July 2018 - jboss-jira - Jboss List Archives

[JBoss JIRA] (WFCORE-3981) Upgrade jboss-logging from 3.3.1.Final to 3.3.2.Final

by James Perkins (JIRA)

James Perkins created WFCORE-3981: ------------------------------------- Summary: Upgrade jboss-logging from 3.3.1.Final to 3.3.2.Final Key: WFCORE-3981 URL: https://issues.jboss.org/browse/WFCORE-3981 Project: WildFly Core Issue Type: Component Upgrade Components: Logging Reporter: James Perkins Assignee: James Perkins Version 3.3.2.Final was release which added support for the {{Automatic-Module-Name}} manifest entry. This should be integrated into WildFly. Diff: https://github.com/jboss-logging/jboss-logging/compare/3.3.1.Final...3.3.... -- This message was sent by Atlassian JIRA (v7.5.0#75005)

7 years, 9 months

1
0
0 / 0

[JBoss JIRA] (ELY-1618) TLS with BCJSSE Provider does not work

by Martin Choma (JIRA)

[ https://issues.jboss.org/browse/ELY-1618?page=com.atlassian.jira.plugin.s... ] Martin Choma updated ELY-1618: ------------------------------ Steps to Reproduce: * drop two bc fips jars into java.home/jre/lib/ext ** bc-fips-1.0.1.jar ** bctls-fips-1.0.5.jar * install bc fips in java.security {code} security.provider.1=org.bouncycastle.jcajce.provider.BouncyCastleFipsProvider security.provider.2=org.bouncycastle.jsse.provider.BouncyCastleJsseProvider fips:BCFIPS security.provider.3=sun.security.provider.Sun {code} * remove openssl provider from standalone.xml ** /subsystem=elytron:write-attribute(name=final-providers,value=elytron) * create BCFKS keystore ** keytool, -genkeypair, -alias, appserver, -keyalg, RSA, -keysize, 2048, -keypass, password, -keystore, /home/mchoma/git-repo/tests-security/fips/target/bc-workdir/keystore.bcfks, -provider, org.bouncycastle.jcajce.provider.BouncyCastleFipsProvider, -providerpath, /home/mchoma/.m2/repository/org/bouncycastle/fips/bc-fips/1.0.1/bc-fips-1.0.1.jar, -storetype, BCFKS, -storepass, password, -dname, CN=appserver,OU=QE,O=Redhat,L=Brno,ST=CR,C=CZ, -validity, 730, -v * configure undertow with tls ** /subsystem=elytron/key-store=key-store-name_server-ssl-context:add(name=key-store-name_server-ssl-context, type=BCFKS, credential-reference={clear-text => password}, path=/home/mchoma/git-repo/tests-security/fips/target/bc-workdir/keystore.bcfks ** /subsystem=elytron/key-manager=key-manager-name_server-ssl-context:add(key-store=key-store-name_server-ssl-context, credential-reference={clear-text => password}, algorithm=X509) ** /subsystem=elytron/server-ssl-context=server-ssl-context:add(key-manager=key-manager-name_server-ssl-context, cipher-suite-filter=TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA,TLS_DHE_DSS_WITH_AES_128_CBC_SHA,TLS_DHE_DSS_WITH_AES_128_CBC_SHA256,TLS_DHE_DSS_WITH_AES_256_CBC_SHA,TLS_DHE_DSS_WITH_AES_256_CBC_SHA256,TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA,TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256,TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384,TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,TLS_RSA_WITH_3DES_EDE_CBC_SHA,TLS_RSA_WITH_AES_128_CBC_SHA,TLS_RSA_WITH_AES_128_CBC_SHA256,TLS_RSA_WITH_AES_256_CBC_SHA,TLS_RSA_WITH_AES_256_CBC_SHA256, protocols=[TLSv1.2], need-client-auth=false) ** /subsystem=undertow/server=default-server/https-listener=https-listener:write-attribute(name=ssl-context, value=server-ssl-context) was: * drop two bc fips jars into java.home/jre/lib/ext ** bc-fips-1.0.1.jar ** bctls-fips-1.0.5.jar * install bc fips in java.security {code} security.provider.1=org.bouncycastle.jcajce.provider.BouncyCastleFipsProvider security.provider.2=org.bouncycastle.jsse.provider.BouncyCastleJsseProvider fips:BCFIPS security.provider.3=sun.security.provider.Sun {code} * remove openssl provider from standalone.xml ** /subsystem=elytron:write-attribute(name=final-providers,value=elytron) * create BCFKS keystore ** keytool, -genkeypair, -alias, appserver, -keyalg, RSA, -keysize, 2048, -keypass, password, -keystore, /home/mchoma/git-repo/tests-security/fips/target/bc-workdir/keystore.bcfks, -provider, org.bouncycastle.jcajce.provider.BouncyCastleFipsProvider, -providerpath, /home/mchoma/.m2/repository/org/bouncycastle/fips/bc-fips/1.0.1/bc-fips-1.0.1.jar, -storetype, BCFKS, -storepass, password, -dname, CN=appserver,OU=QE,O=Redhat,L=Brno,ST=CR,C=CZ, -validity, 730, -v * configure undertow with tls **/subsystem=elytron/key-store=key-store-name_server-ssl-context:add(name=key-store-name_server-ssl-context, type=BCFKS, credential-reference={clear-text => password}, path=/home/mchoma/git-repo/tests-security/fips/target/bc-workdir/keystore.bcfks **/subsystem=elytron/key-manager=key-manager-name_server-ssl-context:add(key-store=key-store-name_server-ssl-context, credential-reference={clear-text => password}, algorithm=X509) **/subsystem=elytron/server-ssl-context=server-ssl-context:add(key-manager=key-manager-name_server-ssl-context, cipher-suite-filter=TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA,TLS_DHE_DSS_WITH_AES_128_CBC_SHA,TLS_DHE_DSS_WITH_AES_128_CBC_SHA256,TLS_DHE_DSS_WITH_AES_256_CBC_SHA,TLS_DHE_DSS_WITH_AES_256_CBC_SHA256,TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA,TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256,TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384,TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,TLS_RSA_WITH_3DES_EDE_CBC_SHA,TLS_RSA_WITH_AES_128_CBC_SHA,TLS_RSA_WITH_AES_128_CBC_SHA256,TLS_RSA_WITH_AES_256_CBC_SHA,TLS_RSA_WITH_AES_256_CBC_SHA256, protocols=[TLSv1.2], need-client-auth=false) **/subsystem=undertow/server=default-server/https-listener=https-listener:write-attribute(name=ssl-context, value=server-ssl-context) > TLS with BCJSSE Provider does not work > -------------------------------------- > > Key: ELY-1618 > URL: https://issues.jboss.org/browse/ELY-1618 > Project: WildFly Elytron > Issue Type: Bug > Components: SSL > Affects Versions: 1.4.0.Final > Reporter: Martin Choma > Assignee: Farah Juma > Priority: Blocker > Attachments: standalone.v29.xml > > > When I configure BouncyCastleJsseProvider to by only possible provider providing TLS TLS does not work with exception > {code} > 14:07:53,905 TRACE [org.wildfly.security] (MSC service thread 1-4) No SSLContext provided by providers in SSLUtils: [BCFIPS version 1.01, BCJSSE version 1.0005, SUN version 1.8, ApacheXMLDSig version 2.11, SunJCE version 1.8, TLSP version 1.0, WildFlyElytron version 1.0] > 14:07:53,906 ERROR [org.jboss.msc.service.fail] (MSC service thread 1-4) MSC000001: Failed to start service org.wildfly.security.ssl-context.test-server-ssl-context: org.jboss.msc.service.StartException in service org.wildfly.security.ssl-context.test-server-ssl-context: java.security.NoSuchAlgorithmException: ELY04001: No algorithm found matching TLS/SSL protocol selection criteria > at org.wildfly.extension.elytron.SSLDefinitions$6.lambda$getValueSupplier$1(SSLDefinitions.java:926) > at org.wildfly.extension.elytron.TrivialService.start(TrivialService.java:53) > at org.jboss.msc.service.ServiceControllerImpl$StartTask.startService(ServiceControllerImpl.java:1736) > at org.jboss.msc.service.ServiceControllerImpl$StartTask.execute(ServiceControllerImpl.java:1698) > at org.jboss.msc.service.ServiceControllerImpl$ControllerTask.run(ServiceControllerImpl.java:1556) > at org.jboss.threads.ContextClassLoaderSavingRunnable.run(ContextClassLoaderSavingRunnable.java:35) > at org.jboss.threads.EnhancedQueueExecutor.safeRun(EnhancedQueueExecutor.java:1985) > at org.jboss.threads.EnhancedQueueExecutor$ThreadBody.doRunTask(EnhancedQueueExecutor.java:1487) > at org.jboss.threads.EnhancedQueueExecutor$ThreadBody.run(EnhancedQueueExecutor.java:1378) > at java.lang.Thread.run(Thread.java:748) > Caused by: java.security.NoSuchAlgorithmException: ELY04001: No algorithm found matching TLS/SSL protocol selection criteria > at org.wildfly.security.ssl.SSLUtils.throwIt(SSLUtils.java:142) > at org.wildfly.security.ssl.SSLContextBuilder.lambda$build$0(SSLContextBuilder.java:340) > at org.wildfly.security.OneTimeSecurityFactory.create(OneTimeSecurityFactory.java:53) > at org.wildfly.extension.elytron.SSLDefinitions$6.lambda$getValueSupplier$1(SSLDefinitions.java:924) > ... 9 more > 14:07:53,910 ERROR [org.jboss.as.controller.management-operation] (management-handler-thread - 1) WFLYCTL0013: Operation ("add") failed - address: ([ > ("subsystem" => "elytron"), > ("server-ssl-context" => "test-server-ssl-context") > ]) - failure description: {"WFLYCTL0080: Failed services" => {"org.wildfly.security.ssl-context.test-server-ssl-context" => "java.security.NoSuchAlgorithmException: ELY04001: No algorithm found matching TLS/SSL protocol selection criteria > Caused by: java.security.NoSuchAlgorithmException: ELY04001: No algorithm found matching TLS/SSL protocol selection criteria"}} > {code} > After debugging it seems problem is this: > Supported protocols resolved from BCJSSE version 1.0005 are [TLS, TLSV1, TLSV1.2, DEFAULT, TLSV1.1] > Whereas Elytron class org.wildfly.security.ssl.Protocol use constants TLSv1, TLSv1.1, TLSv1.2, ... It means lower case "v" > And thus ProtocolSelector.evaluate does return empty set. > Possible solution to this particular problem will be make Protocol case insensitive. It means define enum constants in upper case and adjust methods to use .toUpperCase(). But I am probably not aware of all consequences of such change. -- This message was sent by Atlassian JIRA (v7.5.0#75005)

