]
Farah Juma reassigned ELY-1605:
-------------------------------
Assignee: Farah Juma
ELY05016: Unrecognized token for CCM mode cipher suites.
--------------------------------------------------------
Key: ELY-1605
URL:
https://issues.jboss.org/browse/ELY-1605
Project: WildFly Elytron
Issue Type: Bug
Components: SSL
Affects Versions: 1.3.3.Final
Reporter: Martin Choma
Assignee: Farah Juma
Priority: Critical
{code}
/subsystem=elytron/server-ssl-context=a:add(cipher-suite-filter="TLS_RSA_WITH_AES_256_CCM,TLS_RSA_WITH_AES_128_CCM")
{
"outcome" => "failed",
"failure-description" => "WFLYELY01017: Invalid value for
cipher-suite-filter. ELY05016: Unrecognized token \"TLS_RSA_WITH_AES_256_CCM\"
in mechanism selection string
\"TLS_RSA_WITH_AES_256_CCM,TLS_RSA_WITH_AES_128_CCM\"",
"rolled-back" => true
}
{code}
This is probably simply because MechanismDatabase.properties does not know CCM cipher
suites.
Marking as Critical because both of ciphersuites from reproducer are listed as FIPS
cipher suites for FIPS BC TLS [1]
These two ciphersuites (TLS_RSA_WITH_AES_256_CCM,TLS_RSA_WITH_AES_128_CCM) are introduced
in [
rfc6655|https://tools.ietf.org/html/rfc6655].
[1]
https://downloads.bouncycastle.org/fips-java/BC-FJA-(D)TLSUserGuide-1.0.5...
[2]
https://tools.ietf.org/html/rfc6655