[wildfly-dev] HTTP/2 out of the box in Wildfly 10.1

Stuart Douglas stuart.w.douglas at gmail.com
Fri Jun 3 03:28:51 EDT 2016


On Fri, 3 Jun 2016, 17:18 Martin Choma <mchoma at redhat.com> wrote:

> Hi Stuart,
>
> I have couple of questions regarding self-signed certificate
> autogeneration:
>
> What happens, when autogenerated certificate expires?
>

I think we would go for ten year expiry so that would not be an issue. The
developer could just delete the store and generate a new one anyway.

How it will be decided if certificate should be autogenerate or not?
>

An attribute in the management model would be needed to explicitly enable
it.


What will be default keysize? It has to be probably choosen to work also
> without "Java Cryptography Extension (JCE) Unlimited Strength Jurisdiction
> Policy"
>

Probably the largest that is supported without JCE. It does not matter that
much, self signed certs are inherently insecure, this is a developer
usability feature, not something that can be used in production.

Stuart


>
>
>
> On Thu, Jun 2, 2016 at 10:01 PM, Stuart Douglas <
> stuart.w.douglas at gmail.com> wrote:
>
>> So I guess we should talk about how this should actually work.
>>
>> In terms of auto generating the key I was thinking we would need to add a
>> new attribute to the 'keystore' element under the security realm, something
>> like 'auto-generate-cert-host="localhost"'. I am not sure what other
>> options we would need, or how configurable we should make it, but as this
>> is for testing/development purposes I don't think we need to expose full
>> control over the certificate generation process.
>>
>> In terms of the implementation we could just implement an SSLContext
>> wrapper, that can do the generation and then create a 'real' SSLContext the
>> first time it is asked to create and SSLEngine.
>>
>> Stuart
>>
>> On Fri, Jun 3, 2016 at 3:19 AM, Jason Greene <jason.greene at redhat.com>
>> wrote:
>>
>>>
>>> > On Jun 2, 2016, at 11:29 AM, Harold Campbell <hcamp at muerte.net> wrote:
>>> >
>>> > On Thu, 2016-06-02 at 09:22 +1000, Stuart Douglas wrote:
>>> >> Hi All,
>>> >>
>>> >> I would like to propose that we add support for HTTP/2 out of the box
>>> >> in Wildfly 10.1.
>>> >>
>>> >
>>> > This lowly user desperately wants a release containing the fix to WFLY-
>>> > 6283 sooner rather than later. I'm sure other people have other pet
>>> > bugs awaiting release.
>>> >
>>> > I have no opinion on HTTP/2 being added other than to ask that pent up
>>> > bug fixes be kept in mind.
>>>
>>>
>>> Hi Harold,
>>>
>>> That fix is already in master, so it will be included in 10.1.
>>>
>>> --
>>> Jason T. Greene
>>> WildFly Lead / JBoss EAP Platform Architect
>>> JBoss, a division of Red Hat
>>>
>>>
>>
>> _______________________________________________
>> wildfly-dev mailing list
>> wildfly-dev at lists.jboss.org
>> https://lists.jboss.org/mailman/listinfo/wildfly-dev
>>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/wildfly-dev/attachments/20160603/674c3bc9/attachment.html 


More information about the wildfly-dev mailing list