July 2018 - jboss-jira - Jboss List Archives

[JBoss JIRA] (DROOLS-2805) Release notes for 7.9.0 Final are not linked correctly

by Daniele Zonca (JIRA)

Daniele Zonca created DROOLS-2805: ------------------------------------- Summary: Release notes for 7.9.0 Final are not linked correctly Key: DROOLS-2805 URL: https://issues.jboss.org/browse/DROOLS-2805 Project: Drools Issue Type: Bug Components: docs Reporter: Daniele Zonca Assignee: Daniele Zonca -- This message was sent by Atlassian JIRA (v7.5.0#75005)

5 years, 10 months

1
0
0 / 0

[JBoss JIRA] (WFCORE-3981) Upgrade jboss-logging from 3.3.1.Final to 3.3.2.Final

by James Perkins (JIRA)

James Perkins created WFCORE-3981: ------------------------------------- Summary: Upgrade jboss-logging from 3.3.1.Final to 3.3.2.Final Key: WFCORE-3981 URL: https://issues.jboss.org/browse/WFCORE-3981 Project: WildFly Core Issue Type: Component Upgrade Components: Logging Reporter: James Perkins Assignee: James Perkins Version 3.3.2.Final was release which added support for the {{Automatic-Module-Name}} manifest entry. This should be integrated into WildFly. Diff: https://github.com/jboss-logging/jboss-logging/compare/3.3.1.Final...3.3.... -- This message was sent by Atlassian JIRA (v7.5.0#75005)

5 years, 10 months

1
0
0 / 0

[JBoss JIRA] (ELY-1618) TLS with BCJSSE Provider does not work

by Martin Choma (JIRA)

[ https://issues.jboss.org/browse/ELY-1618?page=com.atlassian.jira.plugin.s... ] Martin Choma updated ELY-1618: ------------------------------ Steps to Reproduce: * drop two bc fips jars into java.home/jre/lib/ext ** bc-fips-1.0.1.jar ** bctls-fips-1.0.5.jar * install bc fips in java.security {code} security.provider.1=org.bouncycastle.jcajce.provider.BouncyCastleFipsProvider security.provider.2=org.bouncycastle.jsse.provider.BouncyCastleJsseProvider fips:BCFIPS security.provider.3=sun.security.provider.Sun {code} * remove openssl provider from standalone.xml ** /subsystem=elytron:write-attribute(name=final-providers,value=elytron) * create BCFKS keystore ** keytool, -genkeypair, -alias, appserver, -keyalg, RSA, -keysize, 2048, -keypass, password, -keystore, /home/mchoma/git-repo/tests-security/fips/target/bc-workdir/keystore.bcfks, -provider, org.bouncycastle.jcajce.provider.BouncyCastleFipsProvider, -providerpath, /home/mchoma/.m2/repository/org/bouncycastle/fips/bc-fips/1.0.1/bc-fips-1.0.1.jar, -storetype, BCFKS, -storepass, password, -dname, CN=appserver,OU=QE,O=Redhat,L=Brno,ST=CR,C=CZ, -validity, 730, -v * configure undertow with tls ** /subsystem=elytron/key-store=key-store-name_server-ssl-context:add(name=key-store-name_server-ssl-context, type=BCFKS, credential-reference={clear-text => password}, path=/home/mchoma/git-repo/tests-security/fips/target/bc-workdir/keystore.bcfks ** /subsystem=elytron/key-manager=key-manager-name_server-ssl-context:add(key-store=key-store-name_server-ssl-context, credential-reference={clear-text => password}, algorithm=X509) ** /subsystem=elytron/server-ssl-context=server-ssl-context:add(key-manager=key-manager-name_server-ssl-context, cipher-suite-filter=TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA,TLS_DHE_DSS_WITH_AES_128_CBC_SHA,TLS_DHE_DSS_WITH_AES_128_CBC_SHA256,TLS_DHE_DSS_WITH_AES_256_CBC_SHA,TLS_DHE_DSS_WITH_AES_256_CBC_SHA256,TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA,TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256,TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384,TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,TLS_RSA_WITH_3DES_EDE_CBC_SHA,TLS_RSA_WITH_AES_128_CBC_SHA,TLS_RSA_WITH_AES_128_CBC_SHA256,TLS_RSA_WITH_AES_256_CBC_SHA,TLS_RSA_WITH_AES_256_CBC_SHA256, protocols=[TLSv1.2], need-client-auth=false) ** /subsystem=undertow/server=default-server/https-listener=https-listener:write-attribute(name=ssl-context, value=server-ssl-context) was: * drop two bc fips jars into java.home/jre/lib/ext ** bc-fips-1.0.1.jar ** bctls-fips-1.0.5.jar * install bc fips in java.security {code} security.provider.1=org.bouncycastle.jcajce.provider.BouncyCastleFipsProvider security.provider.2=org.bouncycastle.jsse.provider.BouncyCastleJsseProvider fips:BCFIPS security.provider.3=sun.security.provider.Sun {code} * remove openssl provider from standalone.xml ** /subsystem=elytron:write-attribute(name=final-providers,value=elytron) * create BCFKS keystore ** keytool, -genkeypair, -alias, appserver, -keyalg, RSA, -keysize, 2048, -keypass, password, -keystore, /home/mchoma/git-repo/tests-security/fips/target/bc-workdir/keystore.bcfks, -provider, org.bouncycastle.jcajce.provider.BouncyCastleFipsProvider, -providerpath, /home/mchoma/.m2/repository/org/bouncycastle/fips/bc-fips/1.0.1/bc-fips-1.0.1.jar, -storetype, BCFKS, -storepass, password, -dname, CN=appserver,OU=QE,O=Redhat,L=Brno,ST=CR,C=CZ, -validity, 730, -v * configure undertow with tls **/subsystem=elytron/key-store=key-store-name_server-ssl-context:add(name=key-store-name_server-ssl-context, type=BCFKS, credential-reference={clear-text => password}, path=/home/mchoma/git-repo/tests-security/fips/target/bc-workdir/keystore.bcfks **/subsystem=elytron/key-manager=key-manager-name_server-ssl-context:add(key-store=key-store-name_server-ssl-context, credential-reference={clear-text => password}, algorithm=X509) **/subsystem=elytron/server-ssl-context=server-ssl-context:add(key-manager=key-manager-name_server-ssl-context, cipher-suite-filter=TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA,TLS_DHE_DSS_WITH_AES_128_CBC_SHA,TLS_DHE_DSS_WITH_AES_128_CBC_SHA256,TLS_DHE_DSS_WITH_AES_256_CBC_SHA,TLS_DHE_DSS_WITH_AES_256_CBC_SHA256,TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA,TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256,TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384,TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,TLS_RSA_WITH_3DES_EDE_CBC_SHA,TLS_RSA_WITH_AES_128_CBC_SHA,TLS_RSA_WITH_AES_128_CBC_SHA256,TLS_RSA_WITH_AES_256_CBC_SHA,TLS_RSA_WITH_AES_256_CBC_SHA256, protocols=[TLSv1.2], need-client-auth=false) **/subsystem=undertow/server=default-server/https-listener=https-listener:write-attribute(name=ssl-context, value=server-ssl-context) > TLS with BCJSSE Provider does not work > -------------------------------------- > > Key: ELY-1618 > URL: https://issues.jboss.org/browse/ELY-1618 > Project: WildFly Elytron > Issue Type: Bug > Components: SSL > Affects Versions: 1.4.0.Final > Reporter: Martin Choma > Assignee: Farah Juma > Priority: Blocker > Attachments: standalone.v29.xml > > > When I configure BouncyCastleJsseProvider to by only possible provider providing TLS TLS does not work with exception > {code} > 14:07:53,905 TRACE [org.wildfly.security] (MSC service thread 1-4) No SSLContext provided by providers in SSLUtils: [BCFIPS version 1.01, BCJSSE version 1.0005, SUN version 1.8, ApacheXMLDSig version 2.11, SunJCE version 1.8, TLSP version 1.0, WildFlyElytron version 1.0] > 14:07:53,906 ERROR [org.jboss.msc.service.fail] (MSC service thread 1-4) MSC000001: Failed to start service org.wildfly.security.ssl-context.test-server-ssl-context: org.jboss.msc.service.StartException in service org.wildfly.security.ssl-context.test-server-ssl-context: java.security.NoSuchAlgorithmException: ELY04001: No algorithm found matching TLS/SSL protocol selection criteria > at org.wildfly.extension.elytron.SSLDefinitions$6.lambda$getValueSupplier$1(SSLDefinitions.java:926) > at org.wildfly.extension.elytron.TrivialService.start(TrivialService.java:53) > at org.jboss.msc.service.ServiceControllerImpl$StartTask.startService(ServiceControllerImpl.java:1736) > at org.jboss.msc.service.ServiceControllerImpl$StartTask.execute(ServiceControllerImpl.java:1698) > at org.jboss.msc.service.ServiceControllerImpl$ControllerTask.run(ServiceControllerImpl.java:1556) > at org.jboss.threads.ContextClassLoaderSavingRunnable.run(ContextClassLoaderSavingRunnable.java:35) > at org.jboss.threads.EnhancedQueueExecutor.safeRun(EnhancedQueueExecutor.java:1985) > at org.jboss.threads.EnhancedQueueExecutor$ThreadBody.doRunTask(EnhancedQueueExecutor.java:1487) > at org.jboss.threads.EnhancedQueueExecutor$ThreadBody.run(EnhancedQueueExecutor.java:1378) > at java.lang.Thread.run(Thread.java:748) > Caused by: java.security.NoSuchAlgorithmException: ELY04001: No algorithm found matching TLS/SSL protocol selection criteria > at org.wildfly.security.ssl.SSLUtils.throwIt(SSLUtils.java:142) > at org.wildfly.security.ssl.SSLContextBuilder.lambda$build$0(SSLContextBuilder.java:340) > at org.wildfly.security.OneTimeSecurityFactory.create(OneTimeSecurityFactory.java:53) > at org.wildfly.extension.elytron.SSLDefinitions$6.lambda$getValueSupplier$1(SSLDefinitions.java:924) > ... 9 more > 14:07:53,910 ERROR [org.jboss.as.controller.management-operation] (management-handler-thread - 1) WFLYCTL0013: Operation ("add") failed - address: ([ > ("subsystem" => "elytron"), > ("server-ssl-context" => "test-server-ssl-context") > ]) - failure description: {"WFLYCTL0080: Failed services" => {"org.wildfly.security.ssl-context.test-server-ssl-context" => "java.security.NoSuchAlgorithmException: ELY04001: No algorithm found matching TLS/SSL protocol selection criteria > Caused by: java.security.NoSuchAlgorithmException: ELY04001: No algorithm found matching TLS/SSL protocol selection criteria"}} > {code} > After debugging it seems problem is this: > Supported protocols resolved from BCJSSE version 1.0005 are [TLS, TLSV1, TLSV1.2, DEFAULT, TLSV1.1] > Whereas Elytron class org.wildfly.security.ssl.Protocol use constants TLSv1, TLSv1.1, TLSv1.2, ... It means lower case "v" > And thus ProtocolSelector.evaluate does return empty set. > Possible solution to this particular problem will be make Protocol case insensitive. It means define enum constants in upper case and adjust methods to use .toUpperCase(). But I am probably not aware of all consequences of such change. -- This message was sent by Atlassian JIRA (v7.5.0#75005)

