September 2020 - jboss-jira - Jboss List Archives

[JBoss JIRA] (WFLY-13916) Elytron server-ssl-context allowed protocols

by Sonia Zaldana (Jira)

[ https://issues.redhat.com/browse/WFLY-13916?page=com.atlassian.jira.plugi... ] Sonia Zaldana updated WFLY-13916: --------------------------------- Description: When JBoss EAP 7.2.7 is connecting to a third party client that is running on JDK 6 the following exception is logged: {code:java} javax.net.ssl.SSLHandshakeException: SSLv2Hello is disabled{code} As I understand, SSLv2Hello is used in older JDK versions for the initial handshake message where the SSL version that will be used for the rest of the handshake is negotiated. It is not possible to add SSLv2Hello to the list of protocols in server-ssl-context due to not being a valid value: {code:java} [standalone@localhost:9990 /] /subsystem=elytron/server-ssl-context=my-ssl-context:list-add(name=protocols, value=SSLv2Hello, index=0) { "outcome" => "failed", "failure-description" => "WFLYCTL0129: Invalid value SSLv2Hello for protocols; legal values are [\"SSLv2\", \"SSLv3\", \"TLSv1\", \"TLSv1.1\", \"TLSv1.2\", \"TLSv1.3\"]", "rolled-back" => true }{code} According to the undertow read-resource-description below, when server-ssl-context is configured in the Elytron subsystem, protocols must be defined in the server-ssl-context and not in the https connector in Undertow ("Where an SSLContext is references it should be configured with the supported protocols."): {code:java} /subsystem=undertow/server=default-server/https-listener=https/:read-resource-description(inherited=false,recursive=true,access-control=none)... "enabled-protocols" => { "type" => STRING, "description" => "Configures SSL protocols", "expressions-allowed" => true, "required" => false, "nillable" => true, "alternatives" => ["ssl-context"], "min-length" => 1L, "max-length" => 2147483647L, "deprecated" => { "since" => "4.0.0", "reason" => "Where an SSLContext is references it should be configured with the supported protocols." }, "access-type" => "read-write", "storage" => "configuration", "restart-required" => "all-services" }, ...{code} It is possible to add SSLv2Hello to the https connector in Undertow with legacy security as per. was: SSLv2Hello is used in older JDK versions for the initial handshake message where the SSL version that will be used for the rest of the handshake is negotiated. It is not possible to add SSLv2Hello to the list of protocols in server-ssl-context due to not being a valid value: {code:java} [standalone@localhost:9990 /] /subsystem=elytron/server-ssl-context=my-ssl-context:list-add(name=protocols, value=SSLv2Hello, index=0) { "outcome" => "failed", "failure-description" => "WFLYCTL0129: Invalid value SSLv2Hello for protocols; legal values are [\"SSLv2\", \"SSLv3\", \"TLSv1\", \"TLSv1.1\", \"TLSv1.2\", \"TLSv1.3\"]", "rolled-back" => true }{code} It is possible to add SSLv2Hello to the https connector in Undertow with legacy security as per. > Elytron server-ssl-context allowed protocols > -------------------------------------------- > > Key: WFLY-13916 > URL: https://issues.redhat.com/browse/WFLY-13916 > Project: WildFly > Issue Type: Feature Request > Reporter: Sonia Zaldana > Assignee: Sonia Zaldana > Priority: Major > > When JBoss EAP 7.2.7 is connecting to a third party client that is running on JDK 6 the following exception is logged: > {code:java} > > javax.net.ssl.SSLHandshakeException: SSLv2Hello is disabled{code} > As I understand, SSLv2Hello is used in older JDK versions for the initial handshake message where the SSL version that will be used for the rest of the handshake is negotiated. > It is not possible to add SSLv2Hello to the list of protocols in server-ssl-context due to not being a valid value: > {code:java} > [standalone@localhost:9990 /] /subsystem=elytron/server-ssl-context=my-ssl-context:list-add(name=protocols, value=SSLv2Hello, index=0) > { > "outcome" => "failed", > "failure-description" => "WFLYCTL0129: Invalid value SSLv2Hello for protocols; legal values are [\"SSLv2\", \"SSLv3\", \"TLSv1\", \"TLSv1.1\", \"TLSv1.2\", \"TLSv1.3\"]", > "rolled-back" => true > }{code} > According to the undertow read-resource-description below, when server-ssl-context is configured in the Elytron subsystem, protocols must be defined in the server-ssl-context and not in the https connector in Undertow ("Where an SSLContext is references it should be configured with the supported protocols."): > {code:java} > /subsystem=undertow/server=default-server/https-listener=https/:read-resource-description(inherited=false,recursive=true,access-control=none)... > "enabled-protocols" => { > "type" => STRING, > "description" => "Configures SSL protocols", > "expressions-allowed" => true, > "required" => false, > "nillable" => true, > "alternatives" => ["ssl-context"], > "min-length" => 1L, > "max-length" => 2147483647L, > "deprecated" => { > "since" => "4.0.0", > "reason" => "Where an SSLContext is references it should be configured with the supported protocols." > }, > "access-type" => "read-write", > "storage" => "configuration", > "restart-required" => "all-services" > }, > ...{code} > It is possible to add SSLv2Hello to the https connector in Undertow with legacy security as per. -- This message was sent by Atlassian Jira (v7.13.8#713008)

