Elytron, unable to use elytron ssl-context in server to host controller communication ------------------------------------------------------------------------------------- Key: WFCORE-2689 URL: https://issues.jboss.org/browse/WFCORE-2689 Project: WildFly Core Issue Type: Bug Components: Security Reporter: Martin Choma Assignee: Darran Lofthouse Priority: Blocker Labels: eap7.1-rfe-blocker In legacy there is possible to configure ssl context for the connection from the application server back to it's host controller in domain mode. This legacy configuration was added based on JBEAP-2514. I don't see Elytron alternative, such it would be possible to configure Elytron client ssl context. I have verified it is still possible to successfully configure domain mode in FIPS mode mixing 2 approaches: * Elytron for controller to controller communication * Legacy for server to controller communication. {code:title=wildfly-config_5_0.xsd} <xs:complexType name="serverType"> <xs:all> <xs:element name="paths" type="specified-pathsType" minOccurs="0" maxOccurs="1" /> <xs:element name="interfaces" type="specified-interfacesType" minOccurs="0"/> <xs:element name="socket-bindings" type="server-socket-bindingsType" minOccurs="0"/> <!--<xs:element name="loggers" type="loggersType" minOccurs="0"/>--> <xs:element name="system-properties" type="properties-with-boottime" minOccurs="0"/> <xs:element name="jvm" minOccurs="0" type="serverJvmType"/> <xs:element name="ssl" minOccurs="0" type="server-sslType"> <xs:annotation> <xs:documentation> Configuration of the SSLContext used for the connection from the application server back to it's host controller. </xs:documentation> </xs:annotation> </xs:element> </xs:all> <xs:attribute name="name" type="xs:string" use="required"/> <xs:attribute name="group" type="xs:string" use="required"/> <xs:attribute name="auto-start" type="xs:boolean" default="true"/> <xs:attribute name="update-auto-start-with-server-status" type="xs:boolean" default="false"> <xs:annotation> <xs:documentation> Iif the server last status (STARTED or STOPPED) is to be used to define the value of auto-start. </xs:documentation> </xs:annotation> </xs:attribute> </xs:complexType> {code} I found issue now as: * RFE was switched into Verificaiton TODO in DR16 * There existed and still exists couple of related issues (JBEAP-8147, JBEAP-10060, JBEAP-9630) which hint this area is not working properly, so focus was on another areas.