5 years, 10 months

1
0
0 / 0

[JBoss JIRA] (ELY-1618) TLS with BCJSSE Provider does not work

by Martin Choma (JIRA)

[ https://issues.jboss.org/browse/ELY-1618?page=com.atlassian.jira.plugin.s... ] Martin Choma updated ELY-1618: ------------------------------ Steps to Reproduce: * drop two bc fips jars into java.home/jre/lib/ext ** bc-fips-1.0.1.jar ** bctls-fips-1.0.5.jar * install bc fips in java.security {code} security.provider.1=org.bouncycastle.jcajce.provider.BouncyCastleFipsProvider security.provider.2=org.bouncycastle.jsse.provider.BouncyCastleJsseProvider fips:BCFIPS security.provider.3=sun.security.provider.Sun {code} * remove openssl provider from standalone.xml ** /subsystem=elytron:write-attribute(name=final-providers,value=elytron) * create BCFKS keystore ** keytool, -genkeypair, -alias, appserver, -keyalg, RSA, -keysize, 2048, -keypass, password, -keystore, /home/mchoma/git-repo/tests-security/fips/target/bc-workdir/keystore.bcfks, -provider, org.bouncycastle.jcajce.provider.BouncyCastleFipsProvider, -providerpath, /home/mchoma/.m2/repository/org/bouncycastle/fips/bc-fips/1.0.1/bc-fips-1.0.1.jar, -storetype, BCFKS, -storepass, password, -dname, CN=appserver,OU=QE,O=Redhat,L=Brno,ST=CR,C=CZ, -validity, 730, -v * create server ssl context ** /subsystem=elytron/key-store=key-store-name_server-ssl-context:add(name=key-store-name_server-ssl-context, type=BCFKS, credential-reference={clear-text => password}, path=/home/mchoma/git-repo/tests-security/fips/target/bc-workdir/keystore.bcfks ** /subsystem=elytron/key-manager=key-manager-name_server-ssl-context:add(key-store=key-store-name_server-ssl-context, credential-reference={clear-text => password}, algorithm=X509) ** /subsystem=elytron/server-ssl-context=server-ssl-context:add(key-manager=key-manager-name_server-ssl-context, cipher-suite-filter=TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA,TLS_DHE_DSS_WITH_AES_128_CBC_SHA,TLS_DHE_DSS_WITH_AES_128_CBC_SHA256,TLS_DHE_DSS_WITH_AES_256_CBC_SHA,TLS_DHE_DSS_WITH_AES_256_CBC_SHA256,TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA,TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256,TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384,TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,TLS_RSA_WITH_3DES_EDE_CBC_SHA,TLS_RSA_WITH_AES_128_CBC_SHA,TLS_RSA_WITH_AES_128_CBC_SHA256,TLS_RSA_WITH_AES_256_CBC_SHA,TLS_RSA_WITH_AES_256_CBC_SHA256, protocols=[TLSv1.2], need-client-auth=false) ** /subsystem=undertow/server=default-server/https-listener=https-listener:write-attribute(name=ssl-context, value=server-ssl-context) was: * drop two bc fips jars into java.home/jre/lib/ext ** bc-fips-1.0.1.jar ** bctls-fips-1.0.5.jar * install bc fips in java.security {code} security.provider.1=org.bouncycastle.jcajce.provider.BouncyCastleFipsProvider security.provider.2=org.bouncycastle.jsse.provider.BouncyCastleJsseProvider fips:BCFIPS security.provider.3=sun.security.provider.Sun {code} * remove openssl provider from standalone.xml ** /subsystem=elytron:write-attribute(name=final-providers,value=elytron) > TLS with BCJSSE Provider does not work > -------------------------------------- > > Key: ELY-1618 > URL: https://issues.jboss.org/browse/ELY-1618 > Project: WildFly Elytron > Issue Type: Bug > Components: SSL > Affects Versions: 1.4.0.Final > Reporter: Martin Choma > Assignee: Farah Juma > Priority: Blocker > Attachments: standalone.v29.xml > > > When I configure BouncyCastleJsseProvider to by only possible provider providing TLS TLS does not work with exception > {code} > 14:07:53,905 TRACE [org.wildfly.security] (MSC service thread 1-4) No SSLContext provided by providers in SSLUtils: [BCFIPS version 1.01, BCJSSE version 1.0005, SUN version 1.8, ApacheXMLDSig version 2.11, SunJCE version 1.8, TLSP version 1.0, WildFlyElytron version 1.0] > 14:07:53,906 ERROR [org.jboss.msc.service.fail] (MSC service thread 1-4) MSC000001: Failed to start service org.wildfly.security.ssl-context.test-server-ssl-context: org.jboss.msc.service.StartException in service org.wildfly.security.ssl-context.test-server-ssl-context: java.security.NoSuchAlgorithmException: ELY04001: No algorithm found matching TLS/SSL protocol selection criteria > at org.wildfly.extension.elytron.SSLDefinitions$6.lambda$getValueSupplier$1(SSLDefinitions.java:926) > at org.wildfly.extension.elytron.TrivialService.start(TrivialService.java:53) > at org.jboss.msc.service.ServiceControllerImpl$StartTask.startService(ServiceControllerImpl.java:1736) > at org.jboss.msc.service.ServiceControllerImpl$StartTask.execute(ServiceControllerImpl.java:1698) > at org.jboss.msc.service.ServiceControllerImpl$ControllerTask.run(ServiceControllerImpl.java:1556) > at org.jboss.threads.ContextClassLoaderSavingRunnable.run(ContextClassLoaderSavingRunnable.java:35) > at org.jboss.threads.EnhancedQueueExecutor.safeRun(EnhancedQueueExecutor.java:1985) > at org.jboss.threads.EnhancedQueueExecutor$ThreadBody.doRunTask(EnhancedQueueExecutor.java:1487) > at org.jboss.threads.EnhancedQueueExecutor$ThreadBody.run(EnhancedQueueExecutor.java:1378) > at java.lang.Thread.run(Thread.java:748) > Caused by: java.security.NoSuchAlgorithmException: ELY04001: No algorithm found matching TLS/SSL protocol selection criteria > at org.wildfly.security.ssl.SSLUtils.throwIt(SSLUtils.java:142) > at org.wildfly.security.ssl.SSLContextBuilder.lambda$build$0(SSLContextBuilder.java:340) > at org.wildfly.security.OneTimeSecurityFactory.create(OneTimeSecurityFactory.java:53) > at org.wildfly.extension.elytron.SSLDefinitions$6.lambda$getValueSupplier$1(SSLDefinitions.java:924) > ... 9 more > 14:07:53,910 ERROR [org.jboss.as.controller.management-operation] (management-handler-thread - 1) WFLYCTL0013: Operation ("add") failed - address: ([ > ("subsystem" => "elytron"), > ("server-ssl-context" => "test-server-ssl-context") > ]) - failure description: {"WFLYCTL0080: Failed services" => {"org.wildfly.security.ssl-context.test-server-ssl-context" => "java.security.NoSuchAlgorithmException: ELY04001: No algorithm found matching TLS/SSL protocol selection criteria > Caused by: java.security.NoSuchAlgorithmException: ELY04001: No algorithm found matching TLS/SSL protocol selection criteria"}} > {code} > After debugging it seems problem is this: > Supported protocols resolved from BCJSSE version 1.0005 are [TLS, TLSV1, TLSV1.2, DEFAULT, TLSV1.1] > Whereas Elytron class org.wildfly.security.ssl.Protocol use constants TLSv1, TLSv1.1, TLSv1.2, ... It means lower case "v" > And thus ProtocolSelector.evaluate does return empty set. > Possible solution to this particular problem will be make Protocol case insensitive. It means define enum constants in upper case and adjust methods to use .toUpperCase(). But I am probably not aware of all consequences of such change. -- This message was sent by Atlassian JIRA (v7.5.0#75005)

5 years, 10 months

1
0
0 / 0

[JBoss JIRA] (ELY-1618) TLS with BCJSSE Provider does not work

by Martin Choma (JIRA)

