Security
This section describes known issues and associated solutions related to Application Server and web application security and certificates.
SSL termination is not working (6269102)
Description
SSL termination is not working; when Load Balancer (Hardware) is configured for SSL termination, the Application Server changes the protocol from https to http during redirection.
Solution
Add a software load balancer between the hardware load balancer and the Application Server.
Socket connection leak with SSL (6492477)
Description
Because of a JVM bug, there is a leak issue with some JDK versions when security-enabled is set to true on an HTTP listener. Specifically, the steps to reproduce this bug are as follows:
-
Set security-enabled to true on the HTTP listener:
<http-listener acceptor-threads="1" address="0.0.0.0" blocking-enabled="false" default-virtual-server="server" enabled="true" family="inet" id=" http-listener-1" port="8080" security-enabled="true" server-name="" xpowered-by="true">
-
Comment out stopping domain at the end of quicklook tests.
-
Run quicklook tests.
-
Check socket usage:
netstat -an | grep 8080
The following are shown to be in use:
*.8080 *.* 0 0 49152 0 LISTEN *.8080 *.* 0 0 49152 0 BOUND
This issue is tracked on the Glassfish site at https://glassfish.dev.java.net/issues/show_bug.cgi?id=849.
Solution
Upgrade to the latest JDK version.
- © 2010, Oracle Corporation and/or its affiliates