6 Replies Latest reply on Aug 2, 2012 4:45 AM by rhusar

    Regarding Https Compression (on Chrome Browser)

    er_rupeshmca

      Dear all,

       

       

      I tried to  configure Http compression in /jbossweb.sar/server.xml

       

      <Connector port="8080" address="${jboss.bind.address}" maxThreads="250"

            maxHttpHeaderSize="8192" emptySessionPath="true" protocol="HTTP/1.1"

            enableLookups="false" redirectPort="8443" acceptCount="100" connectionTimeout="20000"

            disableUploadTimeout="true" compression="on"></Connector>

       

      But After starting jboss Chrome still show the red cross on https and show

       

      Your connection to 192.168.2.204 is encrypted with 128-bit encryption.

       

      The connection uses TLS 1.0.

       

      The connection is encrypted using AES_128_CBC, with SHA1 for message authentication and DHE_RSA as the key exchange mechanism.

       

      The connection is not compressed.

       

      The server does not support the TLS renegotiation extension.

       

       

      Also find the screen of chrome browser

       

      Thanks in advance

        • 1. Re: Regarding Https Compression (on Chrome Browser)
          rhusar

          But After starting jboss Chrome still show the red cross on https and show

           

          Can you try also other browsers to confirm whether it is only Chrome?

                disableUploadTimeout="true" compression="on"></Connector>

           

          Can you try to set to "force" and see what happens?

           

          PS: also check what mime type you are viewing. There is a list of compressableMimeType -s which defaults to text/html,text/xml,text/plain.

           

          Message was edited by: Radoslav Husar

          • 2. Re: Regarding Https Compression (on Chrome Browser)
            er_rupeshmca

            Yes now I have applied compression=force and also Mimetypes, But Still now it is showing the same message on chrome as previously..

             

            <Server>

             

               <!-- Optional listener which ensures correct init and shutdown of APR,

                    and provides information if it is not installed -->

               <Listener className="org.apache.catalina.core.AprLifecycleListener" SSLEngine="on" />

               <!--Initialize Jasper prior to webapps are loaded. Documentation at /docs/jasper-howto.html -->

               <Listener className="org.apache.catalina.core.JasperListener" />

             

               <Service name="jboss.web">

             

                  <!-- A HTTP/1.1 Connector on port 8080

                  <Connector protocol="HTTP/1.1" port="8080" address="${jboss.bind.address}"

                           connectionTimeout="20000" redirectPort="8443" /> -->

             

                 <Connector port="8080" address="${jboss.bind.address}" maxThreads="250"

                  maxHttpHeaderSize="8192" emptySessionPath="true" protocol="HTTP/1.1"

                  enableLookups="false" redirectPort="8443" acceptCount="100" connectionTimeout="20000"

                 compressableMimeType="text/html,text/xml,text/css,text/javascript, application/x-javascript,application/javascript"

                  disableUploadTimeout="true" compression="force"></Connector>

             

                  <!-- Add this option to the connector to avoid problems with

                      .NET clients that don't implement HTTP/1.1 correctly

                     restrictedUserAgents="^.*MS Web Services Client Protocol 1.1.4322.*$"

                  -->

             

                  <!-- A AJP 1.3 Connector on port 8009 -->

                  <Connector protocol="AJP/1.3" port="8009" address="${jboss.bind.address}"

                     redirectPort="8443" />

             

                  <!-- SSL/TLS Connector configuration using the admin devl guide keystore -->

                  <Connector protocol="HTTP/1.1" SSLEnabled="true"

                       port="8443" address="${jboss.bind.address}"

                       scheme="https" secure="true" clientAuth="false"

                       keystoreFile="${jboss.server.home.dir}/conf/chap8.keystore"

                       keystorePass="rmi+ssl" sslProtocol = "TLS" />

             

             

            Can you Suggest on this?

            Should i have to add compression parameter in SSL/TLS Connection Configuration and AJP Connector Also ?

            Regards

            Rupesh

            • 3. Re: Regarding Https Compression (on Chrome Browser)
              rhusar

              Should i have to add compression parameter in SSL/TLS Connection Configuration and AJP Connector Also ?

              Yes! That seems to be the glitch. You have enabled compression on the "wrong" connector. Direct your browser to localhost:8080 to test if you enabled successfully but you probably want to configure the same items on the HTTPS connector (running on port 8443).

              • 4. Re: Regarding Https Compression (on Chrome Browser)
                er_rupeshmca

                I have changed http port 8080 to port 80 and SSL port from 8443 to 443

                 

                i have also configure Https port and add compression , please find below configured file..

