March 2018 - jboss-jira - Jboss List Archives

[JBoss JIRA] (WFLY-10138) TLS using PKCS11 and JDK9+ does not work by default

by Martin Choma (JIRA)

[ https://issues.jboss.org/browse/WFLY-10138?page=com.atlassian.jira.plugin... ] Martin Choma commented on WFLY-10138: ------------------------------------- I have changed resolution to Rejected to be clear. There is no JIRA duplicate issue, just discussion here http://openjdk.5641.n7.nabble.com/Code-Review-Request-JDK-8148421-Extende... > TLS using PKCS11 and JDK9+ does not work by default > --------------------------------------------------- > > Key: WFLY-… [View More]10138 > URL: https://issues.jboss.org/browse/WFLY-10138 > Project: WildFly > Issue Type: Bug > Components: Documentation, Security > Affects Versions: 12.0.0.Final > Environment: java version "9.0.4" > Java(TM) SE Runtime Environment (build 9.0.4+11) > Java HotSpot(TM) 64-Bit Server VM (build 9.0.4+11, mixed mode) > Reporter: Martin Choma > Priority: Critical > Attachments: TLS_with_ExtendedMasterSecret, TLS_wo_ExtendedMAsterSecret > > > Since JDK 9.0.4 default behaviour changed and extended master secret extension is turned on by default [1]. > This fails on java using sun.security.pkcs11.SunPKCS11 provider. (FIPS compliant java) > {code} > 17:32:48,377 INFO [stdout] (default task-1) SESSION KEYGEN: > 17:32:48,378 INFO [stdout] (default task-1) PreMaster Secret: > 17:32:48,378 INFO [stdout] (default task-1) (key bytes not available) > 17:32:48,378 INFO [stdout] (default task-1) RSA master secret generation error: > 17:32:48,378 INFO [stdout] (default task-1) java.security.InvalidAlgorithmParameterException: Key format must be RAW > 17:32:48,378 INFO [stdout] (default task-1) at java.base/com.sun.crypto.provider.TlsMasterSecretGenerator.engineInit(TlsMasterSecretGenerator.java:69) > 17:32:48,378 INFO [stdout] (default task-1) at java.base/javax.crypto.KeyGenerator.init(KeyGenerator.java:477) > 17:32:48,378 INFO [stdout] (default task-1) at java.base/javax.crypto.KeyGenerator.init(KeyGenerator.java:453) > 17:32:48,378 INFO [stdout] (default task-1) at java.base/sun.security.ssl.Handshaker.calculateMasterSecret(Handshaker.java:1334) > 17:32:48,378 INFO [stdout] (default task-1) at java.base/sun.security.ssl.Handshaker.calculateKeys(Handshaker.java:1235) > 17:32:48,378 INFO [stdout] (default task-1) at java.base/sun.security.ssl.ServerHandshaker.processMessage(ServerHandshaker.java:318) > 17:32:48,378 INFO [stdout] (default task-1) at java.base/sun.security.ssl.Handshaker.processLoop(Handshaker.java:1092) > 17:32:48,379 INFO [stdout] (default task-1) at java.base/sun.security.ssl.Handshaker$1.run(Handshaker.java:1031) > 17:32:48,379 INFO [stdout] (default task-1) at java.base/sun.security.ssl.Handshaker$1.run(Handshaker.java:1028) > 17:32:48,379 INFO [stdout] (default task-1) at java.base/java.security.AccessController.doPrivileged(Native Method) > 17:32:48,379 INFO [stdout] (default task-1) at java.base/sun.security.ssl.Handshaker$DelegatedTask.run(Handshaker.java:1534) > 17:32:48,379 INFO [stdout] (default task-1) at io.undertow.core@2.0.0.SP1-redhat-1//io.undertow.protocols.ssl.SslConduit$5.run(SslConduit.java:1047) > 17:32:48,379 INFO [stdout] (default task-1) at org.jboss.threads@2.3.1.Final-redhat-1//org.jboss.threads.ContextClassLoaderSavingRunnable.run(ContextClassLoaderSavingRunnable.java:35) > 17:32:48,379 INFO [stdout] (default task-1) at org.jboss.threads@2.3.1.Final-redhat-1//org.jboss.threads.EnhancedQueueExecutor.safeRun(EnhancedQueueExecutor.java:1985) > 17:32:48,379 INFO [stdout] (default task-1) at org.jboss.threads@2.3.1.Final-redhat-1//org.jboss.threads.EnhancedQueueExecutor$ThreadBody.doRunTask(EnhancedQueueExecutor.java:1487) > 17:32:48,379 INFO [stdout] (default task-1) at org.jboss.threads@2.3.1.Final-redhat-1//org.jboss.threads.EnhancedQueueExecutor$ThreadBody.run(EnhancedQueueExecutor.java:1378) > 17:32:48,379 INFO [stdout] (default task-1) at java.base/java.lang.Thread.run(Thread.java:844) > 17:32:48,379 INFO [stdout] (default I/O-7) default I/O-7, fatal error: 80: problem unwrapping net record > 17:32:48,379 INFO [stdout] (default I/O-7) java.lang.RuntimeException: java.security.InvalidAlgorithmParameterException: Key format must be RAW > {code} > This default extension behaviour can be switched off by system property {{-Djdk.tls.useExtendedMasterSecret=false}} on client or on server side. > [1] https://bugs.java.com/view_bug.do?bug_id=JDK-8148421 -- This message was sent by Atlassian JIRA (v7.5.0#75005) [View Less]

7 years

1
0
0 / 0

[JBoss JIRA] (WFLY-10140) Not able to upgrade to TLS 1.2 from 1.1

by Kapil Gupta (JIRA)