7 years, 9 months

1
0
0 / 0

[JBoss JIRA] (ELY-1618) TLS with BCJSSE Provider does not work

by Martin Choma (JIRA)

[ https://issues.jboss.org/browse/ELY-1618?page=com.atlassian.jira.plugin.s... ] Martin Choma updated ELY-1618: ------------------------------ Steps to Reproduce: * drop two bc fips jars into java.home/jre/lib/ext ** bc-fips-1.0.1.jar ** bctls-fips-1.0.5.jar * install bc fips in java.security {code} security.provider.1=org.bouncycastle.jcajce.provider.BouncyCastleFipsProvider security.provider.2=org.bouncycastle.jsse.provider.BouncyCastleJsseProvider fips:BCFIPS security.provider.3=sun.security.provider.Sun {code} * remove openssl provider from standalone.xml ** /subsystem=elytron:write-attribute(name=final-providers,value=elytron) * create BCFKS keystore ** keytool, -genkeypair, -alias, appserver, -keyalg, RSA, -keysize, 2048, -keypass, password, -keystore, /home/mchoma/git-repo/tests-security/fips/target/bc-workdir/keystore.bcfks, -provider, org.bouncycastle.jcajce.provider.BouncyCastleFipsProvider, -providerpath, /home/mchoma/.m2/repository/org/bouncycastle/fips/bc-fips/1.0.1/bc-fips-1.0.1.jar, -storetype, BCFKS, -storepass, password, -dname, CN=appserver,OU=QE,O=Redhat,L=Brno,ST=CR,C=CZ, -validity, 730, -v * create server ssl context ** /subsystem=elytron/key-store=key-store-name_server-ssl-context:add(name=key-store-name_server-ssl-context, type=BCFKS, credential-reference={clear-text => password}, path=/home/mchoma/git-repo/tests-security/fips/target/bc-workdir/keystore.bcfks ** /subsystem=elytron/key-manager=key-manager-name_server-ssl-context:add(key-store=key-store-name_server-ssl-context, credential-reference={clear-text => password}, algorithm=X509) ** /subsystem=elytron/server-ssl-context=server-ssl-context:add(key-manager=key-manager-name_server-ssl-context, cipher-suite-filter=TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA,TLS_DHE_DSS_WITH_AES_128_CBC_SHA,TLS_DHE_DSS_WITH_AES_128_CBC_SHA256,TLS_DHE_DSS_WITH_AES_256_CBC_SHA,TLS_DHE_DSS_WITH_AES_256_CBC_SHA256,TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA,TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256,TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384,TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,TLS_RSA_WITH_3DES_EDE_CBC_SHA,TLS_RSA_WITH_AES_128_CBC_SHA,TLS_RSA_WITH_AES_128_CBC_SHA256,TLS_RSA_WITH_AES_256_CBC_SHA,TLS_RSA_WITH_AES_256_CBC_SHA256, protocols=[TLSv1.2], need-client-auth=false) ** /subsystem=undertow/server=default-server/https-listener=https-listener:write-attribute(name=ssl-context, value=server-ssl-context) was: * drop two bc fips jars into java.home/jre/lib/ext ** bc-fips-1.0.1.jar ** bctls-fips-1.0.5.jar * install bc fips in java.security {code} security.provider.1=org.bouncycastle.jcajce.provider.BouncyCastleFipsProvider security.provider.2=org.bouncycastle.jsse.provider.BouncyCastleJsseProvider fips:BCFIPS security.provider.3=sun.security.provider.Sun {code} * remove openssl provider from standalone.xml ** /subsystem=elytron:write-attribute(name=final-providers,value=elytron) > TLS with BCJSSE Provider does not work > -------------------------------------- > > Key: ELY-1618 > URL: https://issues.jboss.org/browse/ELY-1618 > Project: WildFly Elytron > Issue Type: Bug > Components: SSL > Affects Versions: 1.4.0.Final > Reporter: Martin Choma > Assignee: Farah Juma > Priority: Blocker > Attachments: standalone.v29.xml > > > When I configure BouncyCastleJsseProvider to by only possible provider providing TLS TLS does not work with exception > {code} > 14:07:53,905 TRACE [org.wildfly.security] (MSC service thread 1-4) No SSLContext provided by providers in SSLUtils: [BCFIPS version 1.01, BCJSSE version 1.0005, SUN version 1.8, ApacheXMLDSig version 2.11, SunJCE version 1.8, TLSP version 1.0, WildFlyElytron version 1.0] > 14:07:53,906 ERROR [org.jboss.msc.service.fail] (MSC service thread 1-4) MSC000001: Failed to start service org.wildfly.security.ssl-context.test-server-ssl-context: org.jboss.msc.service.StartException in service org.wildfly.security.ssl-context.test-server-ssl-context: java.security.NoSuchAlgorithmException: ELY04001: No algorithm found matching TLS/SSL protocol selection criteria > at org.wildfly.extension.elytron.SSLDefinitions$6.lambda$getValueSupplier$1(SSLDefinitions.java:926) > at org.wildfly.extension.elytron.TrivialService.start(TrivialService.java:53) > at org.jboss.msc.service.ServiceControllerImpl$StartTask.startService(ServiceControllerImpl.java:1736) > at org.jboss.msc.service.ServiceControllerImpl$StartTask.execute(ServiceControllerImpl.java:1698) > at org.jboss.msc.service.ServiceControllerImpl$ControllerTask.run(ServiceControllerImpl.java:1556) > at org.jboss.threads.ContextClassLoaderSavingRunnable.run(ContextClassLoaderSavingRunnable.java:35) > at org.jboss.threads.EnhancedQueueExecutor.safeRun(EnhancedQueueExecutor.java:1985) > at org.jboss.threads.EnhancedQueueExecutor$ThreadBody.doRunTask(EnhancedQueueExecutor.java:1487) > at org.jboss.threads.EnhancedQueueExecutor$ThreadBody.run(EnhancedQueueExecutor.java:1378) > at java.lang.Thread.run(Thread.java:748) > Caused by: java.security.NoSuchAlgorithmException: ELY04001: No algorithm found matching TLS/SSL protocol selection criteria > at org.wildfly.security.ssl.SSLUtils.throwIt(SSLUtils.java:142) > at org.wildfly.security.ssl.SSLContextBuilder.lambda$build$0(SSLContextBuilder.java:340) > at org.wildfly.security.OneTimeSecurityFactory.create(OneTimeSecurityFactory.java:53) > at org.wildfly.extension.elytron.SSLDefinitions$6.lambda$getValueSupplier$1(SSLDefinitions.java:924) > ... 9 more > 14:07:53,910 ERROR [org.jboss.as.controller.management-operation] (management-handler-thread - 1) WFLYCTL0013: Operation ("add") failed - address: ([ > ("subsystem" => "elytron"), > ("server-ssl-context" => "test-server-ssl-context") > ]) - failure description: {"WFLYCTL0080: Failed services" => {"org.wildfly.security.ssl-context.test-server-ssl-context" => "java.security.NoSuchAlgorithmException: ELY04001: No algorithm found matching TLS/SSL protocol selection criteria > Caused by: java.security.NoSuchAlgorithmException: ELY04001: No algorithm found matching TLS/SSL protocol selection criteria"}} > {code} > After debugging it seems problem is this: > Supported protocols resolved from BCJSSE version 1.0005 are [TLS, TLSV1, TLSV1.2, DEFAULT, TLSV1.1] > Whereas Elytron class org.wildfly.security.ssl.Protocol use constants TLSv1, TLSv1.1, TLSv1.2, ... It means lower case "v" > And thus ProtocolSelector.evaluate does return empty set. > Possible solution to this particular problem will be make Protocol case insensitive. It means define enum constants in upper case and adjust methods to use .toUpperCase(). But I am probably not aware of all consequences of such change. -- This message was sent by Atlassian JIRA (v7.5.0#75005)

7 years, 9 months

1
0
0 / 0

[JBoss JIRA] (ELY-1618) TLS with BCJSSE Provider does not work

by Martin Choma (JIRA)