[ https://issues.jboss.org/browse/ELY-1618?page=com.atlassian.jira.plugin.s... ] Martin Choma updated ELY-1618: ------------------------------ Steps to Reproduce: * drop two bc fips jars into java.home/jre/lib/ext ** bc-fips-1.0.1.jar ** bctls-fips-1.0.5.jar * install bc fips in java.security {code} security.provider.1=org.bouncycastle.jcajce.provider.BouncyCastleFipsProvider security.provider.2=org.bouncycastle.jsse.provider.BouncyCastleJsseProvider fips:BCFIPS security.provider.3=sun.security.provider.Sun {code} * remove openssl provider from standalone.xml ** /subsystem=elytron:write-attribute(name=final-providers,value=elytron) * create BCFKS keystore ** keytool, -genkeypair, -alias, appserver, -keyalg, RSA, -keysize, 2048, -keypass, password, -keystore, /home/mchoma/git-repo/tests-security/fips/target/bc-workdir/keystore.bcfks, -provider, org.bouncycastle.jcajce.provider.BouncyCastleFipsProvider, -providerpath, /home/mchoma/.m2/repository/org/bouncycastle/fips/bc-fips/1.0.1/bc-fips-1.0.1.jar, -storetype, BCFKS, -storepass, password, -dname, CN=appserver,OU=QE,O=Redhat,L=Brno,ST=CR,C=CZ, -validity, 730, -v * configure undertow with tls **/subsystem=elytron/key-store=key-store-name_server-ssl-context:add(name=key-store-name_server-ssl-context, type=BCFKS, credential-reference={clear-text => password}, path=/home/mchoma/git-repo/tests-security/fips/target/bc-workdir/keystore.bcfks **/subsystem=elytron/key-manager=key-manager-name_server-ssl-context:add(key-store=key-store-name_server-ssl-context, credential-reference={clear-text => password}, algorithm=X509) **/subsystem=elytron/server-ssl-context=server-ssl-context:add(key-manager=key-manager-name_server-ssl-context, cipher-suite-filter=TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA,TLS_DHE_DSS_WITH_AES_128_CBC_SHA,TLS_DHE_DSS_WITH_AES_128_CBC_SHA256,TLS_DHE_DSS_WITH_AES_256_CBC_SHA,TLS_DHE_DSS_WITH_AES_256_CBC_SHA256,TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA,TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256,TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384,TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,TLS_RSA_WITH_3DES_EDE_CBC_SHA,TLS_RSA_WITH_AES_128_CBC_SHA,TLS_RSA_WITH_AES_128_CBC_SHA256,TLS_RSA_WITH_AES_256_CBC_SHA,TLS_RSA_WITH_AES_256_CBC_SHA256, protocols=[TLSv1.2], need-client-auth=false) **/subsystem=undertow/server=default-server/https-listener=https-listener:write-attribute(name=ssl-context, value=server-ssl-context) was: * drop two bc fips jars into java.home/jre/lib/ext ** bc-fips-1.0.1.jar ** bctls-fips-1.0.5.jar * install bc fips in java.security {code} security.provider.1=org.bouncycastle.jcajce.provider.BouncyCastleFipsProvider security.provider.2=org.bouncycastle.jsse.provider.BouncyCastleJsseProvider fips:BCFIPS security.provider.3=sun.security.provider.Sun {code} * remove openssl provider from standalone.xml ** /subsystem=elytron:write-attribute(name=final-providers,value=elytron) * create BCFKS keystore ** keytool, -genkeypair, -alias, appserver, -keyalg, RSA, -keysize, 2048, -keypass, password, -keystore, /home/mchoma/git-repo/tests-security/fips/target/bc-workdir/keystore.bcfks, -provider, org.bouncycastle.jcajce.provider.BouncyCastleFipsProvider, -providerpath, /home/mchoma/.m2/repository/org/bouncycastle/fips/bc-fips/1.0.1/bc-fips-1.0.1.jar, -storetype, BCFKS, -storepass, password, -dname, CN=appserver,OU=QE,O=Redhat,L=Brno,ST=CR,C=CZ, -validity, 730, -v * create server ssl context ** /subsystem=elytron/key-store=key-store-name_server-ssl-context:add(name=key-store-name_server-ssl-context, type=BCFKS, credential-reference={clear-text => password}, path=/home/mchoma/git-repo/tests-security/fips/target/bc-workdir/keystore.bcfks ** /subsystem=elytron/key-manager=key-manager-name_server-ssl-context:add(key-store=key-store-name_server-ssl-context, credential-reference={clear-text => password}, algorithm=X509) ** /subsystem=elytron/server-ssl-context=server-ssl-context:add(key-manager=key-manager-name_server-ssl-context, cipher-suite-filter=TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA,TLS_DHE_DSS_WITH_AES_128_CBC_SHA,TLS_DHE_DSS_WITH_AES_128_CBC_SHA256,TLS_DHE_DSS_WITH_AES_256_CBC_SHA,TLS_DHE_DSS_WITH_AES_256_CBC_SHA256,TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA,TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256,TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384,TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,TLS_RSA_WITH_3DES_EDE_CBC_SHA,TLS_RSA_WITH_AES_128_CBC_SHA,TLS_RSA_WITH_AES_128_CBC_SHA256,TLS_RSA_WITH_AES_256_CBC_SHA,TLS_RSA_WITH_AES_256_CBC_SHA256, protocols=[TLSv1.2], need-client-auth=false) ** /subsystem=undertow/server=default-server/https-listener=https-listener:write-attribute(name=ssl-context, value=server-ssl-context) > TLS with BCJSSE Provider does not work > -------------------------------------- > > Key: ELY-1618 > URL: https://issues.jboss.org/browse/ELY-1618 > Project: WildFly Elytron > Issue Type: Bug > Components: SSL > Affects Versions: 1.4.0.Final > Reporter: Martin Choma > Assignee: Farah Juma > Priority: Blocker > Attachments: standalone.v29.xml > > > When I configure BouncyCastleJsseProvider to by only possible provider providing TLS TLS does not work with exception > {code} > 14:07:53,905 TRACE [org.wildfly.security] (MSC service thread 1-4) No SSLContext provided by providers in SSLUtils: [BCFIPS version 1.01, BCJSSE version 1.0005, SUN version 1.8, ApacheXMLDSig version 2.11, SunJCE version 1.8, TLSP version 1.0, WildFlyElytron version 1.0] > 14:07:53,906 ERROR [org.jboss.msc.service.fail] (MSC service thread 1-4) MSC000001: Failed to start service org.wildfly.security.ssl-context.test-server-ssl-context: org.jboss.msc.service.StartException in service org.wildfly.security.ssl-context.test-server-ssl-context: java.security.NoSuchAlgorithmException: ELY04001: No algorithm found matching TLS/SSL protocol selection criteria > at org.wildfly.extension.elytron.SSLDefinitions$6.lambda$getValueSupplier$1(SSLDefinitions.java:926) > at org.wildfly.extension.elytron.TrivialService.start(TrivialService.java:53) > at org.jboss.msc.service.ServiceControllerImpl$StartTask.startService(ServiceControllerImpl.java:1736) > at org.jboss.msc.service.ServiceControllerImpl$StartTask.execute(ServiceControllerImpl.java:1698) > at org.jboss.msc.service.ServiceControllerImpl$ControllerTask.run(ServiceControllerImpl.java:1556) > at org.jboss.threads.ContextClassLoaderSavingRunnable.run(ContextClassLoaderSavingRunnable.java:35) > at org.jboss.threads.EnhancedQueueExecutor.safeRun(EnhancedQueueExecutor.java:1985) > at org.jboss.threads.EnhancedQueueExecutor$ThreadBody.doRunTask(EnhancedQueueExecutor.java:1487) > at org.jboss.threads.EnhancedQueueExecutor$ThreadBody.run(EnhancedQueueExecutor.java:1378) > at java.lang.Thread.run(Thread.java:748) > Caused by: java.security.NoSuchAlgorithmException: ELY04001: No algorithm found matching TLS/SSL protocol selection criteria > at org.wildfly.security.ssl.SSLUtils.throwIt(SSLUtils.java:142) > at org.wildfly.security.ssl.SSLContextBuilder.lambda$build$0(SSLContextBuilder.java:340) > at org.wildfly.security.OneTimeSecurityFactory.create(OneTimeSecurityFactory.java:53) > at org.wildfly.extension.elytron.SSLDefinitions$6.lambda$getValueSupplier$1(SSLDefinitions.java:924) > ... 9 more > 14:07:53,910 ERROR [org.jboss.as.controller.management-operation] (management-handler-thread - 1) WFLYCTL0013: Operation ("add") failed - address: ([ > ("subsystem" => "elytron"), > ("server-ssl-context" => "test-server-ssl-context") > ]) - failure description: {"WFLYCTL0080: Failed services" => {"org.wildfly.security.ssl-context.test-server-ssl-context" => "java.security.NoSuchAlgorithmException: ELY04001: No algorithm found matching TLS/SSL protocol selection criteria > Caused by: java.security.NoSuchAlgorithmException: ELY04001: No algorithm found matching TLS/SSL protocol selection criteria"}} > {code} > After debugging it seems problem is this: > Supported protocols resolved from BCJSSE version 1.0005 are [TLS, TLSV1, TLSV1.2, DEFAULT, TLSV1.1] > Whereas Elytron class org.wildfly.security.ssl.Protocol use constants TLSv1, TLSv1.1, TLSv1.2, ... It means lower case "v" > And thus ProtocolSelector.evaluate does return empty set. > Possible solution to this particular problem will be make Protocol case insensitive. It means define enum constants in upper case and adjust methods to use .toUpperCase(). But I am probably not aware of all consequences of such change. -- This message was sent by Atlassian JIRA (v7.5.0#75005)

