After upgrading from JBoss AS 7 to WildFLy 10, we experienced problems in the connection from a remote client, which acts as a JMS producer.
JMS over SSL: Client starting STARTTLS but channel doesn't support SSL
The server configuration was not meant to use SSL, and the client neither, but the client is trying to secure the channel, although we don't need it and we didn't change the client configuration that was working before.
Client context properties:
java.naming.security.principal=pubclient
java.naming.security.credentials=xxxxxxxx
java.naming.provider.url=remote://server:4447
java.naming.factory.initial=org.jboss.naming.remote.client.InitialContextFactory
java.naming.factory.url.pkgs=org.jboss.ejb.client.naming
j2ee.clientName=pubadmin
jboss.naming.client.ejb.context=true
java.naming.security.principal=pubclient
Server config:
<subsystem xmlns="urn:jboss:domain:ejb3:4.0">
...
<remote connector-ref="http-remoting-connector" thread-pool-name="default"/>
...
<subsystem xmlns="urn:jboss:domain:remoting:3.0">
<endpoint auth-realm="ApplicationRealm"/>
<connector name="remoting-connector" socket-binding="remoting" security-realm="ApplicationRealm"/>
<http-connector name="http-remoting-connector" connector-ref="default" security-realm="ApplicationRealm"/>
</subsystem>
...
<socket-binding-group name="standard-sockets" default-interface="public" port-offset="${jboss.socket.binding.port-offset:0}">
...
<socket-binding name="remoting" port="4447"/>
Stack trace:
javax.naming.CommunicationException: Failed to connect to any server. Servers tried: [remote://vspidid2:4447 (java.io.IOException: Client starting STARTTLS but channel doesn't support SSL)]
at org.jboss.naming.remote.client.HaRemoteNamingStore.failOverSequence(HaRemoteNamingStore.java:244) ~[jboss-remote-naming-2.0.4.Final.jar:2.0.4.Final]
at org.jboss.naming.remote.client.HaRemoteNamingStore.namingStore(HaRemoteNamingStore.java:149) ~[jboss-remote-naming-2.0.4.Final.jar:2.0.4.Final]
at org.jboss.naming.remote.client.HaRemoteNamingStore.namingOperation(HaRemoteNamingStore.java:130) ~[jboss-remote-naming-2.0.4.Final.jar:2.0.4.Final]
at org.jboss.naming.remote.client.HaRemoteNamingStore.lookup(HaRemoteNamingStore.java:272) ~[jboss-remote-naming-2.0.4.Final.jar:2.0.4.Final]
at org.jboss.naming.remote.client.RemoteContext.lookupInternal(RemoteContext.java:104) ~[jboss-remote-naming-2.0.4.Final.jar:2.0.4.Final]
at org.jboss.naming.remote.client.RemoteContext.lookup(RemoteContext.java:93) ~[jboss-remote-naming-2.0.4.Final.jar:2.0.4.Final]
at org.jboss.naming.remote.client.RemoteContext.lookup(RemoteContext.java:146) ~[jboss-remote-naming-2.0.4.Final.jar:2.0.4.Final]
at javax.naming.InitialContext.lookup(InitialContext.java:417) ~[na:1.8.0_111]
at org.wipo.pct.pubadmin.core.oo.OoFactory4POJO.getConnectionFactory(OoFactory4POJO.java:135) ~[classes/:na]
at org.wipo.pct.pubadmin.core.oo.OoFactory4POJO.createFormatter(OoFactory4POJO.java:68) ~[classes/:na]
at org.wipo.pct.pubadmin.core.oo.OoFactory4POJO.createFormatter(OoFactory4POJO.java:1) ~[classes/:na]
at org.wipo.pct.pubadmin.gui.TaskFrame$CreateResources.call(TaskFrame.java:160) ~[classes/:na]
at org.wipo.pct.pubadmin.gui.TaskFrame$CreateResources.call(TaskFrame.java:1) ~[classes/:na]
at org.wipo.pct.swing.FailsafeActionListener$1.doInBackground(FailsafeActionListener.java:52) ~[classes/:na]
at javax.swing.SwingWorker$1.call(SwingWorker.java:295) ~[na:1.8.0_111]
at java.util.concurrent.FutureTask.run(FutureTask.java:266) ~[na:1.8.0_111]
at javax.swing.SwingWorker.run(SwingWorker.java:334) ~[na:1.8.0_111]
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142) ~[na:1.8.0_111]
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617) ~[na:1.8.0_111]
at java.lang.Thread.run(Thread.java:745) ~[na:1.8.0_111]
We have workarounded the issue by disabling SSL on the remote, standalone client, by setting a the property jboss.naming.client.connect.options.org.xnio.Options.SSL_STARTTLS to false.
jboss.naming.client.connect.options.org.xnio.Options.SSL_STARTTLS=false
# jboss.naming.client.remote.connectionprovider.create.options.org.xnio.Options.SSL_ENABLED=false