Uploaded image for project: 'JBoss Enterprise Application Platform'
  1. JBoss Enterprise Application Platform
  2. JBEAP-6473

HTTP2 / ALPN does not work when using wildfly-openssl

XMLWordPrintable

      wildfly-openssl version used: 1.0.0.Alpha1.

      I have a problem to use HTTP2 on EAP when using OpenSSL implementation based on the wildfly-openssl project. When I use standard 'TLS' protocol, HTTP2 works just fine (using Chrome as a client). But when I switch to 'openssl.TLS', client uses HTTP/1.1 and never upgrade to HTTP2.

      What I do:

      1. start EAP
      2. perform request to: https://localhost:8443 ----- HTTP2 is used here
      3. /core-service=management/security-realm=ApplicationRealm/server-identity=ssl:write-attribute(name=protocol,value=openssl.TLS)
      4. reload
      5. perform request to: https://localhost:8443 ----- HTTP/1.1 is used here

      I tried to check in Wireshark. When I compared Client and Server Hello packets, I can see that in both cases the Client Hello packets contains TLS ALPN extension part with offered protocols h2 and http/1.1. Although Server Hello packets differs. When 'TLS' is used, then Server Hello packet contains ALPN extension with chosen protocol of 'h2'. But when 'openssl.TLS' is used, I can see that appropriate Server Hello packet does not contain ALPN extension part at all, which I presume leads that HTTP/1.1 protocol is used for further communication.

      Not sure whether it is related somehow, I can also see that different types of ciphers are used - TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 in case of 'TLS' and TLS_RSA_WITH_AES_128_GCM_SHA256 in case of 'openssl.TLS'.

      My openssl version is: 1.0.2j-fips

      Not sure whether there must be performed some extra configuration to make HTTP2/ALPN work when using openssl implementation.

            sdouglas1@redhat.com Stuart Douglas
            jstourac@redhat.com Jan Stourac
            Jan Stourac Jan Stourac
            Jan Stourac Jan Stourac
            Votes:
            0 Vote for this issue
            Watchers:
            4 Start watching this issue

              Created:
              Updated:
              Resolved: