[jboss-jira] [JBoss JIRA] (WFLY-1094) Use own JSSE Provider for http Connector

RH Bugzilla Integration (JIRA) jira-events at lists.jboss.org
Tue Nov 12 09:13:06 EST 2013 

    [ https://issues.jboss.org/browse/WFLY-1094?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12922763#comment-12922763 ] 

RH Bugzilla Integration commented on WFLY-1094:
-----------------------------------------------

Radim Hatlapatka <rhatlapa at redhat.com> changed the Status of [bug 956391|https://bugzilla.redhat.com/show_bug.cgi?id=956391] from ON_QA to VERIFIED
                
> Use own JSSE Provider for http Connector
> ----------------------------------------
>
>                 Key: WFLY-1094
>                 URL: https://issues.jboss.org/browse/WFLY-1094
>             Project: WildFly
>          Issue Type: Feature Request
>      Security Level: Public(Everyone can see) 
>          Components: Web (JBoss Web)
>    Affects Versions: 8.0.0.Alpha1
>            Reporter: Hauke Mehrtens
>            Assignee: Tomaz Cerar
>              Labels: https, jsse, ssl
>             Fix For: 8.0.0.Alpha1
>
>         Attachments: ssl-protocol.patch
>
>
> We are using our own JSSE Provider implementation for TLS to add support for HTTPS with preshared key to one http connector, while the others still use the default JSSE provider.
> In JBoss 5 we added sslProtocol="RFC4279", while RFC4279 is the name of our provider, to one Connector entry in the file server/default/deploy/jbossweb.sar/server.xml. This option is not available in JBoss 7.1 any more and we could not find a way to make one connector use our provider while the others are using the default one.
> To fix this issue for use we used the attached patch. We would like to get this patch into the next version of JBoss, so we do not have to modify the source code by our self any more. This patch was tested with JBoss 7.1.2, but it still applies against the master branch. If we should do any changed to the patch or if you want to get it in an other form please inform us.
> With this patch we are able to specify our JSSE provider like this:
> {code:xml}
> <connector name="httpspsk" protocol="HTTP/1.1" scheme="https" socket-binding="httpspsk" secure="true">
>   <ssl name="ssl" key-alias="intended purpose ssl test from bremen online services" password="123456" certificate-key-file="${jboss.server.config.dir}/governikus_ssl.jks" protocol="ALL" keystore-type="JKS" ssl_protocol="RFC4279"/>
> </connector>
> {code}
> This is related to Red Hat Customer Portal support case 00721624 "Additional JSSE Provider on socket bindings and connectors"

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira

More information about the jboss-jira mailing list