[jboss-jira] [JBoss JIRA] (ELY-438) There is not possibility to use alternative JSSE Cipher Suite Names for IBM JDK
Darran Lofthouse (JIRA)
issues at jboss.org
Fri Jul 29 11:16:01 EDT 2016
[ https://issues.jboss.org/browse/ELY-438?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Darran Lofthouse resolved ELY-438.
----------------------------------
Resolution: Done
> There is not possibility to use alternative JSSE Cipher Suite Names for IBM JDK
> -------------------------------------------------------------------------------
>
> Key: ELY-438
> URL: https://issues.jboss.org/browse/ELY-438
> Project: WildFly Elytron
> Issue Type: Bug
> Components: SSL
> Reporter: Hynek Švábek
> Assignee: Darran Lofthouse
> Priority: Blocker
> Fix For: 1.1.0.Beta8, 1.0.3.CR1
>
>
> There is not possibility to use alternative JSSE Cipher Suite Names for IBM JDK8
> Interchange TLS prefix to SSL and vice versa is not supported.
> Here is list of standard JSSE Cipher Suite Names
> http://docs.oracle.com/javase/8/docs/technotes/guides/security/StandardNames.html#ciphersuites
> In my opinion this file is mapping file for our purpose. It is?
> https://github.com/wildfly-security/wildfly-elytron/blob/master/src/main/java/org/wildfly/security/ssl/MechanismDatabase.properties
> For IBM JDK are different JSSE Cipher Suite Names (different prefix).
> Most items from this list are missing in MechanismDatabase.properties mentioned above.
> http://www.ibm.com/support/knowledgecenter/SSYKE2_8.0.0/com.ibm.java.security.component.80.doc/security-component/jsse2Docs/ciphersuites.html?lang=cs
> For example:
> JSSE Cipher Suite Name *SSL_ECDHE_RSA_WITH_AES_128_CBC_SHA* is only defined for IBM JDK.
> It is *TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA* for Oracle JDK.
> If I try start server with JSSE Cipher Suite Name *SSL_ECDHE_RSA_WITH_AES_128_CBC_SHA* I will get this error:
> {code}
> 16:55:25,594 ERROR [org.jboss.msc.service.fail] (MSC service thread 1-2) MSC000001: Failed to start service jboss.undertow.listener.https: org.jboss.msc.service.StartException in service jboss.undertow.listener.https: Failed to start service
> at org.jboss.msc.service.ServiceControllerImpl$StartTask.run(ServiceControllerImpl.java:1904)
> at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1153)
> at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:628)
> at java.lang.Thread.run(Thread.java:785)
> Caused by: java.lang.IllegalArgumentException: ELY05017: Token "SSL_ECDHE_RSA_WITH_AES_128_CBC_SHA" not allowed at offset 33 of mechanism selection string "SSL_ECDHE_RSA_WITH_AES_128_CBC_SHA"
> at org.wildfly.security.ssl.CipherSuiteSelector.fromString(CipherSuiteSelector.java:399)
> at org.wildfly.extension.undertow.HttpsListenerService.startListening(HttpsListenerService.java:125)
> at org.wildfly.extension.undertow.ListenerService.start(ListenerService.java:138)
> at org.jboss.msc.service.ServiceControllerImpl$StartTask.startService(ServiceControllerImpl.java:1948)
> at org.jboss.msc.service.ServiceControllerImpl$StartTask.run(ServiceControllerImpl.java:1881)
> ... 3 more
> 16:55:25,598 ERROR [org.jboss.as.controller.management-operation] (Controller Boot Thread) WFLYCTL0013: Operation ("add") failed - address: ([
> ("subsystem" => "undertow"),
> ("server" => "default-server"),
> ("https-listener" => "https")
> ]) - failure description: {"WFLYCTL0080: Failed services" => {"jboss.undertow.listener.https" => "org.jboss.msc.service.StartException in service jboss.undertow.listener.https: Failed to start service
> Caused by: java.lang.IllegalArgumentException: ELY05017: Token \"SSL_ECDHE_RSA_WITH_AES_128_CBC_SHA\" not allowed at offset 33 of mechanism selection string \"SSL_ECDHE_RSA_WITH_AES_128_CBC_SHA\""}}
> {code}
--
This message was sent by Atlassian JIRA
(v6.4.11#64026)
More information about the jboss-jira
mailing list