[ https://issues.jboss.org/browse/ELY-1618?page=com.atlassian.jira.plugin.s... ] Martin Choma updated ELY-1618: ------------------------------ Steps to Reproduce: * drop two bc fips jars into java.home/jre/lib/ext ** bc-fips-1.0.1.jar ** bctls-fips-1.0.5.jar * install bc fips in java.security {code} security.provider.1=org.bouncycastle.jcajce.provider.BouncyCastleFipsProvider security.provider.2=org.bouncycastle.jsse.provider.BouncyCastleJsseProvider fips:BCFIPS security.provider.3=sun.security.provider.Sun {code} * remove openssl provider from standalone.xml ** /subsystem=elytron:write-attribute(name=final-providers,value=elytron) * create BCFKS keystore ** keytool, -genkeypair, -alias, appserver, -keyalg, RSA, -keysize, 2048, -keypass, password, -keystore, /home/mchoma/git-repo/tests-security/fips/target/bc-workdir/keystore.bcfks, -provider, org.bouncycastle.jcajce.provider.BouncyCastleFipsProvider, -providerpath, /home/mchoma/.m2/repository/org/bouncycastle/fips/bc-fips/1.0.1/bc-fips-1.0.1.jar, -storetype, BCFKS, -storepass, password, -dname, CN=appserver,OU=QE,O=Redhat,L=Brno,ST=CR,C=CZ, -validity, 730, -v * configure undertow with tls **/subsystem=elytron/key-store=key-store-name_server-ssl-context:add(name=key-store-name_server-ssl-context, type=BCFKS, credential-reference={clear-text => password}, path=/home/mchoma/git-repo/tests-security/fips/target/bc-workdir/keystore.bcfks **/subsystem=elytron/key-manager=key-manager-name_server-ssl-context:add(key-store=key-store-name_server-ssl-context, credential-reference={clear-text => password}, algorithm=X509) **/subsystem=elytron/server-ssl-context=server-ssl-context:add(key-manager=key-manager-name_server-ssl-context, cipher-suite-filter=TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA,TLS_DHE_DSS_WITH_AES_128_CBC_SHA,TLS_DHE_DSS_WITH_AES_128_CBC_SHA256,TLS_DHE_DSS_WITH_AES_256_CBC_SHA,TLS_DHE_DSS_WITH_AES_256_CBC_SHA256,TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA,TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256,TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384,TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,TLS_RSA_WITH_3DES_EDE_CBC_SHA,TLS_RSA_WITH_AES_128_CBC_SHA,TLS_RSA_WITH_AES_128_CBC_SHA256,TLS_RSA_WITH_AES_256_CBC_SHA,TLS_RSA_WITH_AES_256_CBC_SHA256, protocols=[TLSv1.2], need-client-auth=false) **/subsystem=undertow/server=default-server/https-listener=https-listener:write-attribute(name=ssl-context, value=server-ssl-context) was: * drop two bc fips jars into java.home/jre/lib/ext ** bc-fips-1.0.1.jar ** bctls-fips-1.0.5.jar * install bc fips in java.security {code} security.provider.1=org.bouncycastle.jcajce.provider.BouncyCastleFipsProvider security.provider.2=org.bouncycastle.jsse.provider.BouncyCastleJsseProvider fips:BCFIPS security.provider.3=sun.security.provider.Sun {code} * remove openssl provider from standalone.xml ** /subsystem=elytron:write-attribute(name=final-providers,value=elytron) * create BCFKS keystore ** keytool, -genkeypair, -alias, appserver, -keyalg, RSA, -keysize, 2048, -keypass, password, -keystore, /home/mchoma/git-repo/tests-security/fips/target/bc-workdir/keystore.bcfks, -provider, org.bouncycastle.jcajce.provider.BouncyCastleFipsProvider, -providerpath, /home/mchoma/.m2/repository/org/bouncycastle/fips/bc-fips/1.0.1/bc-fips-1.0.1.jar, -storetype, BCFKS, -storepass, password, -dname, CN=appserver,OU=QE,O=Redhat,L=Brno,ST=CR,C=CZ, -validity, 730, -v * create server ssl context ** /subsystem=elytron/key-store=key-store-name_server-ssl-context:add(name=key-store-name_server-ssl-context, type=BCFKS, credential-reference={clear-text => password}, path=/home/mchoma/git-repo/tests-security/fips/target/bc-workdir/keystore.bcfks ** /subsystem=elytron/key-manager=key-manager-name_server-ssl-context:add(key-store=key-store-name_server-ssl-context, credential-reference={clear-text => password}, algorithm=X509) ** /subsystem=elytron/server-ssl-context=server-ssl-context:add(key-manager=key-manager-name_server-ssl-context, cipher-suite-filter=TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA,TLS_DHE_DSS_WITH_AES_128_CBC_SHA,TLS_DHE_DSS_WITH_AES_128_CBC_SHA256,TLS_DHE_DSS_WITH_AES_256_CBC_SHA,TLS_DHE_DSS_WITH_AES_256_CBC_SHA256,TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA,TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256,TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384,TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,TLS_RSA_WITH_3DES_EDE_CBC_SHA,TLS_RSA_WITH_AES_128_CBC_SHA,TLS_RSA_WITH_AES_128_CBC_SHA256,TLS_RSA_WITH_AES_256_CBC_SHA,TLS_RSA_WITH_AES_256_CBC_SHA256, protocols=[TLSv1.2], need-client-auth=false) ** /subsystem=undertow/server=default-server/https-listener=https-listener:write-attribute(name=ssl-context, value=server-ssl-context) > TLS with BCJSSE Provider does not work > -------------------------------------- > > Key: ELY-1618 > URL: https://issues.jboss.org/browse/ELY-1618 > Project: WildFly Elytron > Issue Type: Bug > Components: SSL > Affects Versions: 1.4.0.Final > Reporter: Martin Choma > Assignee: Farah Juma > Priority: Blocker > Attachments: standalone.v29.xml > > > When I configure BouncyCastleJsseProvider to by only possible provider providing TLS TLS does not work with exception > {code} > 14:07:53,905 TRACE [org.wildfly.security] (MSC service thread 1-4) No SSLContext provided by providers in SSLUtils: [BCFIPS version 1.01, BCJSSE version 1.0005, SUN version 1.8, ApacheXMLDSig version 2.11, SunJCE version 1.8, TLSP version 1.0, WildFlyElytron version 1.0] > 14:07:53,906 ERROR [org.jboss.msc.service.fail] (MSC service thread 1-4) MSC000001: Failed to start service org.wildfly.security.ssl-context.test-server-ssl-context: org.jboss.msc.service.StartException in service org.wildfly.security.ssl-context.test-server-ssl-context: java.security.NoSuchAlgorithmException: ELY04001: No algorithm found matching TLS/SSL protocol selection criteria > at org.wildfly.extension.elytron.SSLDefinitions$6.lambda$getValueSupplier$1(SSLDefinitions.java:926) > at org.wildfly.extension.elytron.TrivialService.start(TrivialService.java:53) > at org.jboss.msc.service.ServiceControllerImpl$StartTask.startService(ServiceControllerImpl.java:1736) > at org.jboss.msc.service.ServiceControllerImpl$StartTask.execute(ServiceControllerImpl.java:1698) > at org.jboss.msc.service.ServiceControllerImpl$ControllerTask.run(ServiceControllerImpl.java:1556) > at org.jboss.threads.ContextClassLoaderSavingRunnable.run(ContextClassLoaderSavingRunnable.java:35) > at org.jboss.threads.EnhancedQueueExecutor.safeRun(EnhancedQueueExecutor.java:1985) > at org.jboss.threads.EnhancedQueueExecutor$ThreadBody.doRunTask(EnhancedQueueExecutor.java:1487) > at org.jboss.threads.EnhancedQueueExecutor$ThreadBody.run(EnhancedQueueExecutor.java:1378) > at java.lang.Thread.run(Thread.java:748) > Caused by: java.security.NoSuchAlgorithmException: ELY04001: No algorithm found matching TLS/SSL protocol selection criteria > at org.wildfly.security.ssl.SSLUtils.throwIt(SSLUtils.java:142) > at org.wildfly.security.ssl.SSLContextBuilder.lambda$build$0(SSLContextBuilder.java:340) > at org.wildfly.security.OneTimeSecurityFactory.create(OneTimeSecurityFactory.java:53) > at org.wildfly.extension.elytron.SSLDefinitions$6.lambda$getValueSupplier$1(SSLDefinitions.java:924) > ... 9 more > 14:07:53,910 ERROR [org.jboss.as.controller.management-operation] (management-handler-thread - 1) WFLYCTL0013: Operation ("add") failed - address: ([ > ("subsystem" => "elytron"), > ("server-ssl-context" => "test-server-ssl-context") > ]) - failure description: {"WFLYCTL0080: Failed services" => {"org.wildfly.security.ssl-context.test-server-ssl-context" => "java.security.NoSuchAlgorithmException: ELY04001: No algorithm found matching TLS/SSL protocol selection criteria > Caused by: java.security.NoSuchAlgorithmException: ELY04001: No algorithm found matching TLS/SSL protocol selection criteria"}} > {code} > After debugging it seems problem is this: > Supported protocols resolved from BCJSSE version 1.0005 are [TLS, TLSV1, TLSV1.2, DEFAULT, TLSV1.1] > Whereas Elytron class org.wildfly.security.ssl.Protocol use constants TLSv1, TLSv1.1, TLSv1.2, ... It means lower case "v" > And thus ProtocolSelector.evaluate does return empty set. > Possible solution to this particular problem will be make Protocol case insensitive. It means define enum constants in upper case and adjust methods to use .toUpperCase(). But I am probably not aware of all consequences of such change. -- This message was sent by Atlassian JIRA (v7.5.0#75005)

7 years, 9 months

1
0
0 / 0

[JBoss JIRA] (ELY-1618) TLS with BCJSSE Provider does not work

by Martin Choma (JIRA)

