[jboss-jira] [JBoss JIRA] (ELY-384) Unable to create HTTPS connection using *ECDH_RSA* cipher suites / kECDHr cipher string
Martin Choma (JIRA)
issues at jboss.org
Tue Dec 1 01:57:00 EST 2015
[ https://issues.jboss.org/browse/ELY-384?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Martin Choma moved JBEAP-2073 to ELY-384:
-----------------------------------------
Project: WildFly Elytron (was: JBoss Enterprise Application Platform)
Key: ELY-384 (was: JBEAP-2073)
Workflow: GIT Pull Request workflow (was: CDW v1)
Component/s: SSL
(was: Security)
(was: Web (Undertow))
Target Release: (was: 7.0.0.GA)
Affects Version/s: 1.0.2.Final
(was: 7.0.0.ER2 (Beta))
> Unable to create HTTPS connection using *ECDH_RSA* cipher suites / kECDHr cipher string
> ---------------------------------------------------------------------------------------
>
> Key: ELY-384
> URL: https://issues.jboss.org/browse/ELY-384
> Project: WildFly Elytron
> Issue Type: Bug
> Components: SSL
> Affects Versions: 1.0.2.Final
> Environment: Oracle Java
> Reporter: Martin Choma
> Assignee: Darran Lofthouse
> Priority: Critical
> Attachments: client_debug_eap6.log, client_debug_eap7.log, server-cert-key-ec.jks, server_debug_eap6.log, server_debug_eap7.log
>
>
> User using these cipher suites / cipher name in EAP6 won't be able to use it in EAP7.
> Setting as critical as these cipher suites, are considered for strong and widely used in my opinion.
> In server log, error "no cipher suites in common" can be seen using -Djavax.net.debug=all.
> Note, that analogous configuration in EAP6 works fine.
> Issue can be seen on Oracle Java only, as on OpenJDK / IBM these suites are not provided by method getDefaultCipherSuites().
> Also is it possible to log "no cipher suites in common" and similar tls handshake errors without -Djavax.net.debug for better troubleshooting?
--
This message was sent by Atlassian JIRA
(v6.4.11#64026)
More information about the jboss-jira
mailing list