Clojurians Log v2

@jaen: i've had a little success

it seems having the alpn-boot jar on the bootclasspath is a fundamental requirement

so this does the trick for me...

java -Xbootclasspath/p:/tmp/alpn.jar -jar target/immutant-repro-0.1.0-SNAPSHOT-standalone.jar

that alpn.jar is a copy of [org.mortbay.jetty.alpn/alpn-boot "8.1.5.v20150921"] from my local .m2 repo

yay!

@jaen: i just pushed changes to my fork that fix both 'lein run' and invoking core/start! from a REPL. the :prepend true option is critical in that :boot-dependencies vector

still wish i could get the less-awful-ssl stuff working, but i guess like it's name implies, "less awful" is still awful 😉

its*

@jcrossley3: nice, I'll check it out with a while; I made the reproduction with lein for your convenience, but I usually use boot, so I'll have to figure out how to do it there. I assume AOT and genclass something that is required and this won't work without it?

@jaen: no, aot/genclass only required for uberjar creation, which isn't relevant. i only put it in there to make sure all 3 worked (lein run, repl, and uberjar)

that bootclasspath plugin is pretty simple -- it just adds jvm options -- so should be straightforward in boot

I see. When I tried to use boot-immutantand did it like (comp (aot) (immutant-war)) I ended up with a war that didn't contain sources and wouldn't boot in Wildfly, so just wanted to know if it's necessary to AOT.

(or I might have been doing something else wrong)

I'll let you know when I try it out.

our own @tcrawley is the boot-immutant expert, but i wouldn't think any aot stuff would be required for an immutant-war

Yeah, it seems to require just sources.

jaen: that sounds like it might be a bug. would you mind filing an issue at https://github.com/immutant/boot-immutant/issues

Sure, I will.

@jcrossley3: so you say lein run works for your repo when you connect with a browser, yes?

@jaen: yes

jaen: thanks!

I'm just trying it as-is for now and I get this - https://gist.github.com/jaen/48e4f17644bdaa4bf279

huh

i'm using java "1.8.0_66"

Tried with curl, Open SSL, Chrome 47.0.2526.35 and Firefox 38.0a1 (2015-02-18) and they all just hang there waiting for a reply.

Hmm

1.8.0_40 over here.

I can try upgrading

Oh

or try downgrading to [org.mortbay.jetty.alpn/alpn-boot "8.1.2.v20141202"]

Wait

Yeah

Just wanted to say that

That I remembered it's locked to JVM version

i actually tried a few alpn versions in my noodlings and they all worked for me

the 8.1.2 version is hardcoded in the undertow source examples

These docs here say it's locked to JDK version http://www.eclipse.org/jetty/documentation/9.2.8.v20150217/alpn-chapter.html

Though it says OpenJDK. I have Orcale JDK, so maybe that's the cause?

yeah, i'm just relaying what Mr. Empirical told me. :simple_smile:

i'm using oracle, fwiw

@jaen: you get that when lein run starts or when the browser connects?

When I connect

and this is using my latest fork?

Yes, just pulled

Updating JDK did the trick

@jaen: can you do this at a repl? (import 'sun.security.ssl.ServerHandshaker)

1.8.0_66 works perfectly

ah, cool

i guess that's a new class then

man this stuff is BRITTLE!

That's interesting though, I think I read in some docs _40 was sufficient. Guess not.

Yeah, quite so.

I'll just see if this works with boot and I'll be set.

I imagine you have to do it differently if you run from Wildfly instead of standalone, right?

Config with some XMLs and whatnot.

yes, but the principles are the same. this just came out yesterday: http://blog.eisele.net/2015/11/http2-with-jboss-eap-7.html

should apply to wildfly as well as eap

Yeah, I've just googled this as well - http://undertow.io/blog/2015/03/26/HTTP2-In-Wildfly.html

yep, same idea

So I'll just have to figure what XML that maps to and modify the configuration of Wildfly accordingly.

Thanks for all the help. I'll file the boot-immutant issue when I get this figured out.

@jaen: thanks for driving us to figure this stuff out! :simple_smile:

people underestimate the value of bug reports

Incidentally, I imagine it's of less interest since you can config that in Wildfly and I guess it's the more "proper" way to deploy than standalone Immutant, but do you know whether you can config cipher suites and TLS levels programmatically for undertow?

Because it's in the XMLs, but I'm not sure how that maps to the config builder.

maybe? i guess that's what JAAS is for? but probably involves the use of keytool or some openssl tool? i dunno really.

@jaen: i think your changes through the cli will persist in the xml files, so you can copy/paste from them afterwards

I figured that maybe you know of some resource that explains how <https-listener name="https-2" socket-binding="https-2" security-realm="UndertowRealm" enabled-cipher-suites="ALL:!MD5:!DHA" enabled-protocols="SSLv3, TLSv1.2"/> maps to Undertow config builder, but then maybe again I'm expecting too much documentation ; F

yeah, that's a lot to expect :simple_smile:

Yeah, it's all fresh stuff so no surprise there's not all that much docs (and in general Java libs documentation seems somewhat lacking at times).

I'll just dig around then, maybe something will come up.