B4J Tutorial [server] Conscrypt and Http/2

Erel

Administrator
Staff member
Licensed User
Edit: It seems like there is an issue with Http/2 enabled with Conscrypt (https://github.com/eclipse/jetty.project/issues/2342). For now it is recommended to use Java 9+ without Conscrypt if you want to enable Http/2.

Http/2 is a newer version of the Http protocol. It provides better performance over Http 1.1 with lower overhead.
If the browser doesn't support Http/2 then it will switch automatically to Http 1.1.

Conscrypt is an open source project developed by Google that provides an alternative SSL provider.
1. It provides better performance than the default SSL provider.
2. It supports Http/2, including with Java 8.

The default provider supports Http/2 starting from Java 9.

This means that you have two options to enable Http/2:
1. With Java 9+ and the default provider.
2. With Java 8+ and Conscrypt.
Conscrypt is the recommended provider.
Note that you can use Conscrypt without Http/2.

Http/2 is supported by jServer for a long time, however with jServer v3.00 (B4J v6.3) the configuration is much simpler.

1. Http/2 only works with SSL connections. This means that you first need to configure SSL.
2. Set Server.Http2Enabled property to True before the server is started.
3. If you want to use Conscrypt:
- Download conscrypt jar and copy it to the additional libraries folder
- Add:
B4X:
#AdditionalJar: conscrypt-openjdk-uber-1.1.4
And call:
B4X:
ssl.EnableConscryptProvider
Example:
B4X:
Sub AppStart (Args() As String)
   srvr.Initialize("srvr")
   srvr.Port = 6727
   srvr.AddHandler("/hello", "HelloPage", False)
   srvr.AddWebSocket("/test", "test")
   srvr.Http2Enabled = True '<-------
   ConfigureSSL(55555)
   srvr.Start
   StartMessageLoop
End Sub

Private Sub ConfigureSSL (SslPort As Int)
   Dim ssl As SslConfiguration
   ssl.Initialize
   ssl.SetKeyStorePath("...", "...") 'path to keystore file
   ssl.KeyStorePassword = "xxx"
   ssl.KeyManagerPassword ="xxx"
   ssl.EnableConscryptProvider '<-----------
   srvr.SetSslConfiguration(ssl, SslPort)
End Sub
You should see these two lines in the logs when the server is started:

2018-05-15:INFOejus.SslContextFactory:main: x509=X509@3c7f66c4(jetty,h=[b4x.com],w=[b4x.com]) for SslContextFactory@194bcebf[provider=[B]Conscrypt[/B],keyStore=...,trustStore=null]
2018-05-15:INFOejs.AbstractConnector:main: Started ServerConnector@173ed316{SSL,[ssl, alpn, h2, http/1.1]}{0.0.0.0:55555}

Check the protocol with the browser developer tools:




The special boot class jar that was previously used is no longer required.
 
Last edited:

Erel

Administrator
Staff member
Licensed User
Http/2 has nothing to do with your question. Please start a new thread in the questions forum for further discussion.
 

Jmu5667

Well-Known Member
Licensed User
Morning, Just implemented this new method, all good so far !!! This probably means we can you this on java 8 152+, as currently using the old bootclass method fails on Java 8 152+

Great work as always Erel.
 

Jmu5667

Well-Known Member
Licensed User
I will update to latest Java and let you know the results, maybe try Java 64 bit also
 

gravel

Member
Licensed User
Just to clarify for me.
For now it is recommended to use Java 9+ without Conscrypt if you want to enable Http/2.
Does this mean that Conscrypt is OK with Java 8?
 

Erel

Administrator
Staff member
Licensed User
No. If you want to use Http/2 you should use Java 9 or 10 without Conscrypt.
 

alwaysbusy

Expert
Licensed User
I'm not quite clear now what we have to do to use HTTP2:

1. Conscrypt: memory leak in Jetty/conscrypt (not yet got the 'to many files' error, but shouldn't be used from what I understand)
2. JDK 9 + #VirtualMachineArgs: -Xbootclasspath/p:alpn-boot-8.1.12.v20180117.jar: -Xbootclasspath/p is no longer a supported option.

So is reverting back to JDK 1.8.0.171 the correct way of action?
 

Erel

Administrator
Staff member
Licensed User
So is reverting back to JDK 1.8.0.171 the correct way of action?
No.

It is simple:

1. Use Java 9+.
2. Don't do anything else except of setting Http2Enabled to True.

To make it clear:

1. Do not add -Xbootclasspath...
2. Do not call ssl.EnableConscryptProvider
3. Do not add #AdditionalJar: conscrypt-openjdk-uber-1.1.
 

Erel

Administrator
Staff member
Licensed User
Based on my tests there is still a leak of file descriptors with Conscrypt. I've reverted back to the Java 9+ provider.

The good news is that it is already very simple to enable Http/2 and it works well.
 
Top