Kapil Gupta created WFLY-10140: ---------------------------------- Summary: Not able to upgrade to TLS 1.2 from 1.1 Key: WFLY-10140 URL: https://issues.jboss.org/browse/WFLY-10140 Project: WildFly Issue Type: Release Affects Versions: 8.2.1.Final Reporter: Kapil Gupta Assignee: Jason Greene Attachments: standalone.xml Not able to upgrade to TLS 1.2 from 1.1. Because we are getting … [View More]

7 years

1
0
0 / 0

[JBoss JIRA] (WFLY-10138) TLS using PKCS11 and JDK9+ does not work by default

by Martin Choma (JIRA)

[ https://issues.jboss.org/browse/WFLY-10138?page=com.atlassian.jira.plugin... ] Martin Choma closed WFLY-10138. ------------------------------- Resolution: Rejected > TLS using PKCS11 and JDK9+ does not work by default > --------------------------------------------------- > > Key: WFLY-10138 > URL: https://issues.jboss.org/browse/WFLY-10138 > Project: WildFly > Issue Type: Bug > Components: … [View More]Documentation, Security > Affects Versions: 12.0.0.Final > Environment: java version "9.0.4" > Java(TM) SE Runtime Environment (build 9.0.4+11) > Java HotSpot(TM) 64-Bit Server VM (build 9.0.4+11, mixed mode) > Reporter: Martin Choma > Priority: Critical > Attachments: TLS_with_ExtendedMasterSecret, TLS_wo_ExtendedMAsterSecret > > > Since JDK 9.0.4 default behaviour changed and extended master secret extension is turned on by default [1]. > This fails on java using sun.security.pkcs11.SunPKCS11 provider. (FIPS compliant java) > {code} > 17:32:48,377 INFO [stdout] (default task-1) SESSION KEYGEN: > 17:32:48,378 INFO [stdout] (default task-1) PreMaster Secret: > 17:32:48,378 INFO [stdout] (default task-1) (key bytes not available) > 17:32:48,378 INFO [stdout] (default task-1) RSA master secret generation error: > 17:32:48,378 INFO [stdout] (default task-1) java.security.InvalidAlgorithmParameterException: Key format must be RAW > 17:32:48,378 INFO [stdout] (default task-1) at java.base/com.sun.crypto.provider.TlsMasterSecretGenerator.engineInit(TlsMasterSecretGenerator.java:69) > 17:32:48,378 INFO [stdout] (default task-1) at java.base/javax.crypto.KeyGenerator.init(KeyGenerator.java:477) > 17:32:48,378 INFO [stdout] (default task-1) at java.base/javax.crypto.KeyGenerator.init(KeyGenerator.java:453) > 17:32:48,378 INFO [stdout] (default task-1) at java.base/sun.security.ssl.Handshaker.calculateMasterSecret(Handshaker.java:1334) > 17:32:48,378 INFO [stdout] (default task-1) at java.base/sun.security.ssl.Handshaker.calculateKeys(Handshaker.java:1235) > 17:32:48,378 INFO [stdout] (default task-1) at java.base/sun.security.ssl.ServerHandshaker.processMessage(ServerHandshaker.java:318) > 17:32:48,378 INFO [stdout] (default task-1) at java.base/sun.security.ssl.Handshaker.processLoop(Handshaker.java:1092) > 17:32:48,379 INFO [stdout] (default task-1) at java.base/sun.security.ssl.Handshaker$1.run(Handshaker.java:1031) > 17:32:48,379 INFO [stdout] (default task-1) at java.base/sun.security.ssl.Handshaker$1.run(Handshaker.java:1028) > 17:32:48,379 INFO [stdout] (default task-1) at java.base/java.security.AccessController.doPrivileged(Native Method) > 17:32:48,379 INFO [stdout] (default task-1) at java.base/sun.security.ssl.Handshaker$DelegatedTask.run(Handshaker.java:1534) > 17:32:48,379 INFO [stdout] (default task-1) at io.undertow.core@2.0.0.SP1-redhat-1//io.undertow.protocols.ssl.SslConduit$5.run(SslConduit.java:1047) > 17:32:48,379 INFO [stdout] (default task-1) at org.jboss.threads@2.3.1.Final-redhat-1//org.jboss.threads.ContextClassLoaderSavingRunnable.run(ContextClassLoaderSavingRunnable.java:35) > 17:32:48,379 INFO [stdout] (default task-1) at org.jboss.threads@2.3.1.Final-redhat-1//org.jboss.threads.EnhancedQueueExecutor.safeRun(EnhancedQueueExecutor.java:1985) > 17:32:48,379 INFO [stdout] (default task-1) at org.jboss.threads@2.3.1.Final-redhat-1//org.jboss.threads.EnhancedQueueExecutor$ThreadBody.doRunTask(EnhancedQueueExecutor.java:1487) > 17:32:48,379 INFO [stdout] (default task-1) at org.jboss.threads@2.3.1.Final-redhat-1//org.jboss.threads.EnhancedQueueExecutor$ThreadBody.run(EnhancedQueueExecutor.java:1378) > 17:32:48,379 INFO [stdout] (default task-1) at java.base/java.lang.Thread.run(Thread.java:844) > 17:32:48,379 INFO [stdout] (default I/O-7) default I/O-7, fatal error: 80: problem unwrapping net record > 17:32:48,379 INFO [stdout] (default I/O-7) java.lang.RuntimeException: java.security.InvalidAlgorithmParameterException: Key format must be RAW > {code} > This default extension behaviour can be switched off by system property {{-Djdk.tls.useExtendedMasterSecret=false}} on client or on server side. > [1] https://bugs.java.com/view_bug.do?bug_id=JDK-8148421 -- This message was sent by Atlassian JIRA (v7.5.0#75005) [View Less]

