March 2018 - jboss-jira - Jboss List Archives

[JBoss JIRA] (ELY-1369) FIPS mode, Elytron HTTP DIGEST authentication mechanism not fips compliant

by Jan Kalina (JIRA)

[ https://issues.jboss.org/browse/ELY-1369?page=com.atlassian.jira.plugin.s... ] Jan Kalina edited comment on ELY-1369 at 3/13/18 10:10 AM: ----------------------------------------------------------- [~mchoma] yes, if multiple auth-methods is allowed in web.xml, and they are configure in http-authentication-factory too, server should send multiple authorize headers and client choose one of them. Ad clients: also *Apache HttpClient* supports DIGEST-SHA-256, but not DIGEST-512-256. was (Author: honza889): [~mchoma] yes, if multiple auth-methods is allowed in web.xml, and they are configure in http-authentication-factory too, server should send multiple authorize headers and client choose one of them. > FIPS mode, Elytron HTTP DIGEST authentication mechanism not fips compliant > -------------------------------------------------------------------------- > > Key: ELY-1369 > URL: https://issues.jboss.org/browse/ELY-1369 > Project: WildFly Elytron > Issue Type: Bug > Components: HTTP > Affects Versions: 1.2.0.Beta3 > Reporter: Jan Kalina > Assignee: Jan Kalina > Fix For: 1.2.0.Beta11 > > > Elytron HTTP DIGEST authentication comply to rfc2617 - which means MD5 is used by default (it means it is hardcode, with no way to configure another hash algorithm). But MD5 could make troubles in fips environment [5]. > {code:java|title=DigestAuthenticationMechanism.java} > String algorithm = convertToken(ALGORITHM, responseTokens.get(ALGORITHM)); > if (MD5.equals(algorithm) == false) { > throw log.mechUnsupportedAlgorithm(getMechanismName(), algorithm); > } > {code} > There exists proposed rfc7616 which makes algorithm configurable, work on new DIGEST features are covered by [1]. [~dlofthouse] is it planned for [1] to target 7.1? > [1] https://issues.jboss.org/browse/ELY-286 > [2] https://developer.jboss.org/wiki/ElytronHTTPDigestNonceHandling-Design > [3] https://tools.ietf.org/html/rfc2617 > [4] https://tools.ietf.org/html/rfc7616 > [5] https://access.redhat.com/support/cases/#/case/01761455 -- This message was sent by Atlassian JIRA (v7.5.0#75005)

8 years, 3 months

1
0
0 / 0

[JBoss JIRA] (ELY-1369) FIPS mode, Elytron HTTP DIGEST authentication mechanism not fips compliant

by Jan Kalina (JIRA)

[ https://issues.jboss.org/browse/ELY-1369?page=com.atlassian.jira.plugin.s... ] Jan Kalina commented on ELY-1369: --------------------------------- [~mchoma] yes, if multiple auth-methods is allowed in web.xml, and they are configure in http-authentication-factory too, server should send multiple authorize headers and client choose one of them. > FIPS mode, Elytron HTTP DIGEST authentication mechanism not fips compliant > -------------------------------------------------------------------------- > > Key: ELY-1369 > URL: https://issues.jboss.org/browse/ELY-1369 > Project: WildFly Elytron > Issue Type: Bug > Components: HTTP > Affects Versions: 1.2.0.Beta3 > Reporter: Jan Kalina > Assignee: Jan Kalina > Fix For: 1.2.0.Beta11 > > > Elytron HTTP DIGEST authentication comply to rfc2617 - which means MD5 is used by default (it means it is hardcode, with no way to configure another hash algorithm). But MD5 could make troubles in fips environment [5]. > {code:java|title=DigestAuthenticationMechanism.java} > String algorithm = convertToken(ALGORITHM, responseTokens.get(ALGORITHM)); > if (MD5.equals(algorithm) == false) { > throw log.mechUnsupportedAlgorithm(getMechanismName(), algorithm); > } > {code} > There exists proposed rfc7616 which makes algorithm configurable, work on new DIGEST features are covered by [1]. [~dlofthouse] is it planned for [1] to target 7.1? > [1] https://issues.jboss.org/browse/ELY-286 > [2] https://developer.jboss.org/wiki/ElytronHTTPDigestNonceHandling-Design > [3] https://tools.ietf.org/html/rfc2617 > [4] https://tools.ietf.org/html/rfc7616 > [5] https://access.redhat.com/support/cases/#/case/01761455 -- This message was sent by Atlassian JIRA (v7.5.0#75005)