5 years, 10 months

1
0
0 / 0

[JBoss JIRA] (ELY-1618) TLS with BCJSSE Provider does not work

by Martin Choma (JIRA)

[ https://issues.jboss.org/browse/ELY-1618?page=com.atlassian.jira.plugin.s... ] Martin Choma updated ELY-1618: ------------------------------ Steps to Reproduce: * drop two bc fips jars into java.home/jre/lib/ext ** bc-fips-1.0.1.jar ** bctls-fips-1.0.5.jar * install bc fips in java.security {code} security.provider.1=org.bouncycastle.jcajce.provider.BouncyCastleFipsProvider security.provider.2=org.bouncycastle.jsse.provider.BouncyCastleJsseProvider fips:BCFIPS security.provider.3=sun.security.provider.Sun {code} * remove openssl provider from standalone.xml ** /subsystem=elytron:write-attribute(name=final-providers,value=elytron) was: * drop two bc fips jars into java.home/jre/lib/ext ** bc-fips-1.0.1.jar ** bctls-fips-1.0.5.jar * install bc fips in java.security security.provider.1=org.bouncycastle.jcajce.provider.BouncyCastleFipsProvider security.provider.2=org.bouncycastle.jsse.provider.BouncyCastleJsseProvider fips:BCFIPS security.provider.3=sun.security.provider.Sun * remove openssl provider from standalone.xml ** /subsystem=elytron:write-attribute(name=final-providers,value=elytron) > TLS with BCJSSE Provider does not work > -------------------------------------- > > Key: ELY-1618 > URL: https://issues.jboss.org/browse/ELY-1618 > Project: WildFly Elytron > Issue Type: Bug > Components: SSL > Affects Versions: 1.4.0.Final > Reporter: Martin Choma > Assignee: Farah Juma > Priority: Blocker > Attachments: standalone.v29.xml > > > When I configure BouncyCastleJsseProvider to by only possible provider providing TLS TLS does not work with exception > {code} > 14:07:53,905 TRACE [org.wildfly.security] (MSC service thread 1-4) No SSLContext provided by providers in SSLUtils: [BCFIPS version 1.01, BCJSSE version 1.0005, SUN version 1.8, ApacheXMLDSig version 2.11, SunJCE version 1.8, TLSP version 1.0, WildFlyElytron version 1.0] > 14:07:53,906 ERROR [org.jboss.msc.service.fail] (MSC service thread 1-4) MSC000001: Failed to start service org.wildfly.security.ssl-context.test-server-ssl-context: org.jboss.msc.service.StartException in service org.wildfly.security.ssl-context.test-server-ssl-context: java.security.NoSuchAlgorithmException: ELY04001: No algorithm found matching TLS/SSL protocol selection criteria > at org.wildfly.extension.elytron.SSLDefinitions$6.lambda$getValueSupplier$1(SSLDefinitions.java:926) > at org.wildfly.extension.elytron.TrivialService.start(TrivialService.java:53) > at org.jboss.msc.service.ServiceControllerImpl$StartTask.startService(ServiceControllerImpl.java:1736) > at org.jboss.msc.service.ServiceControllerImpl$StartTask.execute(ServiceControllerImpl.java:1698) > at org.jboss.msc.service.ServiceControllerImpl$ControllerTask.run(ServiceControllerImpl.java:1556) > at org.jboss.threads.ContextClassLoaderSavingRunnable.run(ContextClassLoaderSavingRunnable.java:35) > at org.jboss.threads.EnhancedQueueExecutor.safeRun(EnhancedQueueExecutor.java:1985) > at org.jboss.threads.EnhancedQueueExecutor$ThreadBody.doRunTask(EnhancedQueueExecutor.java:1487) > at org.jboss.threads.EnhancedQueueExecutor$ThreadBody.run(EnhancedQueueExecutor.java:1378) > at java.lang.Thread.run(Thread.java:748) > Caused by: java.security.NoSuchAlgorithmException: ELY04001: No algorithm found matching TLS/SSL protocol selection criteria > at org.wildfly.security.ssl.SSLUtils.throwIt(SSLUtils.java:142) > at org.wildfly.security.ssl.SSLContextBuilder.lambda$build$0(SSLContextBuilder.java:340) > at org.wildfly.security.OneTimeSecurityFactory.create(OneTimeSecurityFactory.java:53) > at org.wildfly.extension.elytron.SSLDefinitions$6.lambda$getValueSupplier$1(SSLDefinitions.java:924) > ... 9 more > 14:07:53,910 ERROR [org.jboss.as.controller.management-operation] (management-handler-thread - 1) WFLYCTL0013: Operation ("add") failed - address: ([ > ("subsystem" => "elytron"), > ("server-ssl-context" => "test-server-ssl-context") > ]) - failure description: {"WFLYCTL0080: Failed services" => {"org.wildfly.security.ssl-context.test-server-ssl-context" => "java.security.NoSuchAlgorithmException: ELY04001: No algorithm found matching TLS/SSL protocol selection criteria > Caused by: java.security.NoSuchAlgorithmException: ELY04001: No algorithm found matching TLS/SSL protocol selection criteria"}} > {code} > After debugging it seems problem is this: > Supported protocols resolved from BCJSSE version 1.0005 are [TLS, TLSV1, TLSV1.2, DEFAULT, TLSV1.1] > Whereas Elytron class org.wildfly.security.ssl.Protocol use constants TLSv1, TLSv1.1, TLSv1.2, ... It means lower case "v" > And thus ProtocolSelector.evaluate does return empty set. > Possible solution to this particular problem will be make Protocol case insensitive. It means define enum constants in upper case and adjust methods to use .toUpperCase(). But I am probably not aware of all consequences of such change. -- This message was sent by Atlassian JIRA (v7.5.0#75005)

5 years, 10 months

1
0
0 / 0

[JBoss JIRA] (ELY-1618) TLS with BCJSSE Provider does not work

by Martin Choma (JIRA)

