]
Martin Choma commented on ELY-1605:
-----------------------------------
This brings up bigger question. I know there was discussed we should revise/update
database and defaults with each release. But I can't find any such blocker JIRA.
Should I create one?
ELY05016: Unrecognized token for CCM mode cipher suites.
--------------------------------------------------------
Key: ELY-1605
URL:
https://issues.jboss.org/browse/ELY-1605
Project: WildFly Elytron
Issue Type: Bug
Components: SSL
Affects Versions: 1.3.3.Final
Reporter: Martin Choma
Priority: Critical
{code}
/subsystem=elytron/server-ssl-context=a:add(cipher-suite-filter="TLS_RSA_WITH_AES_256_CCM,TLS_RSA_WITH_AES_128_CCM")
{
"outcome" => "failed",
"failure-description" => "WFLYELY01017: Invalid value for
cipher-suite-filter. ELY05016: Unrecognized token \"TLS_RSA_WITH_AES_256_CCM\"
in mechanism selection string
\"TLS_RSA_WITH_AES_256_CCM,TLS_RSA_WITH_AES_128_CCM\"",
"rolled-back" => true
}
{code}
This is probably simply because MechanismDatabase.properties does not know CCM cipher
suites.
Marking as Critical because both of ciphersuites from reproducer are listed as FIPS
cipher suites for FIPS BC TLS [1]
[1]
https://downloads.bouncycastle.org/fips-java/BC-FJA-(D)TLSUserGuide-1.0.5...