]
Brian Stansberry updated WFCORE-1282:
-------------------------------------
Fix Version/s: 3.0.0.Alpha5
(was: 3.0.0.Alpha4)
Unable to create HTTPS connection using *ECDH_RSA* cipher suites /
kECDHr cipher string
---------------------------------------------------------------------------------------
Key: WFCORE-1282
URL:
https://issues.jboss.org/browse/WFCORE-1282
Project: WildFly Core
Issue Type: Bug
Components: Security
Affects Versions: 1.0.2.Final
Environment: Oracle Java
Reporter: Martin Choma
Assignee: Darran Lofthouse
Priority: Critical
Fix For: 3.0.0.Alpha5
Attachments: client_debug_eap6.log, client_debug_eap7.log,
server-cert-key-ec.jks, server_debug_eap6.log, server_debug_eap7.log
User using these cipher suites / cipher name in EAP6 won't be able to use it in EAP7.
Setting as critical as these cipher suites, are considered for strong and widely used in
my opinion.
In server log, error "no cipher suites in common" can be seen using
-Djavax.net.debug=all.
Note, that analogous configuration in EAP6 works fine.
Issue can be seen on Oracle Java only, as on OpenJDK / IBM these suites are not provided
by method getDefaultCipherSuites().
Also is it possible to log "no cipher suites in common" and similar tls
handshake errors without -Djavax.net.debug for better troubleshooting?