[jboss-jira] [JBoss JIRA] (JBWEB-292) Http11Nio loaded even with native="false", JBWEB002081: No cipher match
Michal Babacek (JIRA)
issues at jboss.org
Thu Mar 6 07:39:33 EST 2014
Michal Babacek created JBWEB-292:
------------------------------------
Summary: Http11Nio loaded even with native="false", JBWEB002081: No cipher match
Key: JBWEB-292
URL: https://issues.jboss.org/browse/JBWEB-292
Project: JBoss Web
Issue Type: Feature Request
Security Level: Public (Everyone can see)
Affects Versions: JBossWeb-7.4.0.GA
Reporter: Michal Babacek
Assignee: Remy Maucherat
Priority: Critical
Fix For: JBossWeb-7.4.0.GA
Hi guys,
I have an SSL test that sets up the web subsystem with HTTPS connector only and uses HTTPS with mod_cluster.
{code}
<subsystem xmlns="urn:jboss:domain:modcluster:1.2">
<mod-cluster-config advertise-socket="modcluster" connector="https">
<dynamic-load-provider>
<load-metric type="busyness"/>
</dynamic-load-provider>
<ssl key-alias="javaclient"
password="tomcat"
certificate-key-file="/tmp/ews-eap6/client-cert-key.jks"
cipher-suite="AES128-SHA:ALL:!ADH:!LOW:!MD5:!SSLV2:!NULL"
ca-certificate-file="/tmp/ews-eap6/ca-cert.jks"
/>
</mod-cluster-config>
</subsystem>
<subsystem xmlns="urn:jboss:domain:web:1.5" native="false">
<connector name="https" protocol="HTTP/1.1" scheme="https" socket-binding="https" secure="true" enabled="true">
<ssl name="https"
key-alias="javaclient"
password="tomcat"
certificate-key-file="/tmp/ews-eap6/client-cert-key.jks"
cipher-suite="AES128-SHA:ALL:!ADH:!LOW:!MD5:!SSLV2:!NULL"
protocol="TLS" verify-client="false"
certificate-file="/tmp/ews-eap6/client-cert-key.jks"
ca-certificate-file="/tmp/ews-eap6/ca-cert.jks"/>
</connector>
<virtual-server name="default-host" enable-welcome-root="true">
<alias name="localhost"/>
<alias name="example.com"/>
</virtual-server>
</subsystem>
{code}
Notice that while EAP 6.3.0.DR1 with *jbossweb-7.3.0.Final* uses {{org.apache.coyote.http11}}, even if natives are unpacked in {{modules/system/layers/base/org/jboss/as/web/main/lib/linux-x86_64/libtcnative-1.so}}, because there is {{native="false"}} in the web subsystem configuration, EAP 6.3.0.DR2 with *jbossweb-7.4.0.Beta4* tries to start {{org.apache.coyote.http11.Http11NioProtocol}} despite having {{native="false"}}.
This causes cipher suite errors, because the native implementation doesn't know what to do with it...
* EAP 6.3.0.DR1 with jbossweb-7.3.0.Final passes this test with no exceptions thrown.
* EAP 6.3.0.DR2 with jbossweb-7.4.0.Beta4 causes:
{noformat}
06:18:26,649 ERROR [org.apache.coyote.http11.Http11NioProtocol] (MSC service thread 1-17) JBWEB003043: Error initializing endpoint: java.io.IOException: JBWEB002081: No cipher match
at org.apache.tomcat.util.net.jsse.NioJSSESocketChannelFactory.init(NioJSSESocketChannelFactory.java:315) [jbossweb-7.4.0.Beta4.jar:7.4.0.Beta4]
at org.apache.tomcat.util.net.NioEndpoint.init(NioEndpoint.java:205) [jbossweb-7.4.0.Beta4.jar:7.4.0.Beta4]
at org.apache.coyote.http11.Http11NioProtocol.init(Http11NioProtocol.java:113) [jbossweb-7.4.0.Beta4.jar:7.4.0.Beta4]
at org.apache.catalina.connector.Connector.init(Connector.java:983) [jbossweb-7.4.0.Beta4.jar:7.4.0.Beta4]
at org.jboss.as.web.WebConnectorService.start(WebConnectorService.java:304) [jboss-as-web-7.4.0.Final-redhat-2.jar:7.4.0.Final-redhat-2]
at org.jboss.msc.service.ServiceControllerImpl$StartTask.startService(ServiceControllerImpl.java:1980) [jboss-msc-1.1.5.Final.jar:1.1.5.Final]
at org.jboss.msc.service.ServiceControllerImpl$StartTask.run(ServiceControllerImpl.java:1913) [jboss-msc-1.1.5.Final.jar:1.1.5.Final]
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145) [rt.jar:1.7.0_51]
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615) [rt.jar:1.7.0_51]
at java.lang.Thread.run(Thread.java:744) [rt.jar:1.7.0_51]
Caused by: java.io.IOException: JBWEB002081: No cipher match
at org.apache.tomcat.util.net.jsse.NioJSSESocketChannelFactory.getEnabledCiphers(NioJSSESocketChannelFactory.java:399) [jbossweb-7.4.0.Beta4.jar:7.4.0.Beta4]
at org.apache.tomcat.util.net.jsse.NioJSSESocketChannelFactory.init(NioJSSESocketChannelFactory.java:305) [jbossweb-7.4.0.Beta4.jar:7.4.0.Beta4]
... 9 more
06:18:26,663 INFO [org.jboss.as.connector.subsystems.datasources] (MSC service thread 1-39) JBAS010400: Bound data source [java:jboss/datasources/ExampleDS]
06:18:26,672 ERROR [org.jboss.msc.service.fail] (MSC service thread 1-17) MSC000001: Failed to start service jboss.web.connector.https: org.jboss.msc.service.StartException in service jboss.web.connector.https: JBAS018007: Error starting web connector
at org.jboss.as.web.WebConnectorService.start(WebConnectorService.java:362)
at org.jboss.msc.service.ServiceControllerImpl$StartTask.startService(ServiceControllerImpl.java:1980) [jboss-msc-1.1.5.Final.jar:1.1.5.Final]
at org.jboss.msc.service.ServiceControllerImpl$StartTask.run(ServiceControllerImpl.java:1913) [jboss-msc-1.1.5.Final.jar:1.1.5.Final]
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145) [rt.jar:1.7.0_51]
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615) [rt.jar:1.7.0_51]
at java.lang.Thread.run(Thread.java:744) [rt.jar:1.7.0_51]
Caused by: LifecycleException: JBWEB000023: Protocol handler initialization failed
at org.apache.catalina.connector.Connector.init(Connector.java:985)
at org.jboss.as.web.WebConnectorService.start(WebConnectorService.java:304)
... 5 more
{noformat}
Any ideas?
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
More information about the jboss-jira
mailing list