[ https://issues.jboss.org/browse/ELY-1618?page=com.atlassian.jira.plugin.s... ] Martin Choma updated ELY-1618: ------------------------------ Steps to Reproduce: * drop two bc fips jars into java.home/jre/lib/ext ** bc-fips-1.0.1.jar ** bctls-fips-1.0.5.jar * install bc fips in java.security {code} security.provider.1=org.bouncycastle.jcajce.provider.BouncyCastleFipsProvider security.provider.2=org.bouncycastle.jsse.provider.BouncyCastleJsseProvider fips:BCFIPS security.provider.3=sun.security.provider.Sun {code} * remove openssl provider from standalone.xml ** /subsystem=elytron:write-attribute(name=final-providers,value=elytron) was: * drop two bc fips jars into java.home/jre/lib/ext ** bc-fips-1.0.1.jar ** bctls-fips-1.0.5.jar * install bc fips in java.security security.provider.1=org.bouncycastle.jcajce.provider.BouncyCastleFipsProvider security.provider.2=org.bouncycastle.jsse.provider.BouncyCastleJsseProvider fips:BCFIPS security.provider.3=sun.security.provider.Sun * remove openssl provider from standalone.xml ** /subsystem=elytron:write-attribute(name=final-providers,value=elytron) > TLS with BCJSSE Provider does not work > -------------------------------------- > > Key: ELY-1618 > URL: https://issues.jboss.org/browse/ELY-1618 > Project: WildFly Elytron > Issue Type: Bug > Components: SSL > Affects Versions: 1.4.0.Final > Reporter: Martin Choma > Assignee: Farah Juma > Priority: Blocker > Attachments: standalone.v29.xml > > > When I configure BouncyCastleJsseProvider to by only possible provider providing TLS TLS does not work with exception > {code} > 14:07:53,905 TRACE [org.wildfly.security] (MSC service thread 1-4) No SSLContext provided by providers in SSLUtils: [BCFIPS version 1.01, BCJSSE version 1.0005, SUN version 1.8, ApacheXMLDSig version 2.11, SunJCE version 1.8, TLSP version 1.0, WildFlyElytron version 1.0] > 14:07:53,906 ERROR [org.jboss.msc.service.fail] (MSC service thread 1-4) MSC000001: Failed to start service org.wildfly.security.ssl-context.test-server-ssl-context: org.jboss.msc.service.StartException in service org.wildfly.security.ssl-context.test-server-ssl-context: java.security.NoSuchAlgorithmException: ELY04001: No algorithm found matching TLS/SSL protocol selection criteria > at org.wildfly.extension.elytron.SSLDefinitions$6.lambda$getValueSupplier$1(SSLDefinitions.java:926) > at org.wildfly.extension.elytron.TrivialService.start(TrivialService.java:53) > at org.jboss.msc.service.ServiceControllerImpl$StartTask.startService(ServiceControllerImpl.java:1736) > at org.jboss.msc.service.ServiceControllerImpl$StartTask.execute(ServiceControllerImpl.java:1698) > at org.jboss.msc.service.ServiceControllerImpl$ControllerTask.run(ServiceControllerImpl.java:1556) > at org.jboss.threads.ContextClassLoaderSavingRunnable.run(ContextClassLoaderSavingRunnable.java:35) > at org.jboss.threads.EnhancedQueueExecutor.safeRun(EnhancedQueueExecutor.java:1985) > at org.jboss.threads.EnhancedQueueExecutor$ThreadBody.doRunTask(EnhancedQueueExecutor.java:1487) > at org.jboss.threads.EnhancedQueueExecutor$ThreadBody.run(EnhancedQueueExecutor.java:1378) > at java.lang.Thread.run(Thread.java:748) > Caused by: java.security.NoSuchAlgorithmException: ELY04001: No algorithm found matching TLS/SSL protocol selection criteria > at org.wildfly.security.ssl.SSLUtils.throwIt(SSLUtils.java:142) > at org.wildfly.security.ssl.SSLContextBuilder.lambda$build$0(SSLContextBuilder.java:340) > at org.wildfly.security.OneTimeSecurityFactory.create(OneTimeSecurityFactory.java:53) > at org.wildfly.extension.elytron.SSLDefinitions$6.lambda$getValueSupplier$1(SSLDefinitions.java:924) > ... 9 more > 14:07:53,910 ERROR [org.jboss.as.controller.management-operation] (management-handler-thread - 1) WFLYCTL0013: Operation ("add") failed - address: ([ > ("subsystem" => "elytron"), > ("server-ssl-context" => "test-server-ssl-context") > ]) - failure description: {"WFLYCTL0080: Failed services" => {"org.wildfly.security.ssl-context.test-server-ssl-context" => "java.security.NoSuchAlgorithmException: ELY04001: No algorithm found matching TLS/SSL protocol selection criteria > Caused by: java.security.NoSuchAlgorithmException: ELY04001: No algorithm found matching TLS/SSL protocol selection criteria"}} > {code} > After debugging it seems problem is this: > Supported protocols resolved from BCJSSE version 1.0005 are [TLS, TLSV1, TLSV1.2, DEFAULT, TLSV1.1] > Whereas Elytron class org.wildfly.security.ssl.Protocol use constants TLSv1, TLSv1.1, TLSv1.2, ... It means lower case "v" > And thus ProtocolSelector.evaluate does return empty set. > Possible solution to this particular problem will be make Protocol case insensitive. It means define enum constants in upper case and adjust methods to use .toUpperCase(). But I am probably not aware of all consequences of such change. -- This message was sent by Atlassian JIRA (v7.5.0#75005)

7 years, 9 months

1
0
0 / 0

[JBoss JIRA] (ELY-1618) TLS with BCJSSE Provider does not work

by Martin Choma (JIRA)