7 years

1
0
0 / 0

[JBoss JIRA] (WFLY-10138) TLS using PKCS11 and JDK9+ does not work by default

by Martin Choma (JIRA)

[ https://issues.jboss.org/browse/WFLY-10138?page=com.atlassian.jira.plugin... ] Martin Choma updated WFLY-10138: -------------------------------- Component/s: Documentation > TLS using PKCS11 and JDK9+ does not work by default > --------------------------------------------------- > > Key: WFLY-10138 > URL: https://issues.jboss.org/browse/WFLY-10138 > Project: WildFly > Issue Type: Bug > Components: … [View More]Documentation, Security > Affects Versions: 12.0.0.Final > Environment: java version "9.0.4" > Java(TM) SE Runtime Environment (build 9.0.4+11) > Java HotSpot(TM) 64-Bit Server VM (build 9.0.4+11, mixed mode) > Reporter: Martin Choma > Priority: Critical > Attachments: TLS_with_ExtendedMasterSecret, TLS_wo_ExtendedMAsterSecret > > > Since JDK 9.0.4 default behaviour changed and extended master secret extension is turned on by default [1]. > This fails on java using sun.security.pkcs11.SunPKCS11 provider. (FIPS compliant java) > {code} > 17:32:48,377 INFO [stdout] (default task-1) SESSION KEYGEN: > 17:32:48,378 INFO [stdout] (default task-1) PreMaster Secret: > 17:32:48,378 INFO [stdout] (default task-1) (key bytes not available) > 17:32:48,378 INFO [stdout] (default task-1) RSA master secret generation error: > 17:32:48,378 INFO [stdout] (default task-1) java.security.InvalidAlgorithmParameterException: Key format must be RAW > 17:32:48,378 INFO [stdout] (default task-1) at java.base/com.sun.crypto.provider.TlsMasterSecretGenerator.engineInit(TlsMasterSecretGenerator.java:69) > 17:32:48,378 INFO [stdout] (default task-1) at java.base/javax.crypto.KeyGenerator.init(KeyGenerator.java:477) > 17:32:48,378 INFO [stdout] (default task-1) at java.base/javax.crypto.KeyGenerator.init(KeyGenerator.java:453) > 17:32:48,378 INFO [stdout] (default task-1) at java.base/sun.security.ssl.Handshaker.calculateMasterSecret(Handshaker.java:1334) > 17:32:48,378 INFO [stdout] (default task-1) at java.base/sun.security.ssl.Handshaker.calculateKeys(Handshaker.java:1235) > 17:32:48,378 INFO [stdout] (default task-1) at java.base/sun.security.ssl.ServerHandshaker.processMessage(ServerHandshaker.java:318) > 17:32:48,378 INFO [stdout] (default task-1) at java.base/sun.security.ssl.Handshaker.processLoop(Handshaker.java:1092) > 17:32:48,379 INFO [stdout] (default task-1) at java.base/sun.security.ssl.Handshaker$1.run(Handshaker.java:1031) > 17:32:48,379 INFO [stdout] (default task-1) at java.base/sun.security.ssl.Handshaker$1.run(Handshaker.java:1028) > 17:32:48,379 INFO [stdout] (default task-1) at java.base/java.security.AccessController.doPrivileged(Native Method) > 17:32:48,379 INFO [stdout] (default task-1) at java.base/sun.security.ssl.Handshaker$DelegatedTask.run(Handshaker.java:1534) > 17:32:48,379 INFO [stdout] (default task-1) at io.undertow.core@2.0.0.SP1-redhat-1//io.undertow.protocols.ssl.SslConduit$5.run(SslConduit.java:1047) > 17:32:48,379 INFO [stdout] (default task-1) at org.jboss.threads@2.3.1.Final-redhat-1//org.jboss.threads.ContextClassLoaderSavingRunnable.run(ContextClassLoaderSavingRunnable.java:35) > 17:32:48,379 INFO [stdout] (default task-1) at org.jboss.threads@2.3.1.Final-redhat-1//org.jboss.threads.EnhancedQueueExecutor.safeRun(EnhancedQueueExecutor.java:1985) > 17:32:48,379 INFO [stdout] (default task-1) at org.jboss.threads@2.3.1.Final-redhat-1//org.jboss.threads.EnhancedQueueExecutor$ThreadBody.doRunTask(EnhancedQueueExecutor.java:1487) > 17:32:48,379 INFO [stdout] (default task-1) at org.jboss.threads@2.3.1.Final-redhat-1//org.jboss.threads.EnhancedQueueExecutor$ThreadBody.run(EnhancedQueueExecutor.java:1378) > 17:32:48,379 INFO [stdout] (default task-1) at java.base/java.lang.Thread.run(Thread.java:844) > 17:32:48,379 INFO [stdout] (default I/O-7) default I/O-7, fatal error: 80: problem unwrapping net record > 17:32:48,379 INFO [stdout] (default I/O-7) java.lang.RuntimeException: java.security.InvalidAlgorithmParameterException: Key format must be RAW > {code} > This default extension behaviour can be switched off by system property {{-Djdk.tls.useExtendedMasterSecret=false}} on client or on server side. > [1] https://bugs.java.com/view_bug.do?bug_id=JDK-8148421 -- This message was sent by Atlassian JIRA (v7.5.0#75005) [View Less]

