<div dir="ltr"><div><div>Hi Stuart, <br><br>I have couple of questions regarding self-signed certificate autogeneration:<br><br>What happens, when autogenerated certificate expires?<br></div>How it will be decided if certificate should be autogenerate or not?<br>What will be default keysize? It has to be probably choosen to work also without "Java Cryptography Extension (JCE) Unlimited Strength Jurisdiction Policy"<br></div><br><br><br></div><div class="gmail_extra"><br><div class="gmail_quote">On Thu, Jun 2, 2016 at 10:01 PM, Stuart Douglas <span dir="ltr"><<a href="mailto:stuart.w.douglas@gmail.com" target="_blank">stuart.w.douglas@gmail.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr"><div><div>So I guess we should talk about how this should actually work. <br><br></div>In terms of auto generating the key I was thinking we would need to add a new attribute to the 'keystore' element under the security realm, something like 'auto-generate-cert-host="localhost"'. I am not sure what other options we would need, or how configurable we should make it, but as this is for testing/development purposes I don't think we need to expose full control over the certificate generation process.<br><br></div><div>In terms of the implementation we could just implement an SSLContext wrapper, that can do the generation and then create a 'real' SSLContext the first time it is asked to create and SSLEngine.<span class="HOEnZb"><font color="#888888"><br></font></span></div><span class="HOEnZb"><font color="#888888"><div><br></div>Stuart<br></font></span></div><div class="HOEnZb"><div class="h5"><div class="gmail_extra"><br><div class="gmail_quote">On Fri, Jun 3, 2016 at 3:19 AM, Jason Greene <span dir="ltr"><<a href="mailto:jason.greene@redhat.com" target="_blank">jason.greene@redhat.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><span><br>
> On Jun 2, 2016, at 11:29 AM, Harold Campbell <<a href="mailto:hcamp@muerte.net" target="_blank">hcamp@muerte.net</a>> wrote:<br>
><br>
> On Thu, 2016-06-02 at 09:22 +1000, Stuart Douglas wrote:<br>
>> Hi All,<br>
>><br>
>> I would like to propose that we add support for HTTP/2 out of the box<br>
>> in Wildfly 10.1.<br>
>><br>
><br>
> This lowly user desperately wants a release containing the fix to WFLY-<br>
> 6283 sooner rather than later. I'm sure other people have other pet<br>
> bugs awaiting release.<br>
><br>
> I have no opinion on HTTP/2 being added other than to ask that pent up<br>
> bug fixes be kept in mind.<br>
<br>
<br>
</span>Hi Harold,<br>
<br>
That fix is already in master, so it will be included in 10.1.<br>
<br>
--<br>
Jason T. Greene<br>
WildFly Lead / JBoss EAP Platform Architect<br>
JBoss, a division of Red Hat<br>
<br>
</blockquote></div><br></div>
</div></div><br>_______________________________________________<br>
wildfly-dev mailing list<br>
<a href="mailto:wildfly-dev@lists.jboss.org">wildfly-dev@lists.jboss.org</a><br>
<a href="https://lists.jboss.org/mailman/listinfo/wildfly-dev" rel="noreferrer" target="_blank">https://lists.jboss.org/mailman/listinfo/wildfly-dev</a><br></blockquote></div><br></div>