[
https://issues.jboss.org/browse/ELY-1605?page=com.atlassian.jira.plugin.s...
]
Martin Choma updated ELY-1605:
------------------------------
Description:
{code}
/subsystem=elytron/server-ssl-context=a:add(cipher-suite-filter="TLS_RSA_WITH_AES_256_CCM,TLS_RSA_WITH_AES_128_CCM")
{
"outcome" => "failed",
"failure-description" => "WFLYELY01017: Invalid value for
cipher-suite-filter. ELY05016: Unrecognized token \"TLS_RSA_WITH_AES_256_CCM\"
in mechanism selection string
\"TLS_RSA_WITH_AES_256_CCM,TLS_RSA_WITH_AES_128_CCM\"",
"rolled-back" => true
}
{code}
This is probably simply because MechanismDatabase.properties does not know CCM cipher
suites.
Marking as Critical because both of ciphersuites from reproducer are listed as FIPS cipher
suites for FIPS BC TLS [1]
These two ciphersuites (TLS_RSA_WITH_AES_256_CCM,TLS_RSA_WITH_AES_128_CCM) are introduced
in [
rfc6655|https://tools.ietf.org/html/rfc6655].
[1]
https://downloads.bouncycastle.org/fips-java/BC-FJA-(D)TLSUserGuide-1.0.5...
[2]
https://tools.ietf.org/html/rfc6655
was:
{code}
/subsystem=elytron/server-ssl-context=a:add(cipher-suite-filter="TLS_RSA_WITH_AES_256_CCM,TLS_RSA_WITH_AES_128_CCM")
{
"outcome" => "failed",
"failure-description" => "WFLYELY01017: Invalid value for
cipher-suite-filter. ELY05016: Unrecognized token \"TLS_RSA_WITH_AES_256_CCM\"
in mechanism selection string
\"TLS_RSA_WITH_AES_256_CCM,TLS_RSA_WITH_AES_128_CCM\"",
"rolled-back" => true
}
{code}
This is probably simply because MechanismDatabase.properties does not know CCM cipher
suites.
Marking as Critical because both of ciphersuites from reproducer are listed as FIPS cipher
suites for FIPS BC TLS [1]
[1]
https://downloads.bouncycastle.org/fips-java/BC-FJA-(D)TLSUserGuide-1.0.5...
ELY05016: Unrecognized token for CCM mode cipher suites.
--------------------------------------------------------
Key: ELY-1605
URL:
https://issues.jboss.org/browse/ELY-1605
Project: WildFly Elytron
Issue Type: Bug
Components: SSL
Affects Versions: 1.3.3.Final
Reporter: Martin Choma
Priority: Critical
{code}
/subsystem=elytron/server-ssl-context=a:add(cipher-suite-filter="TLS_RSA_WITH_AES_256_CCM,TLS_RSA_WITH_AES_128_CCM")
{
"outcome" => "failed",
"failure-description" => "WFLYELY01017: Invalid value for
cipher-suite-filter. ELY05016: Unrecognized token \"TLS_RSA_WITH_AES_256_CCM\"
in mechanism selection string
\"TLS_RSA_WITH_AES_256_CCM,TLS_RSA_WITH_AES_128_CCM\"",
"rolled-back" => true
}
{code}
This is probably simply because MechanismDatabase.properties does not know CCM cipher
suites.
Marking as Critical because both of ciphersuites from reproducer are listed as FIPS
cipher suites for FIPS BC TLS [1]
These two ciphersuites (TLS_RSA_WITH_AES_256_CCM,TLS_RSA_WITH_AES_128_CCM) are introduced
in [
rfc6655|https://tools.ietf.org/html/rfc6655].
[1]
https://downloads.bouncycastle.org/fips-java/BC-FJA-(D)TLSUserGuide-1.0.5...
[2]
https://tools.ietf.org/html/rfc6655
--
This message was sent by Atlassian JIRA
(v7.5.0#75005)