8 years, 3 months

1
0
0 / 0

[JBoss JIRA] (DROOLS-2387) [GSS](6.4.z) CCE when modifying a Nested declared type during an incremental update

by Vishal Soni (JIRA)

Vishal Soni created DROOLS-2387: ----------------------------------- Summary: [GSS](6.4.z) CCE when modifying a Nested declared type during an incremental update Key: DROOLS-2387 URL: https://issues.jboss.org/browse/DROOLS-2387 Project: Drools Issue Type: Bug Components: core engine Reporter: Vishal Soni Assignee: Edson Tirelli -- This message was sent by Atlassian JIRA (v7.5.0#75005)

8 years, 3 months

1
0
0 / 0

[JBoss JIRA] (WFLY-9877) NAKACK, UNICAST2 and MERGE2 need to translate to their newer variants

by Petr Kremensky (JIRA)

[ https://issues.jboss.org/browse/WFLY-9877?page=com.atlassian.jira.plugin.... ] Petr Kremensky updated WFLY-9877: --------------------------------- Priority: Blocker (was: Major) > NAKACK, UNICAST2 and MERGE2 need to translate to their newer variants > --------------------------------------------------------------------- > > Key: WFLY-9877 > URL: https://issues.jboss.org/browse/WFLY-9877 > Project: WildFly > Issue Type: Bug > Components: Clustering > Affects Versions: 12.0.0.Beta1 > Reporter: Richard Janík > Assignee: Paul Ferraro > Priority: Blocker > > This is only an issue for EAP, which has different versions than WFLY, for that reason, all the versions mentioned here are EAP ones. > After some discussion with people who test migrations, we found that these protocols that were deprecated in JGroups 3.6.x present in 7.1.0 and were removed in JGroups 4.0.10 present in 7.2.0 should be brought back in some form: > {noformat} > NAKACK --> NAKACK2 > UNICAST2 --> UNICAST3 > MERGE2 --> MERGE3 > {noformat} > These are not in the default 7.0 or 7.1 configuration, so why do we need to translate these like we do it for NAKACK2? Because these protocols can be expected to be present in the 7.1 configuration due to migration from 6.x, where they are by default. Since, after migration from 6.x, these will work with the 7.1 configuration, and since there is a reason to expect them being used even if they are deprecated, we should not just silently remove these protocols with the JGroups upgrade that is in 7.2 - the configuration file from 7.1 should always work with 7.2. > Cc [~msvehla] [~pkremens] -- This message was sent by Atlassian JIRA (v7.5.0#75005)

8 years, 3 months

1
0
0 / 0

[JBoss JIRA] (DROOLS-2386) [GSS](6.4.z) CCE when modifying a Nested declared type during an incremental update

by Vishal Soni (JIRA)

[ https://issues.jboss.org/browse/DROOLS-2386?page=com.atlassian.jira.plugi... ] Vishal Soni deleted DROOLS-2386: -------------------------------- > [GSS](6.4.z) CCE when modifying a Nested declared type during an incremental update > ----------------------------------------------------------------------------------- > > Key: DROOLS-2386 > URL: https://issues.jboss.org/browse/DROOLS-2386 > Project: Drools > Issue Type: Bug > Reporter: Vishal Soni > Assignee: Edson Tirelli > -- This message was sent by Atlassian JIRA (v7.5.0#75005)