                 

                Server>

                 

                   <!-- Optional listener which ensures correct init and shutdown of APR,

                        and provides information if it is not installed -->

                   <Listener className="org.apache.catalina.core.AprLifecycleListener" SSLEngine="on" />

                   <!--Initialize Jasper prior to webapps are loaded. Documentation at /docs/jasper-howto.html -->

                   <Listener className="org.apache.catalina.core.JasperListener" />

                 

                   <Service name="jboss.web">

                 

                      <!-- A HTTP/1.1 Connector on port 8080 -->

                      <Connector protocol="HTTP/1.1" port="80" address="${jboss.bind.address}" compression="force"

                       noCompressionUserAgents="gozilla, traviata"

                        compressableMimeType="text/html,text/xml,text/css,text/javascript,application/x-javascript,application/javascript,image/svg+xml,text/json,gzip"

                       connectionTimeout="20000" redirectPort="443" />

                 

                      <!-- Add this option to the connector to avoid problems with

                          .NET clients that don't implement HTTP/1.1 correctly

                         restrictedUserAgents="^.*MS Web Services Client Protocol 1.1.4322.*$"

                      -->

                 

                      <!-- A AJP 1.3 Connector on port 8009 -->

                      <Connector protocol="AJP/1.3" port="8009" address="${jboss.bind.address}"

                         redirectPort="443" />

                 

                      <!-- SSL/TLS Connector configuration using the admin devl guide keystore -->

                      <Connector protocol="HTTP/1.1" SSLEnabled="true"

                           port="443" address="${jboss.bind.address}"

                           maxThreads="20" strategy="ms" maxHttpHeaderSize="8192"

                           emptySessionPath="true"

                            compressableMimeType="text/html,text/xml,text/css,text/javascript,application/x-javascript,application/javascript,image/svg+xml,text/json,gzip"

                           compression="force"

                           scheme="https" secure="true" clientAuth="false"

                           keystoreFile="${jboss.server.home.dir}/conf/chap8.keystore"

                           keystorePass="rmi+ssl" sslProtocol = "TLS" />

                 

                 

                      <Engine name="jboss.web" defaultHost="localhost">

                 

                 

                But still issue not resolved on https but in http the content is showing compressed with wbox command

                 

                i check the compressed content with wbox command utility

                 

                [monitor@app classes]$ wbox http://192.168.149.24:80/cdotmain/ compr

                WBOX 192.168.149.24 (192.168.149.24) port 80 [compr]

                0. 200 OK    781 bytes    1 ms    compr

                1. 200 OK    781 bytes    1 ms    compr

                2. 200 OK    781 bytes    1 ms    compr

                3. 200 OK    781 bytes    1 ms    compr

                 

                And then check on on Https when application redirect from port 80 to 443.

                 

                [monitor@app classes]$ wbox https://192.168.149.24:443/TMRS/ compr

                WBOX 192.168.149.24 (192.168.149.24) port 443 [compr]

                0. 0 ()    7 bytes    1 ms

                1. 0 ()    7 bytes    0 ms

                2. 0 ()    7 bytes    0 ms

                3. 0 ()    7 bytes    0 ms

                4. 0 ()    7 bytes    0 ms

                5. 0 ()    7 bytes    0 ms

                 

                 

                Please suggest

                thanks.

                • 5. Re: Regarding Https Compression (on Chrome Browser)
                  er_rupeshmca

                  I have changed http port 8080 to port 80 and SSL port from 8443 to 443

                   

                  i have also configure Https port and add compression , please find below configured file..

                   

                  Server>

                   

                     <!-- Optional listener which ensures correct init and shutdown of APR,

                          and provides information if it is not installed -->

                     <Listener className="org.apache.catalina.core.AprLifecycleListener" SSLEngine="on" />

                     <!--Initialize Jasper prior to webapps are loaded. Documentation at /docs/jasper-howto.html -->

                     <Listener className="org.apache.catalina.core.JasperListener" />

                   

                     <Service name="jboss.web">

                   

                        <!-- A HTTP/1.1 Connector on port 8080 -->

                        <Connector protocol="HTTP/1.1" port="80" address="${jboss.bind.address}" compression="force"

                         noCompressionUserAgents="gozilla, traviata"

                            compressableMimeType="text/html,text/xml,text/css,text/javascript,application/x-javascript,application/javascript,image/svg+xml,text/json,gzip"

                         connectionTimeout="20000" redirectPort="443" />

                   