7 years

1
0
0 / 0

[JBoss JIRA] (WFLY-10138) TLS using PKCS11 and JDK9+ does not work by default

by Martin Choma (JIRA)

[ https://issues.jboss.org/browse/WFLY-10138?page=com.atlassian.jira.plugin... ] Martin Choma updated WFLY-10138: -------------------------------- Need Info from: (was: David Lloyd) > TLS using PKCS11 and JDK9+ does not work by default > --------------------------------------------------- > > Key: WFLY-10138 > URL: https://issues.jboss.org/browse/WFLY-10138 > Project: WildFly > Issue Type: Bug > … [View More]Components: Documentation, Security > Affects Versions: 12.0.0.Final > Environment: java version "9.0.4" > Java(TM) SE Runtime Environment (build 9.0.4+11) > Java HotSpot(TM) 64-Bit Server VM (build 9.0.4+11, mixed mode) > Reporter: Martin Choma > Priority: Critical > Attachments: TLS_with_ExtendedMasterSecret, TLS_wo_ExtendedMAsterSecret > > > Since JDK 9.0.4 default behaviour changed and extended master secret extension is turned on by default [1]. > This fails on java using sun.security.pkcs11.SunPKCS11 provider. (FIPS compliant java) > {code} > 17:32:48,377 INFO [stdout] (default task-1) SESSION KEYGEN: > 17:32:48,378 INFO [stdout] (default task-1) PreMaster Secret: > 17:32:48,378 INFO [stdout] (default task-1) (key bytes not available) > 17:32:48,378 INFO [stdout] (default task-1) RSA master secret generation error: > 17:32:48,378 INFO [stdout] (default task-1) java.security.InvalidAlgorithmParameterException: Key format must be RAW > 17:32:48,378 INFO [stdout] (default task-1) at java.base/com.sun.crypto.provider.TlsMasterSecretGenerator.engineInit(TlsMasterSecretGenerator.java:69) > 17:32:48,378 INFO [stdout] (default task-1) at java.base/javax.crypto.KeyGenerator.init(KeyGenerator.java:477) > 17:32:48,378 INFO [stdout] (default task-1) at java.base/javax.crypto.KeyGenerator.init(KeyGenerator.java:453) > 17:32:48,378 INFO [stdout] (default task-1) at java.base/sun.security.ssl.Handshaker.calculateMasterSecret(Handshaker.java:1334) > 17:32:48,378 INFO [stdout] (default task-1) at java.base/sun.security.ssl.Handshaker.calculateKeys(Handshaker.java:1235) > 17:32:48,378 INFO [stdout] (default task-1) at java.base/sun.security.ssl.ServerHandshaker.processMessage(ServerHandshaker.java:318) > 17:32:48,378 INFO [stdout] (default task-1) at java.base/sun.security.ssl.Handshaker.processLoop(Handshaker.java:1092) > 17:32:48,379 INFO [stdout] (default task-1) at java.base/sun.security.ssl.Handshaker$1.run(Handshaker.java:1031) > 17:32:48,379 INFO [stdout] (default task-1) at java.base/sun.security.ssl.Handshaker$1.run(Handshaker.java:1028) > 17:32:48,379 INFO [stdout] (default task-1) at java.base/java.security.AccessController.doPrivileged(Native Method) > 17:32:48,379 INFO [stdout] (default task-1) at java.base/sun.security.ssl.Handshaker$DelegatedTask.run(Handshaker.java:1534) > 17:32:48,379 INFO [stdout] (default task-1) at io.undertow.core@2.0.0.SP1-redhat-1//io.undertow.protocols.ssl.SslConduit$5.run(SslConduit.java:1047) > 17:32:48,379 INFO [stdout] (default task-1) at org.jboss.threads@2.3.1.Final-redhat-1//org.jboss.threads.ContextClassLoaderSavingRunnable.run(ContextClassLoaderSavingRunnable.java:35) > 17:32:48,379 INFO [stdout] (default task-1) at org.jboss.threads@2.3.1.Final-redhat-1//org.jboss.threads.EnhancedQueueExecutor.safeRun(EnhancedQueueExecutor.java:1985) > 17:32:48,379 INFO [stdout] (default task-1) at org.jboss.threads@2.3.1.Final-redhat-1//org.jboss.threads.EnhancedQueueExecutor$ThreadBody.doRunTask(EnhancedQueueExecutor.java:1487) > 17:32:48,379 INFO [stdout] (default task-1) at org.jboss.threads@2.3.1.Final-redhat-1//org.jboss.threads.EnhancedQueueExecutor$ThreadBody.run(EnhancedQueueExecutor.java:1378) > 17:32:48,379 INFO [stdout] (default task-1) at java.base/java.lang.Thread.run(Thread.java:844) > 17:32:48,379 INFO [stdout] (default I/O-7) default I/O-7, fatal error: 80: problem unwrapping net record > 17:32:48,379 INFO [stdout] (default I/O-7) java.lang.RuntimeException: java.security.InvalidAlgorithmParameterException: Key format must be RAW > {code} > This default extension behaviour can be switched off by system property {{-Djdk.tls.useExtendedMasterSecret=false}} on client or on server side. > [1] https://bugs.java.com/view_bug.do?bug_id=JDK-8148421 -- This message was sent by Atlassian JIRA (v7.5.0#75005) [View Less]

7 years

1
0
0 / 0

[JBoss JIRA] (WFLY-10138) TLS using PKCS11 and JDK9+ does not work by default

by Martin Choma (JIRA)