[ https://issues.jboss.org/browse/ELY-1618?page=com.atlassian.jira.plugin.s... ] Martin Choma updated ELY-1618: ------------------------------ Steps to Reproduce: * drop two bc fips jars into ${java.home}/jre/lib/ext ** bc-fips-1.0.1.jar ** bctls-fips-1.0.5.jar * install bc fips in java.security security.provider.1=org.bouncycastle.jcajce.provider.BouncyCastleFipsProvider security.provider.2=org.bouncycastle.jsse.provider.BouncyCastleJsseProvider fips:BCFIPS security.provider.3=sun.security.provider.Sun * remove openssl provider from standalone.xml ** /subsystem=elytron:write-attribute(name=final-providers,value=elytron) was: * install bc fips in java.security security.provider.1=org.bouncycastle.jcajce.provider.BouncyCastleFipsProvider security.provider.2=org.bouncycastle.jsse.provider.BouncyCastleJsseProvider fips:BCFIPS security.provider.3=sun.security.provider.Sun * remove openssl provider from standalone.xml * try TLS > TLS with BCJSSE Provider does not work > -------------------------------------- > > Key: ELY-1618 > URL: https://issues.jboss.org/browse/ELY-1618 > Project: WildFly Elytron > Issue Type: Bug > Components: SSL > Affects Versions: 1.4.0.Final > Reporter: Martin Choma > Assignee: Farah Juma > Priority: Blocker > Attachments: standalone.v29.xml > > > When I configure BouncyCastleJsseProvider to by only possible provider providing TLS TLS does not work with exception > {code} > 14:07:53,905 TRACE [org.wildfly.security] (MSC service thread 1-4) No SSLContext provided by providers in SSLUtils: [BCFIPS version 1.01, BCJSSE version 1.0005, SUN version 1.8, ApacheXMLDSig version 2.11, SunJCE version 1.8, TLSP version 1.0, WildFlyElytron version 1.0] > 14:07:53,906 ERROR [org.jboss.msc.service.fail] (MSC service thread 1-4) MSC000001: Failed to start service org.wildfly.security.ssl-context.test-server-ssl-context: org.jboss.msc.service.StartException in service org.wildfly.security.ssl-context.test-server-ssl-context: java.security.NoSuchAlgorithmException: ELY04001: No algorithm found matching TLS/SSL protocol selection criteria > at org.wildfly.extension.elytron.SSLDefinitions$6.lambda$getValueSupplier$1(SSLDefinitions.java:926) > at org.wildfly.extension.elytron.TrivialService.start(TrivialService.java:53) > at org.jboss.msc.service.ServiceControllerImpl$StartTask.startService(ServiceControllerImpl.java:1736) > at org.jboss.msc.service.ServiceControllerImpl$StartTask.execute(ServiceControllerImpl.java:1698) > at org.jboss.msc.service.ServiceControllerImpl$ControllerTask.run(ServiceControllerImpl.java:1556) > at org.jboss.threads.ContextClassLoaderSavingRunnable.run(ContextClassLoaderSavingRunnable.java:35) > at org.jboss.threads.EnhancedQueueExecutor.safeRun(EnhancedQueueExecutor.java:1985) > at org.jboss.threads.EnhancedQueueExecutor$ThreadBody.doRunTask(EnhancedQueueExecutor.java:1487) > at org.jboss.threads.EnhancedQueueExecutor$ThreadBody.run(EnhancedQueueExecutor.java:1378) > at java.lang.Thread.run(Thread.java:748) > Caused by: java.security.NoSuchAlgorithmException: ELY04001: No algorithm found matching TLS/SSL protocol selection criteria > at org.wildfly.security.ssl.SSLUtils.throwIt(SSLUtils.java:142) > at org.wildfly.security.ssl.SSLContextBuilder.lambda$build$0(SSLContextBuilder.java:340) > at org.wildfly.security.OneTimeSecurityFactory.create(OneTimeSecurityFactory.java:53) > at org.wildfly.extension.elytron.SSLDefinitions$6.lambda$getValueSupplier$1(SSLDefinitions.java:924) > ... 9 more > 14:07:53,910 ERROR [org.jboss.as.controller.management-operation] (management-handler-thread - 1) WFLYCTL0013: Operation ("add") failed - address: ([ > ("subsystem" => "elytron"), > ("server-ssl-context" => "test-server-ssl-context") > ]) - failure description: {"WFLYCTL0080: Failed services" => {"org.wildfly.security.ssl-context.test-server-ssl-context" => "java.security.NoSuchAlgorithmException: ELY04001: No algorithm found matching TLS/SSL protocol selection criteria > Caused by: java.security.NoSuchAlgorithmException: ELY04001: No algorithm found matching TLS/SSL protocol selection criteria"}} > {code} > After debugging it seems problem is this: > Supported protocols resolved from BCJSSE version 1.0005 are [TLS, TLSV1, TLSV1.2, DEFAULT, TLSV1.1] > Whereas Elytron class org.wildfly.security.ssl.Protocol use constants TLSv1, TLSv1.1, TLSv1.2, ... It means lower case "v" > And thus ProtocolSelector.evaluate does return empty set. > Possible solution to this particular problem will be make Protocol case insensitive. It means define enum constants in upper case and adjust methods to use .toUpperCase(). But I am probably not aware of all consequences of such change. -- This message was sent by Atlassian JIRA (v7.5.0#75005)

5 years, 10 months

1
0
0 / 0

[JBoss JIRA] (ELY-1618) TLS with BCJSSE Provider does not work

by Martin Choma (JIRA)