[ https://issues.jboss.org/browse/ELY-1618?page=com.atlassian.jira.plugin.s... ] Martin Choma updated ELY-1618: ------------------------------ Steps to Reproduce: * drop two bc fips jars into ${java.home}/jre/lib/ext ** bc-fips-1.0.1.jar ** bctls-fips-1.0.5.jar * install bc fips in java.security security.provider.1=org.bouncycastle.jcajce.provider.BouncyCastleFipsProvider security.provider.2=org.bouncycastle.jsse.provider.BouncyCastleJsseProvider fips:BCFIPS security.provider.3=sun.security.provider.Sun * remove openssl provider from standalone.xml ** /subsystem=elytron:write-attribute(name=final-providers,value=elytron) was: * install bc fips in java.security security.provider.1=org.bouncycastle.jcajce.provider.BouncyCastleFipsProvider security.provider.2=org.bouncycastle.jsse.provider.BouncyCastleJsseProvider fips:BCFIPS security.provider.3=sun.security.provider.Sun * remove openssl provider from standalone.xml * try TLS > TLS with BCJSSE Provider does not work > -------------------------------------- > > Key: ELY-1618 > URL: https://issues.jboss.org/browse/ELY-1618 > Project: WildFly Elytron > Issue Type: Bug > Components: SSL > Affects Versions: 1.4.0.Final > Reporter: Martin Choma > Assignee: Farah Juma > Priority: Blocker > Attachments: standalone.v29.xml > > > When I configure BouncyCastleJsseProvider to by only possible provider providing TLS TLS does not work with exception > {code} > 14:07:53,905 TRACE [org.wildfly.security] (MSC service thread 1-4) No SSLContext provided by providers in SSLUtils: [BCFIPS version 1.01, BCJSSE version 1.0005, SUN version 1.8, ApacheXMLDSig version 2.11, SunJCE version 1.8, TLSP version 1.0, WildFlyElytron version 1.0] > 14:07:53,906 ERROR [org.jboss.msc.service.fail] (MSC service thread 1-4) MSC000001: Failed to start service org.wildfly.security.ssl-context.test-server-ssl-context: org.jboss.msc.service.StartException in service org.wildfly.security.ssl-context.test-server-ssl-context: java.security.NoSuchAlgorithmException: ELY04001: No algorithm found matching TLS/SSL protocol selection criteria > at org.wildfly.extension.elytron.SSLDefinitions$6.lambda$getValueSupplier$1(SSLDefinitions.java:926) > at org.wildfly.extension.elytron.TrivialService.start(TrivialService.java:53) > at org.jboss.msc.service.ServiceControllerImpl$StartTask.startService(ServiceControllerImpl.java:1736) > at org.jboss.msc.service.ServiceControllerImpl$StartTask.execute(ServiceControllerImpl.java:1698) > at org.jboss.msc.service.ServiceControllerImpl$ControllerTask.run(ServiceControllerImpl.java:1556) > at org.jboss.threads.ContextClassLoaderSavingRunnable.run(ContextClassLoaderSavingRunnable.java:35) > at org.jboss.threads.EnhancedQueueExecutor.safeRun(EnhancedQueueExecutor.java:1985) > at org.jboss.threads.EnhancedQueueExecutor$ThreadBody.doRunTask(EnhancedQueueExecutor.java:1487) > at org.jboss.threads.EnhancedQueueExecutor$ThreadBody.run(EnhancedQueueExecutor.java:1378) > at java.lang.Thread.run(Thread.java:748) > Caused by: java.security.NoSuchAlgorithmException: ELY04001: No algorithm found matching TLS/SSL protocol selection criteria > at org.wildfly.security.ssl.SSLUtils.throwIt(SSLUtils.java:142) > at org.wildfly.security.ssl.SSLContextBuilder.lambda$build$0(SSLContextBuilder.java:340) > at org.wildfly.security.OneTimeSecurityFactory.create(OneTimeSecurityFactory.java:53) > at org.wildfly.extension.elytron.SSLDefinitions$6.lambda$getValueSupplier$1(SSLDefinitions.java:924) > ... 9 more > 14:07:53,910 ERROR [org.jboss.as.controller.management-operation] (management-handler-thread - 1) WFLYCTL0013: Operation ("add") failed - address: ([ > ("subsystem" => "elytron"), > ("server-ssl-context" => "test-server-ssl-context") > ]) - failure description: {"WFLYCTL0080: Failed services" => {"org.wildfly.security.ssl-context.test-server-ssl-context" => "java.security.NoSuchAlgorithmException: ELY04001: No algorithm found matching TLS/SSL protocol selection criteria > Caused by: java.security.NoSuchAlgorithmException: ELY04001: No algorithm found matching TLS/SSL protocol selection criteria"}} > {code} > After debugging it seems problem is this: > Supported protocols resolved from BCJSSE version 1.0005 are [TLS, TLSV1, TLSV1.2, DEFAULT, TLSV1.1] > Whereas Elytron class org.wildfly.security.ssl.Protocol use constants TLSv1, TLSv1.1, TLSv1.2, ... It means lower case "v" > And thus ProtocolSelector.evaluate does return empty set. > Possible solution to this particular problem will be make Protocol case insensitive. It means define enum constants in upper case and adjust methods to use .toUpperCase(). But I am probably not aware of all consequences of such change. -- This message was sent by Atlassian JIRA (v7.5.0#75005)

7 years, 9 months

1
0
0 / 0

[JBoss JIRA] (ELY-1618) TLS with BCJSSE Provider does not work

by Martin Choma (JIRA)

