[jboss-jira] [JBoss JIRA] (ELY-384) Unable to create HTTPS connection using *ECDH_RSA* cipher suites / kECDHr cipher string

[David Lloyd (JIRA)]

    [ https://issues.jboss.org/browse/ELY-384?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13138533#comment-13138533 ] 

David Lloyd commented on ELY-384:
---------------------------------

Once ELY-389 is merged it should become very clear what is happening here.

> Unable to create HTTPS connection using *ECDH_RSA* cipher suites / kECDHr cipher string
> ---------------------------------------------------------------------------------------
>
>                 Key: ELY-384
>                 URL: https://issues.jboss.org/browse/ELY-384
>             Project: WildFly Elytron
>          Issue Type: Bug
>          Components: SSL
>    Affects Versions: 1.0.2.Final
>         Environment: Oracle Java
>            Reporter: Martin Choma
>            Assignee: Darran Lofthouse
>            Priority: Critical
>         Attachments: client_debug_eap6.log, client_debug_eap7.log, server-cert-key-ec.jks, server_debug_eap6.log, server_debug_eap7.log
>
>
> User using these cipher suites / cipher name in EAP6 won't be able to use it in EAP7. 
> Setting as critical as these cipher suites, are considered for strong and widely used in my opinion.
> In server log, error "no cipher suites in common" can be seen using -Djavax.net.debug=all.
> Note, that analogous configuration in EAP6 works fine.
> Issue can be seen on Oracle Java only, as on OpenJDK / IBM these suites are not provided by method getDefaultCipherSuites(). 
> Also is it possible to log "no cipher suites in common" and similar tls handshake errors without -Djavax.net.debug for better troubleshooting?



--
This message was sent by Atlassian JIRA
(v6.4.11#64026)