[ https://issues.jboss.org/browse/ELY-1618?page=com.atlassian.jira.plugin.s... ] Martin Choma updated ELY-1618: ------------------------------ Steps to Reproduce: * drop two bc fips jars into ${java.home}\/jre\/lib\/ext ** bc-fips-1.0.1.jar ** bctls-fips-1.0.5.jar * install bc fips in java.security security.provider.1=org.bouncycastle.jcajce.provider.BouncyCastleFipsProvider security.provider.2=org.bouncycastle.jsse.provider.BouncyCastleJsseProvider fips:BCFIPS security.provider.3=sun.security.provider.Sun * remove openssl provider from standalone.xml ** /subsystem=elytron:write-attribute(name=final-providers,value=elytron) was: * drop two bc fips jars into ${java.home}/jre/lib/ext ** bc-fips-1.0.1.jar ** bctls-fips-1.0.5.jar * install bc fips in java.security security.provider.1=org.bouncycastle.jcajce.provider.BouncyCastleFipsProvider security.provider.2=org.bouncycastle.jsse.provider.BouncyCastleJsseProvider fips:BCFIPS security.provider.3=sun.security.provider.Sun * remove openssl provider from standalone.xml ** /subsystem=elytron:write-attribute(name=final-providers,value=elytron) > TLS with BCJSSE Provider does not work > -------------------------------------- > > Key: ELY-1618 > URL: https://issues.jboss.org/browse/ELY-1618 > Project: WildFly Elytron > Issue Type: Bug > Components: SSL > Affects Versions: 1.4.0.Final > Reporter: Martin Choma > Assignee: Farah Juma > Priority: Blocker > Attachments: standalone.v29.xml > > > When I configure BouncyCastleJsseProvider to by only possible provider providing TLS TLS does not work with exception > {code} > 14:07:53,905 TRACE [org.wildfly.security] (MSC service thread 1-4) No SSLContext provided by providers in SSLUtils: [BCFIPS version 1.01, BCJSSE version 1.0005, SUN version 1.8, ApacheXMLDSig version 2.11, SunJCE version 1.8, TLSP version 1.0, WildFlyElytron version 1.0] > 14:07:53,906 ERROR [org.jboss.msc.service.fail] (MSC service thread 1-4) MSC000001: Failed to start service org.wildfly.security.ssl-context.test-server-ssl-context: org.jboss.msc.service.StartException in service org.wildfly.security.ssl-context.test-server-ssl-context: java.security.NoSuchAlgorithmException: ELY04001: No algorithm found matching TLS/SSL protocol selection criteria > at org.wildfly.extension.elytron.SSLDefinitions$6.lambda$getValueSupplier$1(SSLDefinitions.java:926) > at org.wildfly.extension.elytron.TrivialService.start(TrivialService.java:53) > at org.jboss.msc.service.ServiceControllerImpl$StartTask.startService(ServiceControllerImpl.java:1736) > at org.jboss.msc.service.ServiceControllerImpl$StartTask.execute(ServiceControllerImpl.java:1698) > at org.jboss.msc.service.ServiceControllerImpl$ControllerTask.run(ServiceControllerImpl.java:1556) > at org.jboss.threads.ContextClassLoaderSavingRunnable.run(ContextClassLoaderSavingRunnable.java:35) > at org.jboss.threads.EnhancedQueueExecutor.safeRun(EnhancedQueueExecutor.java:1985) > at org.jboss.threads.EnhancedQueueExecutor$ThreadBody.doRunTask(EnhancedQueueExecutor.java:1487) > at org.jboss.threads.EnhancedQueueExecutor$ThreadBody.run(EnhancedQueueExecutor.java:1378) > at java.lang.Thread.run(Thread.java:748) > Caused by: java.security.NoSuchAlgorithmException: ELY04001: No algorithm found matching TLS/SSL protocol selection criteria > at org.wildfly.security.ssl.SSLUtils.throwIt(SSLUtils.java:142) > at org.wildfly.security.ssl.SSLContextBuilder.lambda$build$0(SSLContextBuilder.java:340) > at org.wildfly.security.OneTimeSecurityFactory.create(OneTimeSecurityFactory.java:53) > at org.wildfly.extension.elytron.SSLDefinitions$6.lambda$getValueSupplier$1(SSLDefinitions.java:924) > ... 9 more > 14:07:53,910 ERROR [org.jboss.as.controller.management-operation] (management-handler-thread - 1) WFLYCTL0013: Operation ("add") failed - address: ([ > ("subsystem" => "elytron"), > ("server-ssl-context" => "test-server-ssl-context") > ]) - failure description: {"WFLYCTL0080: Failed services" => {"org.wildfly.security.ssl-context.test-server-ssl-context" => "java.security.NoSuchAlgorithmException: ELY04001: No algorithm found matching TLS/SSL protocol selection criteria > Caused by: java.security.NoSuchAlgorithmException: ELY04001: No algorithm found matching TLS/SSL protocol selection criteria"}} > {code} > After debugging it seems problem is this: > Supported protocols resolved from BCJSSE version 1.0005 are [TLS, TLSV1, TLSV1.2, DEFAULT, TLSV1.1] > Whereas Elytron class org.wildfly.security.ssl.Protocol use constants TLSv1, TLSv1.1, TLSv1.2, ... It means lower case "v" > And thus ProtocolSelector.evaluate does return empty set. > Possible solution to this particular problem will be make Protocol case insensitive. It means define enum constants in upper case and adjust methods to use .toUpperCase(). But I am probably not aware of all consequences of such change. -- This message was sent by Atlassian JIRA (v7.5.0#75005)

5 years, 10 months

1
0
0 / 0

[JBoss JIRA] (ELY-1618) TLS with BCJSSE Provider does not work

by Martin Choma (JIRA)

[ https://issues.jboss.org/browse/ELY-1618?page=com.atlassian.jira.plugin.s... ] Martin Choma updated ELY-1618: ------------------------------ Steps to Reproduce: * drop two bc fips jars into java.home/jre/lib/ext ** bc-fips-1.0.1.jar ** bctls-fips-1.0.5.jar * install bc fips in java.security security.provider.1=org.bouncycastle.jcajce.provider.BouncyCastleFipsProvider security.provider.2=org.bouncycastle.jsse.provider.BouncyCastleJsseProvider fips:BCFIPS security.provider.3=sun.security.provider.Sun * remove openssl provider from standalone.xml ** /subsystem=elytron:write-attribute(name=final-providers,value=elytron) was: * drop two bc fips jars into ${java.home}\/jre\/lib\/ext ** bc-fips-1.0.1.jar ** bctls-fips-1.0.5.jar * install bc fips in java.security security.provider.1=org.bouncycastle.jcajce.provider.BouncyCastleFipsProvider security.provider.2=org.bouncycastle.jsse.provider.BouncyCastleJsseProvider fips:BCFIPS security.provider.3=sun.security.provider.Sun * remove openssl provider from standalone.xml ** /subsystem=elytron:write-attribute(name=final-providers,value=elytron) > TLS with BCJSSE Provider does not work > -------------------------------------- > > Key: ELY-1618 > URL: https://issues.jboss.org/browse/ELY-1618 > Project: WildFly Elytron > Issue Type: Bug > Components: SSL > Affects Versions: 1.4.0.Final > Reporter: Martin Choma > Assignee: Farah Juma > Priority: Blocker > Attachments: standalone.v29.xml > > > When I configure BouncyCastleJsseProvider to by only possible provider providing TLS TLS does not work with exception > {code} > 14:07:53,905 TRACE [org.wildfly.security] (MSC service thread 1-4) No SSLContext provided by providers in SSLUtils: [BCFIPS version 1.01, BCJSSE version 1.0005, SUN version 1.8, ApacheXMLDSig version 2.11, SunJCE version 1.8, TLSP version 1.0, WildFlyElytron version 1.0] > 14:07:53,906 ERROR [org.jboss.msc.service.fail] (MSC service thread 1-4) MSC000001: Failed to start service org.wildfly.security.ssl-context.test-server-ssl-context: org.jboss.msc.service.StartException in service org.wildfly.security.ssl-context.test-server-ssl-context: java.security.NoSuchAlgorithmException: ELY04001: No algorithm found matching TLS/SSL protocol selection criteria > at org.wildfly.extension.elytron.SSLDefinitions$6.lambda$getValueSupplier$1(SSLDefinitions.java:926) > at org.wildfly.extension.elytron.TrivialService.start(TrivialService.java:53) > at org.jboss.msc.service.ServiceControllerImpl$StartTask.startService(ServiceControllerImpl.java:1736) > at org.jboss.msc.service.ServiceControllerImpl$StartTask.execute(ServiceControllerImpl.java:1698) > at org.jboss.msc.service.ServiceControllerImpl$ControllerTask.run(ServiceControllerImpl.java:1556) > at org.jboss.threads.ContextClassLoaderSavingRunnable.run(ContextClassLoaderSavingRunnable.java:35) > at org.jboss.threads.EnhancedQueueExecutor.safeRun(EnhancedQueueExecutor.java:1985) > at org.jboss.threads.EnhancedQueueExecutor$ThreadBody.doRunTask(EnhancedQueueExecutor.java:1487) > at org.jboss.threads.EnhancedQueueExecutor$ThreadBody.run(EnhancedQueueExecutor.java:1378) > at java.lang.Thread.run(Thread.java:748) > Caused by: java.security.NoSuchAlgorithmException: ELY04001: No algorithm found matching TLS/SSL protocol selection criteria > at org.wildfly.security.ssl.SSLUtils.throwIt(SSLUtils.java:142) > at org.wildfly.security.ssl.SSLContextBuilder.lambda$build$0(SSLContextBuilder.java:340) > at org.wildfly.security.OneTimeSecurityFactory.create(OneTimeSecurityFactory.java:53) > at org.wildfly.extension.elytron.SSLDefinitions$6.lambda$getValueSupplier$1(SSLDefinitions.java:924) > ... 9 more > 14:07:53,910 ERROR [org.jboss.as.controller.management-operation] (management-handler-thread - 1) WFLYCTL0013: Operation ("add") failed - address: ([ > ("subsystem" => "elytron"), > ("server-ssl-context" => "test-server-ssl-context") > ]) - failure description: {"WFLYCTL0080: Failed services" => {"org.wildfly.security.ssl-context.test-server-ssl-context" => "java.security.NoSuchAlgorithmException: ELY04001: No algorithm found matching TLS/SSL protocol selection criteria > Caused by: java.security.NoSuchAlgorithmException: ELY04001: No algorithm found matching TLS/SSL protocol selection criteria"}} > {code} > After debugging it seems problem is this: > Supported protocols resolved from BCJSSE version 1.0005 are [TLS, TLSV1, TLSV1.2, DEFAULT, TLSV1.1] > Whereas Elytron class org.wildfly.security.ssl.Protocol use constants TLSv1, TLSv1.1, TLSv1.2, ... It means lower case "v" > And thus ProtocolSelector.evaluate does return empty set. > Possible solution to this particular problem will be make Protocol case insensitive. It means define enum constants in upper case and adjust methods to use .toUpperCase(). But I am probably not aware of all consequences of such change. -- This message was sent by Atlassian JIRA (v7.5.0#75005)

