-
Bug
-
Resolution: Done
-
Major
-
7.1.0.DR6
wildfly-openssl version used: 1.0.0.Alpha1.
I have a problem to use HTTP2 on EAP when using OpenSSL implementation based on the wildfly-openssl project. When I use standard 'TLS' protocol, HTTP2 works just fine (using Chrome as a client). But when I switch to 'openssl.TLS', client uses HTTP/1.1 and never upgrade to HTTP2.
What I do:
- start EAP
- perform request to: https://localhost:8443 ----- HTTP2 is used here
- /core-service=management/security-realm=ApplicationRealm/server-identity=ssl:write-attribute(name=protocol,value=openssl.TLS)
- reload
- perform request to: https://localhost:8443 ----- HTTP/1.1 is used here
I tried to check in Wireshark. When I compared Client and Server Hello packets, I can see that in both cases the Client Hello packets contains TLS ALPN extension part with offered protocols h2 and http/1.1. Although Server Hello packets differs. When 'TLS' is used, then Server Hello packet contains ALPN extension with chosen protocol of 'h2'. But when 'openssl.TLS' is used, I can see that appropriate Server Hello packet does not contain ALPN extension part at all, which I presume leads that HTTP/1.1 protocol is used for further communication.
Not sure whether it is related somehow, I can also see that different types of ciphers are used - TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 in case of 'TLS' and TLS_RSA_WITH_AES_128_GCM_SHA256 in case of 'openssl.TLS'.
My openssl version is: 1.0.2j-fips
Not sure whether there must be performed some extra configuration to make HTTP2/ALPN work when using openssl implementation.
- is cloned by
-
WFCORE-1874 HTTP2 / ALPN does not work when using wildfly-openssl
- Resolved
- is incorporated by
-
JBEAP-6253 (7.1.0) Upgrade to WildFly Core 3.0.0.Alpha10
- Closed