3 Replies Latest reply on Apr 9, 2014 1:05 PM by creatureoflegend

What SSL implementation does Jboss 5 use by default?

creatureoflegend Apr 8, 2014 4:05 PM

Hello, All. For the last hour or so, I've been trying to find out what SSL implementation jboss 5 uses by default (if you don't specify SSLImplementation in the https connector to see if it's impacted by this:

http://news.softpedia.com/news/OpenSSL-Has-a-Critical-Security-Vulnerability-Affecting-Two-Thirds-of-the-Web-436366.shtml

Can anyone shed some light on this?

Thanks!

1. Re: What SSL implementation does Jboss 5 use by default?

robert.piskule Apr 8, 2014 6:03 PM (in response to creatureoflegend)

I am also seeking this answer.

Thanks,
-Rob

----
EDIT:
I *THINK* I'm O.K., but it would be helpful if someone else also reviewed.

We use Tomcat in JBOSS.

Tomcat has a nice table at the bottom of what does and does not use OpenSSL:
https://tomcat.apache.org/tomcat-6.0-doc/config/http.html#SSL_Support

In the middle of this document, they show what the difference between OpenSSL and JSSE looks like:
https://tomcat.apache.org/tomcat-6.0-doc/ssl-howto.html

Ultimately, I *THINK* if you use the keystore parameter, that means you are NOT using OpenSSL.
1 of 1 people found this helpful
Actions
2. Re: What SSL implementation does Jboss 5 use by default?

robert.piskule Apr 9, 2014 9:29 AM (in response to robert.piskule)

http://www.techstacks.com/howto/secure-ssl-in-tomcat.html

This is the information we are looking for, but I still can't find where it is specified in the XML files.

EDIT:
I couldn't find it in the xml, but I did find this in the logs:
./log/server.log.2014-04-08:91:2014-04-08 19:17:25,969 INFO [org.apache.coyote.http11.Http11Protocol] (main) Starting Coyote HTTP/1.1 on http-0.0.0.0-8443

So I believe I am using JSSE. If this is different for you, you may be using OpenSSL.

A Java-Based HTTP Connector
If you are using a Java-based http connector, (one that does not have the initials "APR" in the name, then SSL is handled through the Java Secure Socket Extension (JSSE). Tomcat ships with two connectors, the standard HTTP 1.1-compliant connector and the non-blocking HTTP 1.1-compliant connector. They are known by the following names: org.apache.coyote.http11.Http11Protocol and org.apache.coyote.http11.Http11NioProtocol. The default used by both Tomcat 5.5 and Tomcat 6 is the blocking Http11Protocol connector. The non-blocking connector is new in Tomcat 6.0.
1 of 1 people found this helpful
Actions
3. Re: What SSL implementation does Jboss 5 use by default?

creatureoflegend Apr 9, 2014 1:05 PM (in response to robert.piskule)

Thanks, Robert!

I think to use APR in Jboss 5, you have to download and install the "native" connector:

To use APR, all you need to do is download JBoss Native and unpack it into your JBOSS_HOME. No other configuration is necessary.

Enabling APR connector on JBoss 5.0.0 GA

And to do that you got to download some special stuff:

Now, restart JBoss and, from the console, verify that the connector is bound to Http11AprProtocol.
[img="http://dgdsbygo8mp3h.cloudfront.net/sites/default/files/Article-Images/jboss5-article1-image11.png"]

http://www.packtpub.com/article/configuring-jboss-application-server-5

Since I found this in my logs, I'm assuming I don't have it installed:

2014-04-09 03:12:22,516 INFO [org.apache.catalina.core.AprLifecycleListener] (main) The Apache Tomcat Native library which allows optimal performance in production environments was not found on the java.library.path: [your jboss installation dir]\server\default\lib

Look for something like that in your server.log
Actions

Go to original post

A Java-Based HTTP Connector