[ https://issues.jboss.org/browse/ELY-1618?page=com.atlassian.jira.plugin.s... ] Martin Choma updated ELY-1618: ------------------------------ Steps to Reproduce: * drop two bc fips jars into ${java.home}\/jre\/lib\/ext ** bc-fips-1.0.1.jar ** bctls-fips-1.0.5.jar * install bc fips in java.security security.provider.1=org.bouncycastle.jcajce.provider.BouncyCastleFipsProvider security.provider.2=org.bouncycastle.jsse.provider.BouncyCastleJsseProvider fips:BCFIPS security.provider.3=sun.security.provider.Sun * remove openssl provider from standalone.xml ** /subsystem=elytron:write-attribute(name=final-providers,value=elytron) was: * drop two bc fips jars into ${java.home}/jre/lib/ext ** bc-fips-1.0.1.jar ** bctls-fips-1.0.5.jar * install bc fips in java.security security.provider.1=org.bouncycastle.jcajce.provider.BouncyCastleFipsProvider security.provider.2=org.bouncycastle.jsse.provider.BouncyCastleJsseProvider fips:BCFIPS security.provider.3=sun.security.provider.Sun * remove openssl provider from standalone.xml ** /subsystem=elytron:write-attribute(name=final-providers,value=elytron) > TLS with BCJSSE Provider does not work > -------------------------------------- > > Key: ELY-1618 > URL: https://issues.jboss.org/browse/ELY-1618 > Project: WildFly Elytron > Issue Type: Bug > Components: SSL > Affects Versions: 1.4.0.Final > Reporter: Martin Choma > Assignee: Farah Juma > Priority: Blocker > Attachments: standalone.v29.xml > > > When I configure BouncyCastleJsseProvider to by only possible provider providing TLS TLS does not work with exception > {code} > 14:07:53,905 TRACE [org.wildfly.security] (MSC service thread 1-4) No SSLContext provided by providers in SSLUtils: [BCFIPS version 1.01, BCJSSE version 1.0005, SUN version 1.8, ApacheXMLDSig version 2.11, SunJCE version 1.8, TLSP version 1.0, WildFlyElytron version 1.0] > 14:07:53,906 ERROR [org.jboss.msc.service.fail] (MSC service thread 1-4) MSC000001: Failed to start service org.wildfly.security.ssl-context.test-server-ssl-context: org.jboss.msc.service.StartException in service org.wildfly.security.ssl-context.test-server-ssl-context: java.security.NoSuchAlgorithmException: ELY04001: No algorithm found matching TLS/SSL protocol selection criteria > at org.wildfly.extension.elytron.SSLDefinitions$6.lambda$getValueSupplier$1(SSLDefinitions.java:926) > at org.wildfly.extension.elytron.TrivialService.start(TrivialService.java:53) > at org.jboss.msc.service.ServiceControllerImpl$StartTask.startService(ServiceControllerImpl.java:1736) > at org.jboss.msc.service.ServiceControllerImpl$StartTask.execute(ServiceControllerImpl.java:1698) > at org.jboss.msc.service.ServiceControllerImpl$ControllerTask.run(ServiceControllerImpl.java:1556) > at org.jboss.threads.ContextClassLoaderSavingRunnable.run(ContextClassLoaderSavingRunnable.java:35) > at org.jboss.threads.EnhancedQueueExecutor.safeRun(EnhancedQueueExecutor.java:1985) > at org.jboss.threads.EnhancedQueueExecutor$ThreadBody.doRunTask(EnhancedQueueExecutor.java:1487) > at org.jboss.threads.EnhancedQueueExecutor$ThreadBody.run(EnhancedQueueExecutor.java:1378) > at java.lang.Thread.run(Thread.java:748) > Caused by: java.security.NoSuchAlgorithmException: ELY04001: No algorithm found matching TLS/SSL protocol selection criteria > at org.wildfly.security.ssl.SSLUtils.throwIt(SSLUtils.java:142) > at org.wildfly.security.ssl.SSLContextBuilder.lambda$build$0(SSLContextBuilder.java:340) > at org.wildfly.security.OneTimeSecurityFactory.create(OneTimeSecurityFactory.java:53) > at org.wildfly.extension.elytron.SSLDefinitions$6.lambda$getValueSupplier$1(SSLDefinitions.java:924) > ... 9 more > 14:07:53,910 ERROR [org.jboss.as.controller.management-operation] (management-handler-thread - 1) WFLYCTL0013: Operation ("add") failed - address: ([ > ("subsystem" => "elytron"), > ("server-ssl-context" => "test-server-ssl-context") > ]) - failure description: {"WFLYCTL0080: Failed services" => {"org.wildfly.security.ssl-context.test-server-ssl-context" => "java.security.NoSuchAlgorithmException: ELY04001: No algorithm found matching TLS/SSL protocol selection criteria > Caused by: java.security.NoSuchAlgorithmException: ELY04001: No algorithm found matching TLS/SSL protocol selection criteria"}} > {code} > After debugging it seems problem is this: > Supported protocols resolved from BCJSSE version 1.0005 are [TLS, TLSV1, TLSV1.2, DEFAULT, TLSV1.1] > Whereas Elytron class org.wildfly.security.ssl.Protocol use constants TLSv1, TLSv1.1, TLSv1.2, ... It means lower case "v" > And thus ProtocolSelector.evaluate does return empty set. > Possible solution to this particular problem will be make Protocol case insensitive. It means define enum constants in upper case and adjust methods to use .toUpperCase(). But I am probably not aware of all consequences of such change. -- This message was sent by Atlassian JIRA (v7.5.0#75005)