[ https://issues.jboss.org/browse/WFLY-10138?page=com.atlassian.jira.plugin... ] Martin Choma reopened WFLY-10138: --------------------------------- > TLS using PKCS11 and JDK9+ does not work by default > --------------------------------------------------- > > Key: WFLY-10138 > URL: https://issues.jboss.org/browse/WFLY-10138 > Project: WildFly > Issue Type: Bug > Components: Security > Affects … [View More]Versions: 12.0.0.Final > Environment: java version "9.0.4" > Java(TM) SE Runtime Environment (build 9.0.4+11) > Java HotSpot(TM) 64-Bit Server VM (build 9.0.4+11, mixed mode) > Reporter: Martin Choma > Priority: Critical > Attachments: TLS_with_ExtendedMasterSecret, TLS_wo_ExtendedMAsterSecret > > > Since JDK 9.0.4 default behaviour changed and extended master secret extension is turned on by default [1]. > This fails on java using sun.security.pkcs11.SunPKCS11 provider. (FIPS compliant java) > {code} > 17:32:48,377 INFO [stdout] (default task-1) SESSION KEYGEN: > 17:32:48,378 INFO [stdout] (default task-1) PreMaster Secret: > 17:32:48,378 INFO [stdout] (default task-1) (key bytes not available) > 17:32:48,378 INFO [stdout] (default task-1) RSA master secret generation error: > 17:32:48,378 INFO [stdout] (default task-1) java.security.InvalidAlgorithmParameterException: Key format must be RAW > 17:32:48,378 INFO [stdout] (default task-1) at java.base/com.sun.crypto.provider.TlsMasterSecretGenerator.engineInit(TlsMasterSecretGenerator.java:69) > 17:32:48,378 INFO [stdout] (default task-1) at java.base/javax.crypto.KeyGenerator.init(KeyGenerator.java:477) > 17:32:48,378 INFO [stdout] (default task-1) at java.base/javax.crypto.KeyGenerator.init(KeyGenerator.java:453) > 17:32:48,378 INFO [stdout] (default task-1) at java.base/sun.security.ssl.Handshaker.calculateMasterSecret(Handshaker.java:1334) > 17:32:48,378 INFO [stdout] (default task-1) at java.base/sun.security.ssl.Handshaker.calculateKeys(Handshaker.java:1235) > 17:32:48,378 INFO [stdout] (default task-1) at java.base/sun.security.ssl.ServerHandshaker.processMessage(ServerHandshaker.java:318) > 17:32:48,378 INFO [stdout] (default task-1) at java.base/sun.security.ssl.Handshaker.processLoop(Handshaker.java:1092) > 17:32:48,379 INFO [stdout] (default task-1) at java.base/sun.security.ssl.Handshaker$1.run(Handshaker.java:1031) > 17:32:48,379 INFO [stdout] (default task-1) at java.base/sun.security.ssl.Handshaker$1.run(Handshaker.java:1028) > 17:32:48,379 INFO [stdout] (default task-1) at java.base/java.security.AccessController.doPrivileged(Native Method) > 17:32:48,379 INFO [stdout] (default task-1) at java.base/sun.security.ssl.Handshaker$DelegatedTask.run(Handshaker.java:1534) > 17:32:48,379 INFO [stdout] (default task-1) at io.undertow.core@2.0.0.SP1-redhat-1//io.undertow.protocols.ssl.SslConduit$5.run(SslConduit.java:1047) > 17:32:48,379 INFO [stdout] (default task-1) at org.jboss.threads@2.3.1.Final-redhat-1//org.jboss.threads.ContextClassLoaderSavingRunnable.run(ContextClassLoaderSavingRunnable.java:35) > 17:32:48,379 INFO [stdout] (default task-1) at org.jboss.threads@2.3.1.Final-redhat-1//org.jboss.threads.EnhancedQueueExecutor.safeRun(EnhancedQueueExecutor.java:1985) > 17:32:48,379 INFO [stdout] (default task-1) at org.jboss.threads@2.3.1.Final-redhat-1//org.jboss.threads.EnhancedQueueExecutor$ThreadBody.doRunTask(EnhancedQueueExecutor.java:1487) > 17:32:48,379 INFO [stdout] (default task-1) at org.jboss.threads@2.3.1.Final-redhat-1//org.jboss.threads.EnhancedQueueExecutor$ThreadBody.run(EnhancedQueueExecutor.java:1378) > 17:32:48,379 INFO [stdout] (default task-1) at java.base/java.lang.Thread.run(Thread.java:844) > 17:32:48,379 INFO [stdout] (default I/O-7) default I/O-7, fatal error: 80: problem unwrapping net record > 17:32:48,379 INFO [stdout] (default I/O-7) java.lang.RuntimeException: java.security.InvalidAlgorithmParameterException: Key format must be RAW > {code} > This default extension behaviour can be switched off by system property {{-Djdk.tls.useExtendedMasterSecret=false}} on client or on server side. > [1] https://bugs.java.com/view_bug.do?bug_id=JDK-8148421 -- This message was sent by Atlassian JIRA (v7.5.0#75005) [View Less]

7 years

1
0
0 / 0

[JBoss JIRA] (WFLY-10138) TLS using PKCS11 and JDK9+ does not work by default

by David Lloyd (JIRA)

