<html><head><meta http-equiv="content-type" content="text/html; charset=utf-8"></head><body dir="auto"><div><br></div><blockquote type="cite"><div class="gmail_quote"><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr"><div>What will be default keysize? It has to be probably choosen to work also without "Java Cryptography Extension (JCE) Unlimited Strength Jurisdiction Policy"<br></div></div></blockquote></div><div><br></div><div>Probably the largest that is supported without JCE. It does not matter that much, self signed certs are inherently insecure, this is a developer usability feature, not something that can be used in production.</div></blockquote><div><br></div><div>IIRC there is actually no limit on RSA key size, it's only symmetric algs that are limited, so we could use a standard 2048 bit key without issue.</div><div><br></div><br><blockquote type="cite"><div><br></div><div>Stuart</div><div><br></div><div class="gmail_quote"><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr"><div></div><br><br><br></div><div class="gmail_extra"><br><div class="gmail_quote"></div></div><div class="gmail_extra"><div class="gmail_quote">On Thu, Jun 2, 2016 at 10:01 PM, Stuart Douglas <span dir="ltr"><<a href="mailto:stuart.w.douglas@gmail.com" target="_blank">stuart.w.douglas@gmail.com</a>></span> wrote:<br></div></div><div class="gmail_extra"><div class="gmail_quote"><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr"><div><div>So I guess we should talk about how this should actually work. <br><br></div>In terms of auto generating the key I was thinking we would need to add a new attribute to the 'keystore' element under the security realm, something like 'auto-generate-cert-host="localhost"'. I am not sure what other options we would need, or how configurable we should make it, but as this is for testing/development purposes I don't think we need to expose full control over the certificate generation process.<br><br></div><div>In terms of the implementation we could just implement an SSLContext wrapper, that can do the generation and then create a 'real' SSLContext the first time it is asked to create and SSLEngine.<span><font color="#888888"><br></font></span></div><span><font color="#888888"><div><br></div>Stuart<br></font></span></div><div><div><div class="gmail_extra"><br><div class="gmail_quote">On Fri, Jun 3, 2016 at 3:19 AM, Jason Greene <span dir="ltr"><<a href="mailto:jason.greene@redhat.com" target="_blank">jason.greene@redhat.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><span><br>
> On Jun 2, 2016, at 11:29 AM, Harold Campbell <<a href="mailto:hcamp@muerte.net" target="_blank">hcamp@muerte.net</a>> wrote:<br>
><br>
> On Thu, 2016-06-02 at 09:22 +1000, Stuart Douglas wrote:<br>
>> Hi All,<br>
>><br>
>> I would like to propose that we add support for HTTP/2 out of the box<br>
>> in Wildfly 10.1.<br>
>><br>
><br>
> This lowly user desperately wants a release containing the fix to WFLY-<br>
> 6283 sooner rather than later. I'm sure other people have other pet<br>
> bugs awaiting release.<br>
><br>
> I have no opinion on HTTP/2 being added other than to ask that pent up<br>
> bug fixes be kept in mind.<br>
<br>
<br>
</span>Hi Harold,<br>
<br>
That fix is already in master, so it will be included in 10.1.<br>
<br>
--<br>
Jason T. Greene<br>
WildFly Lead / JBoss EAP Platform Architect<br>
JBoss, a division of Red Hat<br>
<br>
</blockquote></div><br></div>
</div></div><br></blockquote></div></div><div class="gmail_extra"><div class="gmail_quote"><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">_______________________________________________<br>
wildfly-dev mailing list<br>
<a href="mailto:wildfly-dev@lists.jboss.org" target="_blank">wildfly-dev@lists.jboss.org</a><br>
<a href="https://lists.jboss.org/mailman/listinfo/wildfly-dev" rel="noreferrer" target="_blank">https://lists.jboss.org/mailman/listinfo/wildfly-dev</a><br></blockquote></div></div></blockquote></div>
</blockquote><blockquote type="cite"><div><span>_______________________________________________</span><br><span>wildfly-dev mailing list</span><br><span><a href="mailto:wildfly-dev@lists.jboss.org">wildfly-dev@lists.jboss.org</a></span><br><span><a href="https://lists.jboss.org/mailman/listinfo/wildfly-dev">https://lists.jboss.org/mailman/listinfo/wildfly-dev</a></span></div></blockquote></body></html>