7 years, 9 months

1
0
0 / 0

[JBoss JIRA] (ELY-1618) TLS with BCJSSE Provider does not work

by Martin Choma (JIRA)

[ https://issues.jboss.org/browse/ELY-1618?page=com.atlassian.jira.plugin.s... ] Martin Choma updated ELY-1618: ------------------------------ Steps to Reproduce: * drop two bc fips jars into java.home/jre/lib/ext ** bc-fips-1.0.1.jar ** bctls-fips-1.0.5.jar * install bc fips in java.security security.provider.1=org.bouncycastle.jcajce.provider.BouncyCastleFipsProvider security.provider.2=org.bouncycastle.jsse.provider.BouncyCastleJsseProvider fips:BCFIPS security.provider.3=sun.security.provider.Sun * remove openssl provider from standalone.xml ** /subsystem=elytron:write-attribute(name=final-providers,value=elytron) was: * drop two bc fips jars into ${java.home}\/jre\/lib\/ext ** bc-fips-1.0.1.jar ** bctls-fips-1.0.5.jar * install bc fips in java.security security.provider.1=org.bouncycastle.jcajce.provider.BouncyCastleFipsProvider security.provider.2=org.bouncycastle.jsse.provider.BouncyCastleJsseProvider fips:BCFIPS security.provider.3=sun.security.provider.Sun * remove openssl provider from standalone.xml ** /subsystem=elytron:write-attribute(name=final-providers,value=elytron) > TLS with BCJSSE Provider does not work > -------------------------------------- > > Key: ELY-1618 > URL: https://issues.jboss.org/browse/ELY-1618 > Project: WildFly Elytron > Issue Type: Bug > Components: SSL > Affects Versions: 1.4.0.Final > Reporter: Martin Choma > Assignee: Farah Juma > Priority: Blocker > Attachments: standalone.v29.xml > > > When I configure BouncyCastleJsseProvider to by only possible provider providing TLS TLS does not work with exception > {code} > 14:07:53,905 TRACE [org.wildfly.security] (MSC service thread 1-4) No SSLContext provided by providers in SSLUtils: [BCFIPS version 1.01, BCJSSE version 1.0005, SUN version 1.8, ApacheXMLDSig version 2.11, SunJCE version 1.8, TLSP version 1.0, WildFlyElytron version 1.0] > 14:07:53,906 ERROR [org.jboss.msc.service.fail] (MSC service thread 1-4) MSC000001: Failed to start service org.wildfly.security.ssl-context.test-server-ssl-context: org.jboss.msc.service.StartException in service org.wildfly.security.ssl-context.test-server-ssl-context: java.security.NoSuchAlgorithmException: ELY04001: No algorithm found matching TLS/SSL protocol selection criteria > at org.wildfly.extension.elytron.SSLDefinitions$6.lambda$getValueSupplier$1(SSLDefinitions.java:926) > at org.wildfly.extension.elytron.TrivialService.start(TrivialService.java:53) > at org.jboss.msc.service.ServiceControllerImpl$StartTask.startService(ServiceControllerImpl.java:1736) > at org.jboss.msc.service.ServiceControllerImpl$StartTask.execute(ServiceControllerImpl.java:1698) > at org.jboss.msc.service.ServiceControllerImpl$ControllerTask.run(ServiceControllerImpl.java:1556) > at org.jboss.threads.ContextClassLoaderSavingRunnable.run(ContextClassLoaderSavingRunnable.java:35) > at org.jboss.threads.EnhancedQueueExecutor.safeRun(EnhancedQueueExecutor.java:1985) > at org.jboss.threads.EnhancedQueueExecutor$ThreadBody.doRunTask(EnhancedQueueExecutor.java:1487) > at org.jboss.threads.EnhancedQueueExecutor$ThreadBody.run(EnhancedQueueExecutor.java:1378) > at java.lang.Thread.run(Thread.java:748) > Caused by: java.security.NoSuchAlgorithmException: ELY04001: No algorithm found matching TLS/SSL protocol selection criteria > at org.wildfly.security.ssl.SSLUtils.throwIt(SSLUtils.java:142) > at org.wildfly.security.ssl.SSLContextBuilder.lambda$build$0(SSLContextBuilder.java:340) > at org.wildfly.security.OneTimeSecurityFactory.create(OneTimeSecurityFactory.java:53) > at org.wildfly.extension.elytron.SSLDefinitions$6.lambda$getValueSupplier$1(SSLDefinitions.java:924) > ... 9 more > 14:07:53,910 ERROR [org.jboss.as.controller.management-operation] (management-handler-thread - 1) WFLYCTL0013: Operation ("add") failed - address: ([ > ("subsystem" => "elytron"), > ("server-ssl-context" => "test-server-ssl-context") > ]) - failure description: {"WFLYCTL0080: Failed services" => {"org.wildfly.security.ssl-context.test-server-ssl-context" => "java.security.NoSuchAlgorithmException: ELY04001: No algorithm found matching TLS/SSL protocol selection criteria > Caused by: java.security.NoSuchAlgorithmException: ELY04001: No algorithm found matching TLS/SSL protocol selection criteria"}} > {code} > After debugging it seems problem is this: > Supported protocols resolved from BCJSSE version 1.0005 are [TLS, TLSV1, TLSV1.2, DEFAULT, TLSV1.1] > Whereas Elytron class org.wildfly.security.ssl.Protocol use constants TLSv1, TLSv1.1, TLSv1.2, ... It means lower case "v" > And thus ProtocolSelector.evaluate does return empty set. > Possible solution to this particular problem will be make Protocol case insensitive. It means define enum constants in upper case and adjust methods to use .toUpperCase(). But I am probably not aware of all consequences of such change. -- This message was sent by Atlassian JIRA (v7.5.0#75005)