[ https://issues.jboss.org/browse/WFLY-10138?page=com.atlassian.jira.plugin... ] David Lloyd commented on WFLY-10138: ------------------------------------ This is closed as a duplicate, but not linked to the issue that it is duplicating. > TLS using PKCS11 and JDK9+ does not work by default > --------------------------------------------------- > > Key: WFLY-10138 > URL: https://issues.jboss.org/browse/WFLY-10138 > Project: … [View More]WildFly > Issue Type: Bug > Components: Security > Affects Versions: 12.0.0.Final > Environment: java version "9.0.4" > Java(TM) SE Runtime Environment (build 9.0.4+11) > Java HotSpot(TM) 64-Bit Server VM (build 9.0.4+11, mixed mode) > Reporter: Martin Choma > Priority: Critical > Attachments: TLS_with_ExtendedMasterSecret, TLS_wo_ExtendedMAsterSecret > > > Since JDK 9.0.4 default behaviour changed and extended master secret extension is turned on by default [1]. > This fails on java using sun.security.pkcs11.SunPKCS11 provider. (FIPS compliant java) > {code} > 17:32:48,377 INFO [stdout] (default task-1) SESSION KEYGEN: > 17:32:48,378 INFO [stdout] (default task-1) PreMaster Secret: > 17:32:48,378 INFO [stdout] (default task-1) (key bytes not available) > 17:32:48,378 INFO [stdout] (default task-1) RSA master secret generation error: > 17:32:48,378 INFO [stdout] (default task-1) java.security.InvalidAlgorithmParameterException: Key format must be RAW > 17:32:48,378 INFO [stdout] (default task-1) at java.base/com.sun.crypto.provider.TlsMasterSecretGenerator.engineInit(TlsMasterSecretGenerator.java:69) > 17:32:48,378 INFO [stdout] (default task-1) at java.base/javax.crypto.KeyGenerator.init(KeyGenerator.java:477) > 17:32:48,378 INFO [stdout] (default task-1) at java.base/javax.crypto.KeyGenerator.init(KeyGenerator.java:453) > 17:32:48,378 INFO [stdout] (default task-1) at java.base/sun.security.ssl.Handshaker.calculateMasterSecret(Handshaker.java:1334) > 17:32:48,378 INFO [stdout] (default task-1) at java.base/sun.security.ssl.Handshaker.calculateKeys(Handshaker.java:1235) > 17:32:48,378 INFO [stdout] (default task-1) at java.base/sun.security.ssl.ServerHandshaker.processMessage(ServerHandshaker.java:318) > 17:32:48,378 INFO [stdout] (default task-1) at java.base/sun.security.ssl.Handshaker.processLoop(Handshaker.java:1092) > 17:32:48,379 INFO [stdout] (default task-1) at java.base/sun.security.ssl.Handshaker$1.run(Handshaker.java:1031) > 17:32:48,379 INFO [stdout] (default task-1) at java.base/sun.security.ssl.Handshaker$1.run(Handshaker.java:1028) > 17:32:48,379 INFO [stdout] (default task-1) at java.base/java.security.AccessController.doPrivileged(Native Method) > 17:32:48,379 INFO [stdout] (default task-1) at java.base/sun.security.ssl.Handshaker$DelegatedTask.run(Handshaker.java:1534) > 17:32:48,379 INFO [stdout] (default task-1) at io.undertow.core@2.0.0.SP1-redhat-1//io.undertow.protocols.ssl.SslConduit$5.run(SslConduit.java:1047) > 17:32:48,379 INFO [stdout] (default task-1) at org.jboss.threads@2.3.1.Final-redhat-1//org.jboss.threads.ContextClassLoaderSavingRunnable.run(ContextClassLoaderSavingRunnable.java:35) > 17:32:48,379 INFO [stdout] (default task-1) at org.jboss.threads@2.3.1.Final-redhat-1//org.jboss.threads.EnhancedQueueExecutor.safeRun(EnhancedQueueExecutor.java:1985) > 17:32:48,379 INFO [stdout] (default task-1) at org.jboss.threads@2.3.1.Final-redhat-1//org.jboss.threads.EnhancedQueueExecutor$ThreadBody.doRunTask(EnhancedQueueExecutor.java:1487) > 17:32:48,379 INFO [stdout] (default task-1) at org.jboss.threads@2.3.1.Final-redhat-1//org.jboss.threads.EnhancedQueueExecutor$ThreadBody.run(EnhancedQueueExecutor.java:1378) > 17:32:48,379 INFO [stdout] (default task-1) at java.base/java.lang.Thread.run(Thread.java:844) > 17:32:48,379 INFO [stdout] (default I/O-7) default I/O-7, fatal error: 80: problem unwrapping net record > 17:32:48,379 INFO [stdout] (default I/O-7) java.lang.RuntimeException: java.security.InvalidAlgorithmParameterException: Key format must be RAW > {code} > This default extension behaviour can be switched off by system property {{-Djdk.tls.useExtendedMasterSecret=false}} on client or on server side. > [1] https://bugs.java.com/view_bug.do?bug_id=JDK-8148421 -- This message was sent by Atlassian JIRA (v7.5.0#75005) [View Less]

7 years

1
0
0 / 0

[JBoss JIRA] (WFLY-10138) TLS using PKCS11 and JDK9+ does not work by default

by Martin Choma (JIRA)