5 years, 1 month

1
0
0 / 0

[JBoss JIRA] (WFLY-13916) Elytron server-ssl-context allowed protocols

by Sonia Zaldana (Jira)

[ https://issues.redhat.com/browse/WFLY-13916?page=com.atlassian.jira.plugi... ] Sonia Zaldana updated WFLY-13916: --------------------------------- Description: SSLv2Hello is used in older JDK versions for the initial handshake message where the SSL version that will be used for the rest of the handshake is negotiated. It is not possible to add SSLv2Hello to the list of protocols in server-ssl-context due to not being a valid value: {code:java} [standalone@localhost:9990 /] /subsystem=elytron/server-ssl-context=my-ssl-context:list-add(name=protocols, value=SSLv2Hello, index=0) { "outcome" => "failed", "failure-description" => "WFLYCTL0129: Invalid value SSLv2Hello for protocols; legal values are [\"SSLv2\", \"SSLv3\", \"TLSv1\", \"TLSv1.1\", \"TLSv1.2\", \"TLSv1.3\"]", "rolled-back" => true }{code} It is possible to add SSLv2Hello to the https connector in Undertow with legacy security as per. > Elytron server-ssl-context allowed protocols > -------------------------------------------- > > Key: WFLY-13916 > URL: https://issues.redhat.com/browse/WFLY-13916 > Project: WildFly > Issue Type: Feature Request > Reporter: Sonia Zaldana > Assignee: Sonia Zaldana > Priority: Major > > SSLv2Hello is used in older JDK versions for the initial handshake message where the SSL version that will be used for the rest of the handshake is negotiated. > It is not possible to add SSLv2Hello to the list of protocols in server-ssl-context due to not being a valid value: > {code:java} > [standalone@localhost:9990 /] /subsystem=elytron/server-ssl-context=my-ssl-context:list-add(name=protocols, value=SSLv2Hello, index=0) > { > "outcome" => "failed", > "failure-description" => "WFLYCTL0129: Invalid value SSLv2Hello for protocols; legal values are [\"SSLv2\", \"SSLv3\", \"TLSv1\", \"TLSv1.1\", \"TLSv1.2\", \"TLSv1.3\"]", > "rolled-back" => true > }{code} > > It is possible to add SSLv2Hello to the https connector in Undertow with legacy security as per. -- This message was sent by Atlassian Jira (v7.13.8#713008)

5 years, 1 month

1
0
0 / 0

[JBoss JIRA] (WFLY-13916) Elytron server-ssl-context allowed protocols

by Sonia Zaldana (Jira)

Sonia Zaldana created WFLY-13916: ------------------------------------ Summary: Elytron server-ssl-context allowed protocols Key: WFLY-13916 URL: https://issues.redhat.com/browse/WFLY-13916 Project: WildFly Issue Type: Feature Request Reporter: Sonia Zaldana Assignee: Brian Stansberry -- This message was sent by Atlassian Jira (v7.13.8#713008)

5 years, 1 month

1
0
0 / 0

[JBoss JIRA] (WFLY-13916) Elytron server-ssl-context allowed protocols

by Sonia Zaldana (Jira)

