Coverity static analysis: Dereference null return value in SSLConfiguratorImpl (Elytron) ---------------------------------------------------------------------------------------- Key: ELY-741 URL: https://issues.jboss.org/browse/ELY-741 Project: WildFly Elytron Issue Type: Bug Reporter: Josef Cacek Assignee: Ilia Vassilev Labels: static_analysis Fix For: 1.1.0.Beta16 Coverity static-analysis scan found 2 possible calls on null objects in {{SSLConfiguratorImpl.getDefaultSSLParameters()}} method. Both calls are related to following line: {code} configure(original, supportedSSLParameters.getProtocols(), supportedSSLParameters.getCipherSuites()); {code} https://scan7.coverity.com/reports.htm#v16159/p11778/fileInstanceId=57598... The {{getCipherSuites()}} call can return null ({{javax.net.ssl.SSLParameters.getCipherSuites}}) which can propagate to {{CipherSuiteSelector.evaluate()}} call where {{supportedMechanisms.length}} is used without null check. https://scan7.coverity.com/reports.htm#v16159/p11778/fileInstanceId=57598... The {{getProtocols()}} call can return null ({{javax.net.ssl.SSLParameters.getProtocols}}) which can propagate to {{ProtocolSelector.evaluate()}} call where {{supportedProtocols}} is used in for loop without null check. *Suggested improvement* Add null checks.