[jboss-jira] [JBoss JIRA] (WFLY-7344) HTTP2 / ALPN does not work when using wildfly-openssl

Stuart Douglas (JIRA) issues at jboss.org
Tue Oct 18 16:34:02 EDT 2016 

     [ https://issues.jboss.org/browse/WFLY-7344?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Stuart Douglas moved JBEAP-6494 to WFLY-7344:
---------------------------------------------

              Project: WildFly  (was: JBoss Enterprise Application Platform)
                  Key: WFLY-7344  (was: JBEAP-6494)
             Workflow: GIT Pull Request workflow   (was: CDW with loose statuses v1)
          Component/s: Security
                       Server
                           (was: Security)
                           (was: Server)
    Affects Version/s:     (was: 7.1.0.DR6)


> HTTP2 / ALPN does not work when using wildfly-openssl
> -----------------------------------------------------
>
>                 Key: WFLY-7344
>                 URL: https://issues.jboss.org/browse/WFLY-7344
>             Project: WildFly
>          Issue Type: Bug
>          Components: Security, Server
>            Reporter: Stuart Douglas
>            Assignee: Stuart Douglas
>              Labels: wildfly-openssl
>
> wildfly-openssl version used: {{1.0.0.Alpha1}}.
> I have a problem to use HTTP2 on EAP when using OpenSSL implementation based on the wildfly-openssl project. When I use standard 'TLS' protocol, HTTP2 works just fine (using Chrome as a client). But when I switch to 'openssl.TLS', client uses HTTP/1.1 and never upgrade to HTTP2.
> What I do:
> # start EAP
> # perform request to: https://localhost:8443   ----- HTTP2 is used here
> # {{/core-service=management/security-realm=ApplicationRealm/server-identity=ssl:write-attribute(name=protocol,value=openssl.TLS)}}
> # reload
> # perform request to: https://localhost:8443   ----- HTTP/1.1 is used here
> I tried to check in Wireshark. When I compared Client and Server Hello packets, I can see that in both cases the Client Hello packets contains TLS ALPN extension part with offered protocols h2 and http/1.1. Although Server Hello packets differs. When 'TLS' is used, then Server Hello packet contains ALPN extension with chosen protocol of 'h2'. But when 'openssl.TLS' is used, I can see that appropriate Server Hello packet does not contain ALPN extension part at all, which I presume leads that HTTP/1.1 protocol is used for further communication.
> Not sure whether it is related somehow, I can also see that different types of ciphers are used - TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 in case of 'TLS' and TLS_RSA_WITH_AES_128_GCM_SHA256 in case of 'openssl.TLS'.
> My openssl version is: {{1.0.2j-fips}}
> Not sure whether there must be performed some extra configuration to make HTTP2/ALPN work when using openssl implementation.



--
This message was sent by Atlassian JIRA
(v6.4.11#64026)

More information about the jboss-jira mailing list