8 years, 3 months

1
0
0 / 0

[JBoss JIRA] (DROOLS-2386) [GSS](6.4.z) CCE when modifying a Nested declared type during an incremental update

by Vishal Soni (JIRA)

Vishal Soni created DROOLS-2386: ----------------------------------- Summary: [GSS](6.4.z) CCE when modifying a Nested declared type during an incremental update Key: DROOLS-2386 URL: https://issues.jboss.org/browse/DROOLS-2386 Project: Drools Issue Type: Bug Components: core engine Reporter: Vishal Soni Assignee: Edson Tirelli -- This message was sent by Atlassian JIRA (v7.5.0#75005)

8 years, 3 months

1
0
0 / 0

[JBoss JIRA] (DROOLS-2385) CCE when modifying a Nested declared type during an incremental update

by Vishal Soni (JIRA)

[ https://issues.jboss.org/browse/DROOLS-2385?page=com.atlassian.jira.plugi... ] Vishal Soni updated DROOLS-2385: -------------------------------- Component/s: core engine > CCE when modifying a Nested declared type during an incremental update > ---------------------------------------------------------------------- > > Key: DROOLS-2385 > URL: https://issues.jboss.org/browse/DROOLS-2385 > Project: Drools > Issue Type: Bug > Components: core engine > Reporter: Vishal Soni > Assignee: Edson Tirelli > -- This message was sent by Atlassian JIRA (v7.5.0#75005)

8 years, 3 months

1
0
0 / 0

[JBoss JIRA] (DROOLS-2384) CCE when modifying a Nested declared type during an incremental update

by Vishal Soni (JIRA)

[ https://issues.jboss.org/browse/DROOLS-2384?page=com.atlassian.jira.plugi... ] Vishal Soni deleted DROOLS-2384: -------------------------------- > CCE when modifying a Nested declared type during an incremental update > ---------------------------------------------------------------------- > > Key: DROOLS-2384 > URL: https://issues.jboss.org/browse/DROOLS-2384 > Project: Drools > Issue Type: Bug > Reporter: Vishal Soni > Assignee: Mario Fusco > -- This message was sent by Atlassian JIRA (v7.5.0#75005)

8 years, 3 months

1
0
0 / 0

[JBoss JIRA] (DROOLS-2385) CCE when modifying a Nested declared type during an incremental update

by Vishal Soni (JIRA)

Vishal Soni created DROOLS-2385: ----------------------------------- Summary: CCE when modifying a Nested declared type during an incremental update Key: DROOLS-2385 URL: https://issues.jboss.org/browse/DROOLS-2385 Project: Drools Issue Type: Bug Reporter: Vishal Soni Assignee: Edson Tirelli -- This message was sent by Atlassian JIRA (v7.5.0#75005)

8 years, 3 months

1
0
0 / 0

[JBoss JIRA] (DROOLS-2384) CCE when modifying a Nested declared type during an incremental update

by Vishal Soni (JIRA)

[ https://issues.jboss.org/browse/DROOLS-2384?page=com.atlassian.jira.plugi... ] Vishal Soni updated DROOLS-2384: -------------------------------- Description: (was: DECLARES1_DRL : package org.drools.example; declare NestedTest x : String end declare Test text : String nested : NestedTest end ; DECLARES2_DRL : package org.drools.example; declare NestedTest x : String y : int end declare Test text : String nested : NestedTest end ;) > CCE when modifying a Nested declared type during an incremental update > ---------------------------------------------------------------------- > > Key: DROOLS-2384 > URL: https://issues.jboss.org/browse/DROOLS-2384 > Project: Drools > Issue Type: Bug > Components: core engine > Reporter: Vishal Soni > Assignee: Mario Fusco > -- This message was sent by Atlassian JIRA (v7.5.0#75005)

8 years, 3 months

1
0
0 / 0

2026

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

jboss-jira March 2018