2.1.1 Release Notes

Red Hat JBoss Web Server 2.1

Release Notes for Red Hat JBoss Web Server 2.1.1

Red Hat Customer Content Services

Abstract

These release notes contain important information related to Red Hat JBoss Web Server 2.1.1. Read these Release Notes in their entirety before installing Red Hat JBoss Web Server 2.1.1.

1. Introduction to Red Hat JBoss Enterprise Web Server 2.1

Welcome to the Red Hat JBoss Enterprise Web Server 2.1. As you become familiar with the newest version of JBoss Enterprise Web Server, these Release Notes provide you with information about new features, as well as known and resolved issues. Use this document in conjunction with the entire JBoss Enterprise Web Server 2.1 documentation suite, available at the Red Hat Customer Service Portal's JBoss Enterprise Web Server documentation page.

1.1. About Red Hat JBoss Enterprise Web Server

JBoss Enterprise Web Server is a fully-integrated and certified set of components for hosting Java web applications. It is comprised of the industry's leading web server (Apache HTTP Server), the popular Apache Tomcat Servlet container as well as load balancers (mod_jk and mod_cluster), Hibernate, the Tomcat Native library and others.

1.2. Overview

This document contains information about the new features, known and resolved issues of Red Hat JBoss Enterprise Web Server version 2.1. Customers are requested to read this document prior to installing this version.

1.3. Upgraded to openssl-1.0.2h

JBoss Web Server 2.1.1 has been upgraded to openssl-1.0.2h. This is because OpenSSL 0.9.8 is end of life and no longer supported. There is added support of TLSv1.2 and new ciphers only for Apache HTTP Server and JBoss EAP 6.4.10 Natives. By default, SSv3 is disabled. SSLv2 and some unsafe ciphers have been removed.

Note

JBoss Web Server 2.1.1 does not support TLSv1.2 for APR connectors on Tomcat. TLSv1.2 works with Java connectors on JDK 1.7 or later.
JBoss OpenSSL 1.0.2h does not claim FIPS certification. Hence, we do not support and test FIPS with JBoss Web Server 2.1.1 on any of our platforms. In case you need more information about FIPS on a specific platform, you can submit a support case online or contact us by phone.

Note

The tomcat-native is upgraded to version 1.1.34.

1.4. Set OPENSSL_CONF and LD_LIBRARY_PATH

You need to set OPENSSL_CONF and LD_LIBRARY_PATH.
Using the custom engine is feasible as per the upstream documentation. For more information see, https://www.openssl.org/docs/manmaster/apps/config.html

Note

To get your custom engine working, you have to set it in the upper section of the openssl.cnf file before any other section. Then, you need to export the OPENSSL_CONF variable to make openssl use this configuration.
The sample configuration for JBoss Web Server is installed in /home/user/jboss-ews-2.1:
  • export OPENSSL_CONF=/home/user/jboss-ews-2.1/httpd/conf/openssl/pki/tls/openssl.cnf
  • export LD_LIBRARY_PATH=/home/user/jboss-ews-2.1/httpd/lib:$LD_LIBRARY_PATH
The configuration of environment variables is required when the httpd, httpd.event, and httpd.worker are run directly. When apachectl script is used for starting the httpd server, the postinstall script updates the correct LD_LIBRARY_PATH and OPENSSL_CONF variables in the apachectl script.