[ https://issues.redhat.com/browse/WFLY-13916?page=com.atlassian.jira.plugi... ] Sonia Zaldana reassigned WFLY-13916: ------------------------------------ Assignee: Sonia Zaldana (was: Brian Stansberry) > Elytron server-ssl-context allowed protocols > -------------------------------------------- > > Key: WFLY-13916 > URL: https://issues.redhat.com/browse/WFLY-13916 > Project: WildFly > Issue Type: Feature Request > Reporter: Sonia Zaldana > Assignee: Sonia Zaldana > Priority: Major > -- This message was sent by Atlassian Jira (v7.13.8#713008)

5 years, 1 month

1
0
0 / 0

[JBoss JIRA] (ELY-2024) Elytron server-ssl-context allowed protocols

by Sonia Zaldana (Jira)

[ https://issues.redhat.com/browse/ELY-2024?page=com.atlassian.jira.plugin.... ] Sonia Zaldana updated ELY-2024: ------------------------------- Description: SSLv2Hello is used in older JDK versions for the initial handshake message where the SSL version that will be used for the rest of the handshake is negotiated. It is not possible to add SSLv2Hello to the list of protocols in server-ssl-context due to not being a valid value: {code:java} [standalone@localhost:9990 /] /subsystem=elytron/server-ssl-context=my-ssl-context:list-add(name=protocols, value=SSLv2Hello, index=0) { "outcome" => "failed", "failure-description" => "WFLYCTL0129: Invalid value SSLv2Hello for protocols; legal values are [\"SSLv2\", \"SSLv3\", \"TLSv1\", \"TLSv1.1\", \"TLSv1.2\", \"TLSv1.3\"]", "rolled-back" => true }{code} It is possible to add SSLv2Hello to the https connector in Undertow with legacy security as per. was:It is possible to add SSLv2Hello to the https connector in Undertow with legacy security as per. > Elytron server-ssl-context allowed protocols > -------------------------------------------- > > Key: ELY-2024 > URL: https://issues.redhat.com/browse/ELY-2024 > Project: WildFly Elytron > Issue Type: Feature Request > Reporter: Sonia Zaldana > Assignee: Sonia Zaldana > Priority: Major > > SSLv2Hello is used in older JDK versions for the initial handshake message where the SSL version that will be used for the rest of the handshake is negotiated. > It is not possible to add SSLv2Hello to the list of protocols in server-ssl-context due to not being a valid value: > {code:java} > [standalone@localhost:9990 /] /subsystem=elytron/server-ssl-context=my-ssl-context:list-add(name=protocols, value=SSLv2Hello, index=0) > { > "outcome" => "failed", > "failure-description" => "WFLYCTL0129: Invalid value SSLv2Hello for protocols; legal values are [\"SSLv2\", \"SSLv3\", \"TLSv1\", \"TLSv1.1\", \"TLSv1.2\", \"TLSv1.3\"]", > "rolled-back" => true > }{code} > > It is possible to add SSLv2Hello to the https connector in Undertow with legacy security as per. -- This message was sent by Atlassian Jira (v7.13.8#713008)

5 years, 1 month

1
0
0 / 0

[JBoss JIRA] (WFCORE-5145) Elytron server-ssl-context allowed protocols

by Sonia Zaldana (Jira)

[ https://issues.redhat.com/browse/WFCORE-5145?page=com.atlassian.jira.plug... ] Sonia Zaldana updated WFCORE-5145: ---------------------------------- Description: SSLv2Hello is used in older JDK versions for the initial handshake message where the SSL version that will be used for the rest of the handshake is negotiated. It is not possible to add SSLv2Hello to the list of protocols in server-ssl-context due to not being a valid value: {code:java} [standalone@localhost:9990 /] /subsystem=elytron/server-ssl-context=my-ssl-context:list-add(name=protocols, value=SSLv2Hello, index=0) { "outcome" => "failed", "failure-description" => "WFLYCTL0129: Invalid value SSLv2Hello for protocols; legal values are [\"SSLv2\", \"SSLv3\", \"TLSv1\", \"TLSv1.1\", \"TLSv1.2\", \"TLSv1.3\"]", "rolled-back" => true }{code} It is possible to add SSLv2Hello to the https connector in Undertow with legacy security as per. > Elytron server-ssl-context allowed protocols > -------------------------------------------- > > Key: WFCORE-5145 > URL: https://issues.redhat.com/browse/WFCORE-5145 > Project: WildFly Core > Issue Type: Feature Request > Reporter: Sonia Zaldana > Assignee: Sonia Zaldana > Priority: Major > > SSLv2Hello is used in older JDK versions for the initial handshake message where the SSL version that will be used for the rest of the handshake is negotiated. > It is not possible to add SSLv2Hello to the list of protocols in server-ssl-context due to not being a valid value: > {code:java} > [standalone@localhost:9990 /] /subsystem=elytron/server-ssl-context=my-ssl-context:list-add(name=protocols, value=SSLv2Hello, index=0) > { > "outcome" => "failed", > "failure-description" => "WFLYCTL0129: Invalid value SSLv2Hello for protocols; legal values are [\"SSLv2\", \"SSLv3\", \"TLSv1\", \"TLSv1.1\", \"TLSv1.2\", \"TLSv1.3\"]", > "rolled-back" => true > }{code} > > It is possible to add SSLv2Hello to the https connector in Undertow with legacy security as per. -- This message was sent by Atlassian Jira (v7.13.8#713008)