5 years, 10 months

1
0
0 / 0

[JBoss JIRA] (ELY-1618) TLS with BCJSSE Provider does not work

by Martin Choma (JIRA)

[ https://issues.jboss.org/browse/ELY-1618?page=com.atlassian.jira.plugin.s... ] Martin Choma updated ELY-1618: ------------------------------ Attachment: standalone.v29.xml > TLS with BCJSSE Provider does not work > -------------------------------------- > > Key: ELY-1618 > URL: https://issues.jboss.org/browse/ELY-1618 > Project: WildFly Elytron > Issue Type: Bug > Components: SSL > Affects Versions: 1.4.0.Final > Reporter: Martin Choma > Assignee: Farah Juma > Priority: Blocker > Attachments: standalone.v29.xml > > > When I configure BouncyCastleJsseProvider to by only possible provider providing TLS TLS does not work with exception > {code} > 14:07:53,905 TRACE [org.wildfly.security] (MSC service thread 1-4) No SSLContext provided by providers in SSLUtils: [BCFIPS version 1.01, BCJSSE version 1.0005, SUN version 1.8, ApacheXMLDSig version 2.11, SunJCE version 1.8, TLSP version 1.0, WildFlyElytron version 1.0] > 14:07:53,906 ERROR [org.jboss.msc.service.fail] (MSC service thread 1-4) MSC000001: Failed to start service org.wildfly.security.ssl-context.test-server-ssl-context: org.jboss.msc.service.StartException in service org.wildfly.security.ssl-context.test-server-ssl-context: java.security.NoSuchAlgorithmException: ELY04001: No algorithm found matching TLS/SSL protocol selection criteria > at org.wildfly.extension.elytron.SSLDefinitions$6.lambda$getValueSupplier$1(SSLDefinitions.java:926) > at org.wildfly.extension.elytron.TrivialService.start(TrivialService.java:53) > at org.jboss.msc.service.ServiceControllerImpl$StartTask.startService(ServiceControllerImpl.java:1736) > at org.jboss.msc.service.ServiceControllerImpl$StartTask.execute(ServiceControllerImpl.java:1698) > at org.jboss.msc.service.ServiceControllerImpl$ControllerTask.run(ServiceControllerImpl.java:1556) > at org.jboss.threads.ContextClassLoaderSavingRunnable.run(ContextClassLoaderSavingRunnable.java:35) > at org.jboss.threads.EnhancedQueueExecutor.safeRun(EnhancedQueueExecutor.java:1985) > at org.jboss.threads.EnhancedQueueExecutor$ThreadBody.doRunTask(EnhancedQueueExecutor.java:1487) > at org.jboss.threads.EnhancedQueueExecutor$ThreadBody.run(EnhancedQueueExecutor.java:1378) > at java.lang.Thread.run(Thread.java:748) > Caused by: java.security.NoSuchAlgorithmException: ELY04001: No algorithm found matching TLS/SSL protocol selection criteria > at org.wildfly.security.ssl.SSLUtils.throwIt(SSLUtils.java:142) > at org.wildfly.security.ssl.SSLContextBuilder.lambda$build$0(SSLContextBuilder.java:340) > at org.wildfly.security.OneTimeSecurityFactory.create(OneTimeSecurityFactory.java:53) > at org.wildfly.extension.elytron.SSLDefinitions$6.lambda$getValueSupplier$1(SSLDefinitions.java:924) > ... 9 more > 14:07:53,910 ERROR [org.jboss.as.controller.management-operation] (management-handler-thread - 1) WFLYCTL0013: Operation ("add") failed - address: ([ > ("subsystem" => "elytron"), > ("server-ssl-context" => "test-server-ssl-context") > ]) - failure description: {"WFLYCTL0080: Failed services" => {"org.wildfly.security.ssl-context.test-server-ssl-context" => "java.security.NoSuchAlgorithmException: ELY04001: No algorithm found matching TLS/SSL protocol selection criteria > Caused by: java.security.NoSuchAlgorithmException: ELY04001: No algorithm found matching TLS/SSL protocol selection criteria"}} > {code} > After debugging it seems problem is this: > Supported protocols resolved from BCJSSE version 1.0005 are [TLS, TLSV1, TLSV1.2, DEFAULT, TLSV1.1] > Whereas Elytron class org.wildfly.security.ssl.Protocol use constants TLSv1, TLSv1.1, TLSv1.2, ... It means lower case "v" > And thus ProtocolSelector.evaluate does return empty set. > Possible solution to this particular problem will be make Protocol case insensitive. It means define enum constants in upper case and adjust methods to use .toUpperCase(). But I am probably not aware of all consequences of such change. -- This message was sent by Atlassian JIRA (v7.5.0#75005)

5 years, 10 months

1
0
0 / 0

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

jboss-jira July 2018