7 years, 9 months

1
0
0 / 0

[JBoss JIRA] (ELY-1618) TLS with BCJSSE Provider does not work

by Martin Choma (JIRA)

[ https://issues.jboss.org/browse/ELY-1618?page=com.atlassian.jira.plugin.s... ] Martin Choma updated ELY-1618: ------------------------------ Attachment: standalone.v29.xml > TLS with BCJSSE Provider does not work > -------------------------------------- > > Key: ELY-1618 > URL: https://issues.jboss.org/browse/ELY-1618 > Project: WildFly Elytron > Issue Type: Bug > Components: SSL > Affects Versions: 1.4.0.Final > Reporter: Martin Choma > Assignee: Farah Juma > Priority: Blocker > Attachments: standalone.v29.xml > > > When I configure BouncyCastleJsseProvider to by only possible provider providing TLS TLS does not work with exception > {code} > 14:07:53,905 TRACE [org.wildfly.security] (MSC service thread 1-4) No SSLContext provided by providers in SSLUtils: [BCFIPS version 1.01, BCJSSE version 1.0005, SUN version 1.8, ApacheXMLDSig version 2.11, SunJCE version 1.8, TLSP version 1.0, WildFlyElytron version 1.0] > 14:07:53,906 ERROR [org.jboss.msc.service.fail] (MSC service thread 1-4) MSC000001: Failed to start service org.wildfly.security.ssl-context.test-server-ssl-context: org.jboss.msc.service.StartException in service org.wildfly.security.ssl-context.test-server-ssl-context: java.security.NoSuchAlgorithmException: ELY04001: No algorithm found matching TLS/SSL protocol selection criteria > at org.wildfly.extension.elytron.SSLDefinitions$6.lambda$getValueSupplier$1(SSLDefinitions.java:926) > at org.wildfly.extension.elytron.TrivialService.start(TrivialService.java:53) > at org.jboss.msc.service.ServiceControllerImpl$StartTask.startService(ServiceControllerImpl.java:1736) > at org.jboss.msc.service.ServiceControllerImpl$StartTask.execute(ServiceControllerImpl.java:1698) > at org.jboss.msc.service.ServiceControllerImpl$ControllerTask.run(ServiceControllerImpl.java:1556) > at org.jboss.threads.ContextClassLoaderSavingRunnable.run(ContextClassLoaderSavingRunnable.java:35) > at org.jboss.threads.EnhancedQueueExecutor.safeRun(EnhancedQueueExecutor.java:1985) > at org.jboss.threads.EnhancedQueueExecutor$ThreadBody.doRunTask(EnhancedQueueExecutor.java:1487) > at org.jboss.threads.EnhancedQueueExecutor$ThreadBody.run(EnhancedQueueExecutor.java:1378) > at java.lang.Thread.run(Thread.java:748) > Caused by: java.security.NoSuchAlgorithmException: ELY04001: No algorithm found matching TLS/SSL protocol selection criteria > at org.wildfly.security.ssl.SSLUtils.throwIt(SSLUtils.java:142) > at org.wildfly.security.ssl.SSLContextBuilder.lambda$build$0(SSLContextBuilder.java:340) > at org.wildfly.security.OneTimeSecurityFactory.create(OneTimeSecurityFactory.java:53) > at org.wildfly.extension.elytron.SSLDefinitions$6.lambda$getValueSupplier$1(SSLDefinitions.java:924) > ... 9 more > 14:07:53,910 ERROR [org.jboss.as.controller.management-operation] (management-handler-thread - 1) WFLYCTL0013: Operation ("add") failed - address: ([ > ("subsystem" => "elytron"), > ("server-ssl-context" => "test-server-ssl-context") > ]) - failure description: {"WFLYCTL0080: Failed services" => {"org.wildfly.security.ssl-context.test-server-ssl-context" => "java.security.NoSuchAlgorithmException: ELY04001: No algorithm found matching TLS/SSL protocol selection criteria > Caused by: java.security.NoSuchAlgorithmException: ELY04001: No algorithm found matching TLS/SSL protocol selection criteria"}} > {code} > After debugging it seems problem is this: > Supported protocols resolved from BCJSSE version 1.0005 are [TLS, TLSV1, TLSV1.2, DEFAULT, TLSV1.1] > Whereas Elytron class org.wildfly.security.ssl.Protocol use constants TLSv1, TLSv1.1, TLSv1.2, ... It means lower case "v" > And thus ProtocolSelector.evaluate does return empty set. > Possible solution to this particular problem will be make Protocol case insensitive. It means define enum constants in upper case and adjust methods to use .toUpperCase(). But I am probably not aware of all consequences of such change. -- This message was sent by Atlassian JIRA (v7.5.0#75005)

7 years, 9 months

1
0
0 / 0

[JBoss JIRA] (DROOLS-2794) [DMN Designer] Data-types: Support usage in grids

by Edson Tirelli (JIRA)

[ https://issues.jboss.org/browse/DROOLS-2794?page=com.atlassian.jira.plugi... ] Edson Tirelli commented on DROOLS-2794: --------------------------------------- [~manstis] technically, the use can model a function expression in a decision, although most of the time it wouldn't be "business friendly". I would say do whatever is easier, allow it or not. Regarding the result type, for functions, it is defined in the body of the function (in the XML file), but from a UI perspective, it is presented the same way as any other expression. > [DMN Designer] Data-types: Support usage in grids > ------------------------------------------------- > > Key: DROOLS-2794 > URL: https://issues.jboss.org/browse/DROOLS-2794 > Project: Drools > Issue Type: Epic > Components: DMN Editor > Affects Versions: 7.9.0.Final > Reporter: Michael Anstis > Assignee: Michael Anstis > > Listing requirements here; and then possibly move this to an EPIC and add smaller tasks. > *_General_* > - (x) {{<< Back to XXX}} does not update if name changed in Properties panel > - (x) "TypeRef" on Properties panel should show "Output Data Type" > *_Literal Expression_* > - (x) Grid header _could_ show Output Data Type > - (/) Editing Output Data Type is possible via Properties panel > - (x) Update header when Output Data Type is changed via Properties panel > *_Decision Table_* > - (x) Grid header _could_ show Output Data Type > - (/) Editing Output Data Type is possible via Properties panel > - (x) Hide Output Data Type in header when there are multiple {{OutputClause}} columns > - (x) {{InputClause}} columns header should show Input Data Type > - (x) {{InputClause}} columns should support changing the Input Data Type > - (x) {{OutputClause}} columns header should show Output Data Type > - (x) {{OutputClause}} columns should support changing the Output Data Type > *_Context_* > - (x) Grid header _could_ show Output Data Type (for Decision/BKM) > - (/) Editing Output Data Type (for Decision/BKM) is possible via Properties panel > - (x) {{ContextEntry}} should show Output Data Type (for {{ContextEntry}}) > - (x) {{ContextEntry}} should support changing the Output Data Type (for {{ContextEntry}}) > *_Relation_* > - (x) Grid header _could_ show Output Data Type > - (/) Editing Output Data Type is possible via Properties panel > - (x) {{InformationItem}} column should show Input Data Type > - (x) {{InformationItem}} column should support changing Input Data Type > *_Invocation_* > - (x) Grid header _could_ show Output Data Type > - (/) Editing Output Data Type is possible via Properties panel -- This message was sent by Atlassian JIRA (v7.5.0#75005)

7 years, 9 months

1
0
0 / 0

2026

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

jboss-jira July 2018