5 years, 1 month

1
0
0 / 0

[JBoss JIRA] (WFCORE-5145) Elytron server-ssl-context allowed protocols

by Sonia Zaldana (Jira)

Sonia Zaldana created WFCORE-5145: ------------------------------------- Summary: Elytron server-ssl-context allowed protocols Key: WFCORE-5145 URL: https://issues.redhat.com/browse/WFCORE-5145 Project: WildFly Core Issue Type: Feature Request Reporter: Sonia Zaldana Assignee: Jeff Mesnil -- This message was sent by Atlassian Jira (v7.13.8#713008)

5 years, 1 month

1
0
0 / 0

[JBoss JIRA] (WFCORE-5145) Elytron server-ssl-context allowed protocols

by Sonia Zaldana (Jira)

[ https://issues.redhat.com/browse/WFCORE-5145?page=com.atlassian.jira.plug... ] Sonia Zaldana reassigned WFCORE-5145: ------------------------------------- Assignee: Sonia Zaldana (was: Jeff Mesnil) > Elytron server-ssl-context allowed protocols > -------------------------------------------- > > Key: WFCORE-5145 > URL: https://issues.redhat.com/browse/WFCORE-5145 > Project: WildFly Core > Issue Type: Feature Request > Reporter: Sonia Zaldana > Assignee: Sonia Zaldana > Priority: Major > -- This message was sent by Atlassian Jira (v7.13.8#713008)

5 years, 1 month

1
0
0 / 0

[JBoss JIRA] (ELY-2024) Elytron server-ssl-context allowed protocols

by Sonia Zaldana (Jira)

[ https://issues.redhat.com/browse/ELY-2024?page=com.atlassian.jira.plugin.... ] Sonia Zaldana updated ELY-2024: ------------------------------- Description: It is possible to add SSLv2Hello to the https connector in Undertow with legacy security as per. > Elytron server-ssl-context allowed protocols > -------------------------------------------- > > Key: ELY-2024 > URL: https://issues.redhat.com/browse/ELY-2024 > Project: WildFly Elytron > Issue Type: Feature Request > Reporter: Sonia Zaldana > Assignee: Sonia Zaldana > Priority: Major > > It is possible to add SSLv2Hello to the https connector in Undertow with legacy security as per. -- This message was sent by Atlassian Jira (v7.13.8#713008)

5 years, 1 month

1
0
0 / 0

[JBoss JIRA] (ELY-2024) Elytron server-ssl-context allowed protocols

by Sonia Zaldana (Jira)

[ https://issues.redhat.com/browse/ELY-2024?page=com.atlassian.jira.plugin.... ] Sonia Zaldana reassigned ELY-2024: ---------------------------------- Assignee: Sonia Zaldana (was: Darran Lofthouse) > Elytron server-ssl-context allowed protocols > -------------------------------------------- > > Key: ELY-2024 > URL: https://issues.redhat.com/browse/ELY-2024 > Project: WildFly Elytron > Issue Type: Feature Request > Reporter: Sonia Zaldana > Assignee: Sonia Zaldana > Priority: Major > -- This message was sent by Atlassian Jira (v7.13.8#713008)

5 years, 1 month

1
0
0 / 0

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

jboss-jira September 2020