12:01 p.m.
[
https://issues.jboss.org/browse/ELY-395?page=com.atlassian.jira.plugin.sy...
]
Darran Lofthouse commented on ELY-395:
--------------------------------------
Here is the SSL debug output: -
{noformat}
17:59:26,482 INFO [stdout] (default I/O-10) Using SSLEngineImpl.
17:59:26,532 INFO [stdout] (default I/O-10) Allow unsafe renegotiation: false
17:59:26,532 INFO [stdout] (default I/O-10) Allow legacy hello messages: true
17:59:26,532 INFO [stdout] (default I/O-10) Is initial handshake: true
17:59:26,532 INFO [stdout] (default I/O-10) Is secure renegotiation: false
17:59:26,533 INFO [stdout] (default I/O-10) No available cipher suite for TLSv1
17:59:26,533 INFO [stdout] (default I/O-10) No available cipher suite for TLSv1.1
17:59:26,533 INFO [stdout] (default I/O-10) No available cipher suite for TLSv1.2
17:59:26,534 INFO [stdout] (default I/O-10) default I/O-10, fatal error: 80: problem
unwrapping net record
17:59:26,534 INFO [stdout] (default I/O-10) javax.net.ssl.SSLHandshakeException: No
appropriate protocol (protocol is disabled or cipher suites are inappropriate)
17:59:26,534 INFO [stdout] (default I/O-10) default I/O-10, SEND TLSv1.2 ALERT: fatal,
description = internal_error
17:59:26,535 INFO [stdout] (default I/O-10) default I/O-10, WRITE: TLSv1.2 Alert, length
= 2
17:59:26,535 INFO [stdout] (default I/O-10) default I/O-10, called closeInbound()
17:59:26,535 INFO [stdout] (default I/O-10) default I/O-10, fatal: engine already closed.
Rethrowing javax.net.ssl.SSLException: Inbound closed before receiving peer's
close_notify: possible truncation attack?
17:59:26,536 INFO [stdout] (default I/O-10) default I/O-10, called closeOutbound()
17:59:26,536 INFO [stdout] (default I/O-10) default I/O-10, closeOutboundInternal()
17:59:26,539 INFO [stdout] (default I/O-12) Using SSLEngineImpl.
17:59:26,547 INFO [stdout] (default I/O-12) Allow unsafe renegotiation: false
17:59:26,547 INFO [stdout] (default I/O-12) Allow legacy hello messages: true
17:59:26,547 INFO [stdout] (default I/O-12) Is initial handshake: true
17:59:26,547 INFO [stdout] (default I/O-12) Is secure renegotiation: false
17:59:26,547 INFO [stdout] (default I/O-12) No available cipher suite for TLSv1
17:59:26,548 INFO [stdout] (default I/O-12) No available cipher suite for TLSv1.1
17:59:26,548 INFO [stdout] (default I/O-12) No available cipher suite for TLSv1.2
17:59:26,548 INFO [stdout] (default I/O-12) default I/O-12, fatal error: 80: problem
unwrapping net record
17:59:26,548 INFO [stdout] (default I/O-12) javax.net.ssl.SSLHandshakeException: No
appropriate protocol (protocol is disabled or cipher suites are inappropriate)
17:59:26,549 INFO [stdout] (default I/O-12) default I/O-12, SEND TLSv1.2 ALERT: fatal,
description = internal_error
17:59:26,549 INFO [stdout] (default I/O-12) default I/O-12, WRITE: TLSv1.2 Alert, length
= 2
17:59:26,549 INFO [stdout] (default I/O-12) default I/O-12, called closeInbound()
17:59:26,549 INFO [stdout] (default I/O-12) default I/O-12, fatal: engine already closed.
Rethrowing javax.net.ssl.SSLException: Inbound closed before receiving peer's
close_notify: possible truncation attack?
17:59:26,549 INFO [stdout] (default I/O-12) default I/O-12, called closeOutbound()
17:59:26,549 INFO [stdout] (default I/O-12) default I/O-12, closeOutboundInternal()
17:59:26,551 INFO [stdout] (default I/O-14) Using SSLEngineImpl.
17:59:26,557 INFO [stdout] (default I/O-14) Allow unsafe renegotiation: false
17:59:26,558 INFO [stdout] (default I/O-14) Allow legacy hello messages: true
17:59:26,558 INFO [stdout] (default I/O-14) Is initial handshake: true
17:59:26,558 INFO [stdout] (default I/O-14) Is secure renegotiation: false
17:59:26,558 INFO [stdout] (default I/O-14) No available cipher suite for TLSv1
17:59:26,558 INFO [stdout] (default I/O-14) No available cipher suite for TLSv1.1
17:59:26,558 INFO [stdout] (default I/O-14) No available cipher suite for TLSv1.2
17:59:26,558 INFO [stdout] (default I/O-14) default I/O-14, fatal error: 80: problem
unwrapping net record
17:59:26,559 INFO [stdout] (default I/O-14) javax.net.ssl.SSLHandshakeException: No
appropriate protocol (protocol is disabled or cipher suites are inappropriate)
17:59:26,559 INFO [stdout] (default I/O-14) default I/O-14, SEND TLSv1.2 ALERT: fatal,
description = internal_error
17:59:26,560 INFO [stdout] (default I/O-14) default I/O-14, WRITE: TLSv1.2 Alert, length
= 2
17:59:26,560 INFO [stdout] (default I/O-14) default I/O-14, called closeInbound()
17:59:26,560 INFO [stdout] (default I/O-14) default I/O-14, fatal: engine already closed.
Rethrowing javax.net.ssl.SSLException: Inbound closed before receiving peer's
close_notify: possible truncation attack?
17:59:26,560 INFO [stdout] (default I/O-14) default I/O-14, called closeOutbound()
17:59:26,560 INFO [stdout] (default I/O-14) default I/O-14, closeOutboundInternal()
{noformat}
Undertow HTTPS listener offers no cipher suite for DEFAULT
enabled-cipher-suites
--------------------------------------------------------------------------------
Key: ELY-395
URL: https://issues.jboss.org/browse/ELY-395
Project: WildFly Elytron
Issue Type: Bug
Components: SSL
Affects Versions: 1.0.2.Final
Reporter: Ondrej Kotek
Assignee: Darran Lofthouse
Fix For: 1.1.0.Beta6
No cipher suites are available for handshake with HTTPS Undertow listener.
According to OpenSSL documentation [1], cipher suites corresponding with
ALL:!COMPLEMENTOFDEFAULT:!eNULL cipher string should be available for handshake.
According to Elytron documentation [2], cipher suites corresponding with
ALL:!aNULL:!eNULL cipher string should be available for handshake.
[1] https://www.openssl.org/docs/manmaster/apps/ciphers.html#CIPHER-STRINGS
[2]
http://wildfly-security.github.io/wildfly-elytron/org/wildfly/security/ss...
--
This message was sent by Atlassian JIRA
(v6.4.11#64026)