[jboss-jira] [JBoss JIRA] (JBWEB-292) Http11Nio loaded, JBWEB002081: No cipher match
Jean-Frederic Clere (JIRA)
issues at jboss.org
Thu Mar 6 09:49:34 EST 2014
[ https://issues.jboss.org/browse/JBWEB-292?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12950748#comment-12950748 ]
Jean-Frederic Clere commented on JBWEB-292:
-------------------------------------------
I think you use the OpenSSL names you need the JSSE ones.
AES128-SHA isn't in the supported list etc...
> Http11Nio loaded, JBWEB002081: No cipher match
> ----------------------------------------------
>
> Key: JBWEB-292
> URL: https://issues.jboss.org/browse/JBWEB-292
> Project: JBoss Web
> Issue Type: Feature Request
> Security Level: Public(Everyone can see)
> Affects Versions: JBossWeb-7.4.0.GA
> Reporter: Michal Babacek
> Assignee: Remy Maucherat
> Priority: Critical
> Fix For: JBossWeb-7.4.0.GA
>
>
> Hi guys,
> I have an SSL test that sets up the web subsystem with HTTPS connector only and uses HTTPS with mod_cluster.
> {code}
> <subsystem xmlns="urn:jboss:domain:modcluster:1.2">
> <mod-cluster-config advertise-socket="modcluster" connector="https">
> <dynamic-load-provider>
> <load-metric type="busyness"/>
> </dynamic-load-provider>
> <ssl key-alias="javaclient"
> password="tomcat"
> certificate-key-file="/tmp/ews-eap6/client-cert-key.jks"
> cipher-suite="AES128-SHA:ALL:!ADH:!LOW:!MD5:!SSLV2:!NULL"
> ca-certificate-file="/tmp/ews-eap6/ca-cert.jks"
> />
> </mod-cluster-config>
> </subsystem>
> <subsystem xmlns="urn:jboss:domain:web:1.5" native="false">
> <connector name="https" protocol="HTTP/1.1" scheme="https" socket-binding="https" secure="true" enabled="true">
> <ssl name="https"
> key-alias="javaclient"
> password="tomcat"
> certificate-key-file="/tmp/ews-eap6/client-cert-key.jks"
> cipher-suite="AES128-SHA:ALL:!ADH:!LOW:!MD5:!SSLV2:!NULL"
> protocol="TLS" verify-client="false"
> certificate-file="/tmp/ews-eap6/client-cert-key.jks"
> ca-certificate-file="/tmp/ews-eap6/ca-cert.jks"/>
> </connector>
> <virtual-server name="default-host" enable-welcome-root="true">
> <alias name="localhost"/>
> <alias name="example.com"/>
> </virtual-server>
> </subsystem>
> {code}
> Notice that while EAP 6.3.0.DR1 with *jbossweb-7.3.0.Final* uses {{org.apache.coyote.http11}}, EAP 6.3.0.DR2 with *jbossweb-7.4.0.Beta4* tries to start {{org.apache.coyote.http11.Http11NioProtocol}}.
> This causes cipher suite errors.
> * EAP 6.3.0.DR1 with jbossweb-7.3.0.Final passes this test with no exceptions thrown.
> * EAP 6.3.0.DR2 with jbossweb-7.4.0.Beta4 causes:
> {noformat}
> 06:18:26,649 ERROR [org.apache.coyote.http11.Http11NioProtocol] (MSC service thread 1-17) JBWEB003043: Error initializing endpoint: java.io.IOException: JBWEB002081: No cipher match
> at org.apache.tomcat.util.net.jsse.NioJSSESocketChannelFactory.init(NioJSSESocketChannelFactory.java:315) [jbossweb-7.4.0.Beta4.jar:7.4.0.Beta4]
> at org.apache.tomcat.util.net.NioEndpoint.init(NioEndpoint.java:205) [jbossweb-7.4.0.Beta4.jar:7.4.0.Beta4]
> at org.apache.coyote.http11.Http11NioProtocol.init(Http11NioProtocol.java:113) [jbossweb-7.4.0.Beta4.jar:7.4.0.Beta4]
> at org.apache.catalina.connector.Connector.init(Connector.java:983) [jbossweb-7.4.0.Beta4.jar:7.4.0.Beta4]
> at org.jboss.as.web.WebConnectorService.start(WebConnectorService.java:304) [jboss-as-web-7.4.0.Final-redhat-2.jar:7.4.0.Final-redhat-2]
> at org.jboss.msc.service.ServiceControllerImpl$StartTask.startService(ServiceControllerImpl.java:1980) [jboss-msc-1.1.5.Final.jar:1.1.5.Final]
> at org.jboss.msc.service.ServiceControllerImpl$StartTask.run(ServiceControllerImpl.java:1913) [jboss-msc-1.1.5.Final.jar:1.1.5.Final]
> at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145) [rt.jar:1.7.0_51]
> at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615) [rt.jar:1.7.0_51]
> at java.lang.Thread.run(Thread.java:744) [rt.jar:1.7.0_51]
> Caused by: java.io.IOException: JBWEB002081: No cipher match
> at org.apache.tomcat.util.net.jsse.NioJSSESocketChannelFactory.getEnabledCiphers(NioJSSESocketChannelFactory.java:399) [jbossweb-7.4.0.Beta4.jar:7.4.0.Beta4]
> at org.apache.tomcat.util.net.jsse.NioJSSESocketChannelFactory.init(NioJSSESocketChannelFactory.java:305) [jbossweb-7.4.0.Beta4.jar:7.4.0.Beta4]
> ... 9 more
> 06:18:26,663 INFO [org.jboss.as.connector.subsystems.datasources] (MSC service thread 1-39) JBAS010400: Bound data source [java:jboss/datasources/ExampleDS]
> 06:18:26,672 ERROR [org.jboss.msc.service.fail] (MSC service thread 1-17) MSC000001: Failed to start service jboss.web.connector.https: org.jboss.msc.service.StartException in service jboss.web.connector.https: JBAS018007: Error starting web connector
> at org.jboss.as.web.WebConnectorService.start(WebConnectorService.java:362)
> at org.jboss.msc.service.ServiceControllerImpl$StartTask.startService(ServiceControllerImpl.java:1980) [jboss-msc-1.1.5.Final.jar:1.1.5.Final]
> at org.jboss.msc.service.ServiceControllerImpl$StartTask.run(ServiceControllerImpl.java:1913) [jboss-msc-1.1.5.Final.jar:1.1.5.Final]
> at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145) [rt.jar:1.7.0_51]
> at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615) [rt.jar:1.7.0_51]
> at java.lang.Thread.run(Thread.java:744) [rt.jar:1.7.0_51]
> Caused by: LifecycleException: JBWEB000023: Protocol handler initialization failed
> at org.apache.catalina.connector.Connector.init(Connector.java:985)
> at org.jboss.as.web.WebConnectorService.start(WebConnectorService.java:304)
> ... 5 more
> {noformat}
> Any ideas?
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
More information about the jboss-jira
mailing list