[ https://issues.jboss.org/browse/WFLY-10138?page=com.atlassian.jira.plugin... ] Martin Choma commented on WFLY-10138: ------------------------------------- [~rlucente-se-jboss] [~fjuma], letting you know as you may be interested regarding TLS and FIPS compliance > TLS using PKCS11 and JDK9+ does not work by default > --------------------------------------------------- > > Key: WFLY-10138 > URL: https://issues.jboss.org/browse/WFLY-10138 > … [View More] Project: WildFly > Issue Type: Bug > Components: Security > Affects Versions: 12.0.0.Final > Environment: java version "9.0.4" > Java(TM) SE Runtime Environment (build 9.0.4+11) > Java HotSpot(TM) 64-Bit Server VM (build 9.0.4+11, mixed mode) > Reporter: Martin Choma > Priority: Critical > Attachments: TLS_with_ExtendedMasterSecret, TLS_wo_ExtendedMAsterSecret > > > Since JDK 9.0.4 default behaviour changed and extended master secret extension is turned on by default [1]. > This fails on java using sun.security.pkcs11.SunPKCS11 provider. (FIPS compliant java) > {code} > 17:32:48,377 INFO [stdout] (default task-1) SESSION KEYGEN: > 17:32:48,378 INFO [stdout] (default task-1) PreMaster Secret: > 17:32:48,378 INFO [stdout] (default task-1) (key bytes not available) > 17:32:48,378 INFO [stdout] (default task-1) RSA master secret generation error: > 17:32:48,378 INFO [stdout] (default task-1) java.security.InvalidAlgorithmParameterException: Key format must be RAW > 17:32:48,378 INFO [stdout] (default task-1) at java.base/com.sun.crypto.provider.TlsMasterSecretGenerator.engineInit(TlsMasterSecretGenerator.java:69) > 17:32:48,378 INFO [stdout] (default task-1) at java.base/javax.crypto.KeyGenerator.init(KeyGenerator.java:477) > 17:32:48,378 INFO [stdout] (default task-1) at java.base/javax.crypto.KeyGenerator.init(KeyGenerator.java:453) > 17:32:48,378 INFO [stdout] (default task-1) at java.base/sun.security.ssl.Handshaker.calculateMasterSecret(Handshaker.java:1334) > 17:32:48,378 INFO [stdout] (default task-1) at java.base/sun.security.ssl.Handshaker.calculateKeys(Handshaker.java:1235) > 17:32:48,378 INFO [stdout] (default task-1) at java.base/sun.security.ssl.ServerHandshaker.processMessage(ServerHandshaker.java:318) > 17:32:48,378 INFO [stdout] (default task-1) at java.base/sun.security.ssl.Handshaker.processLoop(Handshaker.java:1092) > 17:32:48,379 INFO [stdout] (default task-1) at java.base/sun.security.ssl.Handshaker$1.run(Handshaker.java:1031) > 17:32:48,379 INFO [stdout] (default task-1) at java.base/sun.security.ssl.Handshaker$1.run(Handshaker.java:1028) > 17:32:48,379 INFO [stdout] (default task-1) at java.base/java.security.AccessController.doPrivileged(Native Method) > 17:32:48,379 INFO [stdout] (default task-1) at java.base/sun.security.ssl.Handshaker$DelegatedTask.run(Handshaker.java:1534) > 17:32:48,379 INFO [stdout] (default task-1) at io.undertow.core@2.0.0.SP1-redhat-1//io.undertow.protocols.ssl.SslConduit$5.run(SslConduit.java:1047) > 17:32:48,379 INFO [stdout] (default task-1) at org.jboss.threads@2.3.1.Final-redhat-1//org.jboss.threads.ContextClassLoaderSavingRunnable.run(ContextClassLoaderSavingRunnable.java:35) > 17:32:48,379 INFO [stdout] (default task-1) at org.jboss.threads@2.3.1.Final-redhat-1//org.jboss.threads.EnhancedQueueExecutor.safeRun(EnhancedQueueExecutor.java:1985) > 17:32:48,379 INFO [stdout] (default task-1) at org.jboss.threads@2.3.1.Final-redhat-1//org.jboss.threads.EnhancedQueueExecutor$ThreadBody.doRunTask(EnhancedQueueExecutor.java:1487) > 17:32:48,379 INFO [stdout] (default task-1) at org.jboss.threads@2.3.1.Final-redhat-1//org.jboss.threads.EnhancedQueueExecutor$ThreadBody.run(EnhancedQueueExecutor.java:1378) > 17:32:48,379 INFO [stdout] (default task-1) at java.base/java.lang.Thread.run(Thread.java:844) > 17:32:48,379 INFO [stdout] (default I/O-7) default I/O-7, fatal error: 80: problem unwrapping net record > 17:32:48,379 INFO [stdout] (default I/O-7) java.lang.RuntimeException: java.security.InvalidAlgorithmParameterException: Key format must be RAW > {code} > This default extension behaviour can be switched off by system property {{-Djdk.tls.useExtendedMasterSecret=false}} on client or on server side. > [1] https://bugs.java.com/view_bug.do?bug_id=JDK-8148421 -- This message was sent by Atlassian JIRA (v7.5.0#75005) [View Less]

7 years

1
0
0 / 0

[JBoss JIRA] (WFLY-10138) TLS using PKCS11 and JDK9+ does not work by default

by Martin Choma (JIRA)