                        <!-- Add this option to the connector to avoid problems with

                            .NET clients that don't implement HTTP/1.1 correctly

                           restrictedUserAgents="^.*MS Web Services Client Protocol 1.1.4322.*$"

                        -->

                   

                        <!-- A AJP 1.3 Connector on port 8009 -->

                        <Connector protocol="AJP/1.3" port="8009" address="${jboss.bind.address}"

                           redirectPort="443" />

                   

                        <!-- SSL/TLS Connector configuration using the admin devl guide keystore -->

                        <Connector protocol="HTTP/1.1" SSLEnabled="true"

                             port="443" address="${jboss.bind.address}"

                             maxThreads="20" strategy="ms" maxHttpHeaderSize="8192"

                             emptySessionPath="true"

                                compressableMimeType="text/html,text/xml,text/css,text/javascript,application/x-javascript,application/javascript,image/svg+xml,text/json,gzip"

                             compression="force"

                             scheme="https" secure="true" clientAuth="false"

                             keystoreFile="${jboss.server.home.dir}/conf/chap8.keystore"

                             keystorePass="rmi+ssl" sslProtocol = "TLS" />

                   

                   

                        <Engine name="jboss.web" defaultHost="localhost">

                   

                   

                  But still issue not resolved on https but in http the content is showing compressed with wbox command

                   

                  i check the compressed content with wbox command utility

                   

                  [monitor@app classes]$ wbox http://192.168.149.24:80/cdotmain/ compr

                  WBOX 192.168.149.24 (192.168.149.24) port 80 [compr]

                  0. 200 OK    781 bytes    1 ms    compr

                  1. 200 OK    781 bytes    1 ms    compr

                  2. 200 OK    781 bytes    1 ms    compr

                  3. 200 OK    781 bytes    1 ms    compr

                   

                  And then check on on Https when application redirect from port 80 to 443.

                   

                  [monitor@app classes]$ wbox https://192.168.149.24:443/TMRS/ compr

                  WBOX 192.168.149.24 (192.168.149.24) port 443 [compr]

                  0. 0 ()    7 bytes    1 ms

                  1. 0 ()    7 bytes    0 ms

                  2. 0 ()    7 bytes    0 ms

                  3. 0 ()    7 bytes    0 ms

                  4. 0 ()    7 bytes    0 ms

                  5. 0 ()    7 bytes    0 ms

                   

                   

                  Please suggest

                  thanks.

                   

                   

                  Please help.........

                  • 6. Re: Regarding Https Compression (on Chrome Browser)
                    rhusar

                    It looks as though there is a problem with understanding of what chrome is saying. If you do the steps that you did, just look at the response headers:

                     

                    HTTP/1.1 200 OK

                    Server: Apache-Coyote/1.1

                    X-Powered-By: Servlet 2.5; JBoss-5.0/JBossWeb-2.1

                    Accept-Ranges: bytes

                    ETag: W/"1406-1328876700000"

                    Last-Modified: Fri, 10 Feb 2012 12:25:00 GMT

                    Content-Type: text/html

                    Transfer-Encoding: chunked

                    Content-Encoding: gzip

                    Vary: Accept-Encoding

                    Date: Thu, 02 Aug 2012 08:18:12 GMT

                    You see that the content is compressed with gzip.

                     

                    However, in chrome you will still see:

                     

                    Your connection to localhost is encrypted with 128-bit encryption.

                    The connection uses TLS 1.0.

                    The connection is encrypted using AES_128_CBC, with SHA1 for message authentication and DHE_RSA as the key exchange mechanism.

                    The connection is not compressed.

                    This is because chrome is talking about SSL stream-level compression. You can read some here http://www.belshe.com/2010/11/18/ssl-compression-and-you/

                     

                    Here is a small excerpt:

                     

                    One aspect of SSL which many people are not aware of is that SSL is capable of compressing the entire SSL stream.  The authors of SSL knew that if you’re going to encrypt data, you need to compress it before you encrypt it, since well-encrypted data tends to look pretty random and non-compressible. But even though SSL supports compression, no browsers support it.  Except Chrome 6 & later.

                    Generally, stream-level compression at the SSL layer is not ideal.  Since SSL doesn’t know what data it is transporting, and it could be transporting data which is already compressed, such as a JPG file, or GZIP content from your web site.  And double-compression is a waste of time.  Because of this, historically, no browsers compressed at the SSL layer – we all felt certain that our good brothers on the server side would solve this problem better, with more optimal compression.

                    To enable this in JBoss/Tomcat you should use jboss/tomcat natives (openssl).

                     

                    Rado