Security

This section describes known issues and associated solutions related to Communications Server and web application security and certificates.

OutofMemory Error in SSL Scenarios During Heavy Stress (JDK 6 Issue 23)

Description

A JDK bug (See: https://jdk6.dev.java.net/issues/show_bug.cgi?id=23) in JDK6 Sun PKCS11 Provider could cause an OutOfMemoryError when running certain SSL scenarios under heavy stress.

Solution

If you run into this issue, remove sun.security.pkcs11.SunPKCS11 provider from the java.security file in your JRE installation.

SSL termination is not working (6269102)

Description

SSL termination is not working; when Load Balancer (Hardware) is configured for SSL termination, the Communications Server changes the protocol from https to http during redirection.

Solution

Add a software load balancer between the hardware load balancer and the Communications Server.

Socket connection leak with SSL (6492477)

Description

Because of a JVM bug, there is a leak issue with some JDK versions when security-enabled is set to true on an HTTP listener. Specifically, the steps to reproduce this bug are as follows:

1. Set security-enabled to true on the HTTP listener:

   <http-listener acceptor-threads="1" address="0.0.0.0" blocking-enabled="false" default-virtual-server="server" enabled="true" family="inet" id=" http-listener-1" port="8080" security-enabled="true" server-name="" xpowered-by="true">

2. Comment out stopping domain at the end of quicklook tests.

3. Run quicklook tests.

4. Check socket usage:

   netstat -an | grep 8080

   The following are shown to be in use:

   *.8080 *.* 0 0 49152 0 LISTEN *.8080 *.* 0 0 49152 0 BOUND

This issue is tracked on the GlassFish site at https://glassfish.dev.java.net/issues/show_bug.cgi?id=849.

Solution

Upgrade to the latest JDK version.