4:49 a.m.
[
https://issues.jboss.org/browse/WFLY-11640?page=com.atlassian.jira.plugin...
]
Ingo Weiss reassigned WFLY-11640:
---------------------------------
Assignee: Ingo Weiss (was: Stuart Douglas)
NPE with wildfly-openssl using OpenSSL 1.1.1a
---------------------------------------------
Key: WFLY-11640
URL: https://issues.jboss.org/browse/WFLY-11640
Project: WildFly
Issue Type: Bug
Components: Web (Undertow)
Affects Versions: 15.0.1.Final
Environment: OpenSSL 1.1.1a
Reporter: Jan Stourac
Assignee: Ingo Weiss
Priority: Major
It is impossible to use {{wildfly-openssl}} binding with OpenSSL 1.1.1a (RHEL8 uses 1.1.1
at the moment but there seems to be same issue). There is an NPE during the ciphersuites
initialization:
{code}
9:10:58,330 WARNING [org.wildfly.openssl.OpenSSLContextSPI] (MSC service thread 1-3)
WFOPENSSL0014 Failed to initialize ciphers: java.lang.NullPointerException
at org.wildfly.openssl.CipherSuiteConverter.toJava(CipherSuiteConverter.java:284)
at
org.wildfly.openssl.OpenSSLContextSPI.getAvailableCipherSuites(OpenSSLContextSPI.java:109)
at org.wildfly.openssl.OpenSSLEngine.getSupportedCipherSuites(OpenSSLEngine.java:711)
at org.wildfly.openssl.OpenSSLSocket.getSupportedCipherSuites(OpenSSLSocket.java:163)
at javax.net.ssl.SSLContextSpi.engineGetSupportedSSLParameters(SSLContextSpi.java:194)
at javax.net.ssl.SSLContext.getSupportedSSLParameters(SSLContext.java:436)
at
org.jboss.as.domain.management.security.SSLContextService.wrapSslContext(SSLContextService.java:116)
at
org.jboss.as.domain.management.security.SSLContextService.start(SSLContextService.java:102)
at
org.jboss.msc.service.ServiceControllerImpl$StartTask.startService(ServiceControllerImpl.java:1738)
at
org.jboss.msc.service.ServiceControllerImpl$StartTask.execute(ServiceControllerImpl.java:1700)
at
org.jboss.msc.service.ServiceControllerImpl$ControllerTask.run(ServiceControllerImpl.java:1558)
at
org.jboss.threads.ContextClassLoaderSavingRunnable.run(ContextClassLoaderSavingRunnable.java:35)
at org.jboss.threads.EnhancedQueueExecutor.safeRun(EnhancedQueueExecutor.java:1985)
at
org.jboss.threads.EnhancedQueueExecutor$ThreadBody.doRunTask(EnhancedQueueExecutor.java:1487)
at
org.jboss.threads.EnhancedQueueExecutor$ThreadBody.run(EnhancedQueueExecutor.java:1378)
at java.lang.Thread.run(Thread.java:748)
{code}
and then there is NPE during the request itself:
{code}
19:12:18,417 ERROR [org.xnio.listener] (default I/O-2) XNIO001007: A channel event
listener threw an exception: java.lang.NullPointerException
at org.wildfly.openssl.CipherSuiteConverter.toJava(CipherSuiteConverter.java:284)
at org.wildfly.openssl.OpenSSLEngine.toJavaCipherSuite(OpenSSLEngine.java:1094)
at org.wildfly.openssl.OpenSSLEngine.getEnabledCipherSuites(OpenSSLEngine.java:729)
at org.wildfly.openssl.OpenSSLContextSPI.getCiphers(OpenSSLContextSPI.java:339)
at org.wildfly.openssl.OpenSSLEngine.getEnabledCipherSuites(OpenSSLEngine.java:720)
at
io.undertow.server.protocol.http.AlpnOpenListener.engineSupportsHTTP2(AlpnOpenListener.java:324)
at io.undertow.server.protocol.http.AlpnOpenListener$1.apply(AlpnOpenListener.java:239)
at io.undertow.server.protocol.http.AlpnOpenListener$1.apply(AlpnOpenListener.java:235)
at
io.undertow.server.protocol.http.AlpnOpenListener$SSLConduitUpdater.apply(AlpnOpenListener.java:430)
at
io.undertow.server.protocol.http.AlpnOpenListener$SSLConduitUpdater.apply(AlpnOpenListener.java:419)
at
io.undertow.protocols.alpn.DefaultAlpnEngineManager.registerEngine(DefaultAlpnEngineManager.java:31)
at io.undertow.protocols.alpn.ALPNManager.registerEngineCallback(ALPNManager.java:80)
at
io.undertow.server.protocol.http.AlpnOpenListener.handleEvent(AlpnOpenListener.java:235)
at
io.undertow.server.protocol.http.AlpnOpenListener.handleEvent(AlpnOpenListener.java:64)
at org.xnio.ChannelListeners.invokeChannelListener(ChannelListeners.java:92)
at org.xnio.ChannelListeners$10.handleEvent(ChannelListeners.java:291)
at org.xnio.ChannelListeners$10.handleEvent(ChannelListeners.java:286)
at org.xnio.ChannelListeners.invokeChannelListener(ChannelListeners.java:92)
at
org.xnio.ChannelListeners$DelegatingChannelListener.handleEvent(ChannelListeners.java:1092)
at org.xnio.ChannelListeners.invokeChannelListener(ChannelListeners.java:92)
at org.xnio.nio.QueuedNioTcpServer$1.run(QueuedNioTcpServer.java:131)
at org.xnio.nio.WorkerThread.safeRun(WorkerThread.java:612)
at org.xnio.nio.WorkerThread.run(WorkerThread.java:479)
{code}
Looking briefly into it, the cipher that is trying to be used is
*{{TLS_AES_256_GCM_SHA384}}*. It is interesting that this cipher has underscores
'_' in its name instead of hyphens '-' as most of the openssl ciphers
have. Looks like these were added in the sake of TLSv1.3, [see
here|https://github.com/openssl/openssl/commit/fa25763b5528b56b448d64bfba...].
--
This message was sent by Atlassian Jira
(v7.12.1#712002)
2132
days inactive
2132
days old
0 comments
1 participants
participants (1)
-
Ingo Weiss (Jira)