[ https://issues.jboss.org/browse/WFLY-10138?page=com.atlassian.jira.plugin... ] Martin Choma closed WFLY-10138. ------------------------------- Resolution: Duplicate Issue This is not WildFly issue, rather known JDK limitation: ??There is no PKCS#11 support for Extended Master Secret key derivation at this moment. NSS supports it through a vendor-specific type definition (CKM_NSS_TLS_EXTENDED_MASTER_KEY_DERIVE and CKM_NSS_TLS_EXTENDED_MASTER_KEY_DERIVE_DH in pkcs11n.h file). Thus, … [View More]P11TlsMasterSecretGenerator uses the legacy Master Key Derivation method only.?? [1] http://openjdk.5641.n7.nabble.com/Code-Review-Request-JDK-8148421-Extende... > TLS using PKCS11 and JDK9+ does not work by default > --------------------------------------------------- > > Key: WFLY-10138 > URL: https://issues.jboss.org/browse/WFLY-10138 > Project: WildFly > Issue Type: Bug > Components: Security > Affects Versions: 12.0.0.Final > Environment: java version "9.0.4" > Java(TM) SE Runtime Environment (build 9.0.4+11) > Java HotSpot(TM) 64-Bit Server VM (build 9.0.4+11, mixed mode) > Reporter: Martin Choma > Priority: Critical > Attachments: TLS_with_ExtendedMasterSecret, TLS_wo_ExtendedMAsterSecret > > > Since JDK 9.0.4 default behaviour changed and extended master secret extension is turned on by default [1]. > This fails on java using sun.security.pkcs11.SunPKCS11 provider. (FIPS compliant java) > {code} > 17:32:48,377 INFO [stdout] (default task-1) SESSION KEYGEN: > 17:32:48,378 INFO [stdout] (default task-1) PreMaster Secret: > 17:32:48,378 INFO [stdout] (default task-1) (key bytes not available) > 17:32:48,378 INFO [stdout] (default task-1) RSA master secret generation error: > 17:32:48,378 INFO [stdout] (default task-1) java.security.InvalidAlgorithmParameterException: Key format must be RAW > 17:32:48,378 INFO [stdout] (default task-1) at java.base/com.sun.crypto.provider.TlsMasterSecretGenerator.engineInit(TlsMasterSecretGenerator.java:69) > 17:32:48,378 INFO [stdout] (default task-1) at java.base/javax.crypto.KeyGenerator.init(KeyGenerator.java:477) > 17:32:48,378 INFO [stdout] (default task-1) at java.base/javax.crypto.KeyGenerator.init(KeyGenerator.java:453) > 17:32:48,378 INFO [stdout] (default task-1) at java.base/sun.security.ssl.Handshaker.calculateMasterSecret(Handshaker.java:1334) > 17:32:48,378 INFO [stdout] (default task-1) at java.base/sun.security.ssl.Handshaker.calculateKeys(Handshaker.java:1235) > 17:32:48,378 INFO [stdout] (default task-1) at java.base/sun.security.ssl.ServerHandshaker.processMessage(ServerHandshaker.java:318) > 17:32:48,378 INFO [stdout] (default task-1) at java.base/sun.security.ssl.Handshaker.processLoop(Handshaker.java:1092) > 17:32:48,379 INFO [stdout] (default task-1) at java.base/sun.security.ssl.Handshaker$1.run(Handshaker.java:1031) > 17:32:48,379 INFO [stdout] (default task-1) at java.base/sun.security.ssl.Handshaker$1.run(Handshaker.java:1028) > 17:32:48,379 INFO [stdout] (default task-1) at java.base/java.security.AccessController.doPrivileged(Native Method) > 17:32:48,379 INFO [stdout] (default task-1) at java.base/sun.security.ssl.Handshaker$DelegatedTask.run(Handshaker.java:1534) > 17:32:48,379 INFO [stdout] (default task-1) at io.undertow.core@2.0.0.SP1-redhat-1//io.undertow.protocols.ssl.SslConduit$5.run(SslConduit.java:1047) > 17:32:48,379 INFO [stdout] (default task-1) at org.jboss.threads@2.3.1.Final-redhat-1//org.jboss.threads.ContextClassLoaderSavingRunnable.run(ContextClassLoaderSavingRunnable.java:35) > 17:32:48,379 INFO [stdout] (default task-1) at org.jboss.threads@2.3.1.Final-redhat-1//org.jboss.threads.EnhancedQueueExecutor.safeRun(EnhancedQueueExecutor.java:1985) > 17:32:48,379 INFO [stdout] (default task-1) at org.jboss.threads@2.3.1.Final-redhat-1//org.jboss.threads.EnhancedQueueExecutor$ThreadBody.doRunTask(EnhancedQueueExecutor.java:1487) > 17:32:48,379 INFO [stdout] (default task-1) at org.jboss.threads@2.3.1.Final-redhat-1//org.jboss.threads.EnhancedQueueExecutor$ThreadBody.run(EnhancedQueueExecutor.java:1378) > 17:32:48,379 INFO [stdout] (default task-1) at java.base/java.lang.Thread.run(Thread.java:844) > 17:32:48,379 INFO [stdout] (default I/O-7) default I/O-7, fatal error: 80: problem unwrapping net record > 17:32:48,379 INFO [stdout] (default I/O-7) java.lang.RuntimeException: java.security.InvalidAlgorithmParameterException: Key format must be RAW > {code} > This default extension behaviour can be switched off by system property {{-Djdk.tls.useExtendedMasterSecret=false}} on client or on server side. > [1] https://bugs.java.com/view_bug.do?bug_id=JDK-8148421 -- This message was sent by Atlassian JIRA (v7.5.0#75005) [View Less]

7 years

1
0
0 / 0

[JBoss JIRA] (DROOLS-2436) [DMN Designer] Always open the same diagram

by Michael Anstis (JIRA)

[ https://issues.jboss.org/browse/DROOLS-2436?page=com.atlassian.jira.plugi... ] Michael Anstis edited comment on DROOLS-2436 at 3/29/18 6:16 AM: ----------------------------------------------------------------- [~roger600] This [commit|https://github.com/kiegroup/kie-wb-common/blame/master/kie-wb-comm...] breaks the DMN standalone showcase (might be others, IDK). The standalone showcase creates files with 8 characters so the {{matches(..)}} [method|https://github.com/kiegroup/kie-wb-common/… [View More]

7 years

1
0
0 / 0

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

jboss-jira March 2018