be used as balancer and one as worker. update paths to keystores in the attached configuration files to point to directory in which you unpacked the attached certs.zip start the balancer => ./standalone.sh -c standalone-load-balancer.xml start the worker and deploy to it some application (as you have them on the same machine, you need to shift ports) => ./standalone.sh -c standalone-ha.xml -Djboss.socket.binding.port-offset=100 create http2 request to the balancer https listener and see in worker access-log whether HTTP/2 was actually used.

      When I setup undertow as proxy and one server behind it, even when I define that there should be used HTTP/2 (possible with mod_cluster filter) for proxy to worker communication it isn't used for default undertow ALPN JDK8 implementation.

      It is possible to make it work with openssl ALPN provider but not with the default one, which I believe it should work with as well.

      EDIT: doesn't work only with elytron based ssl-context.

        1. certs.zip
          12 kB
        2. standalone-ha.xml
          34 kB
        3. standalone-load-balancer.xml
          17 kB

              sdouglas1@redhat.com Stuart Douglas (Inactive)
              rhatlapa@redhat.com Radim Hatlapatka (Inactive)
              Radim Hatlapatka Radim Hatlapatka (Inactive)
              Radim Hatlapatka Radim Hatlapatka (Inactive)
              Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

                Created:
                Updated:
                Resolved: