[jboss-jira] [JBoss JIRA] (WFCORE-1437) Using JKS truststore leads to "FIPS mode: only SunJSSE TrustManagers may be used"
Brian Stansberry (JIRA)
issues at jboss.org
Wed Mar 16 13:01:01 EDT 2016
[ https://issues.jboss.org/browse/WFCORE-1437?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Brian Stansberry moved JBEAP-3853 to WFCORE-1437:
-------------------------------------------------
Project: WildFly Core (was: JBoss Enterprise Application Platform)
Key: WFCORE-1437 (was: JBEAP-3853)
Workflow: GIT Pull Request workflow (was: CDW with loose statuses v1)
Component/s: Domain Management
Security
(was: Domain Management)
(was: Security)
Target Release: (was: 7.0.0.GA)
Affects Version/s: 2.1.0.CR1
(was: 7.0.0.ER6)
> Using JKS truststore leads to "FIPS mode: only SunJSSE TrustManagers may be used"
> ---------------------------------------------------------------------------------
>
> Key: WFCORE-1437
> URL: https://issues.jboss.org/browse/WFCORE-1437
> Project: WildFly Core
> Issue Type: Bug
> Components: Domain Management, Security
> Affects Versions: 2.1.0.CR1
> Environment: Oracle java in Fips mode
> Reporter: Martin Choma
> Assignee: Darran Lofthouse
> Priority: Blocker
>
> User can't start domain in FIPS mode when JKS truststore is used in master <-> slave host controllers communication. (Using PKCS11 keystore works well)
> {code}
> [Host Controller] ^[[0m^[[31m15:52:23,822 ERROR [org.jboss.msc.service.fail] (MSC service thread 1-8) MSC000001: Failed to start service jboss.server.controller.management.security_realm.SlaveManagementRealm.ssl-context-trust-only: org.jboss.msc.service.StartException in service jboss.server.controller.management.security_realm.SlaveManagementRealm.ssl-context-trust-only: WFLYDM0018: Unable to start service^[[0m
> [Host Controller] ^[[31m at org.jboss.as.domain.management.security.SSLContextService.start(SSLContextService.java:124)^[[0m
> [Host Controller] ^[[31m at org.jboss.msc.service.ServiceControllerImpl$StartTask.startService(ServiceControllerImpl.java:1948)^[[0m
> [Host Controller] ^[[31m at org.jboss.msc.service.ServiceControllerImpl$StartTask.run(ServiceControllerImpl.java:1881)^[[0m
> [Host Controller] ^[[31m at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)^[[0m
> [Host Controller] ^[[31m at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)^[[0m
> [Host Controller] ^[[31m at java.lang.Thread.run(Thread.java:745)^[[0m
> [Host Controller] ^[[31mCaused by: java.security.KeyManagementException: FIPS mode: only SunJSSE TrustManagers may be used^[[0m
> [Host Controller] ^[[31m at sun.security.ssl.SSLContextImpl.chooseTrustManager(SSLContextImpl.java:124)^[[0m
> [Host Controller] ^[[31m at sun.security.ssl.SSLContextImpl.engineInit(SSLContextImpl.java:87)^[[0m
> [Host Controller] ^[[31m at javax.net.ssl.SSLContext.init(SSLContext.java:282)^[[0m
> [Host Controller] ^[[31m at org.jboss.as.domain.management.security.SSLContextService.start(SSLContextService.java:87)^[[0m
> [Host Controller] ^[[31m ... 5 more^[[0m
> [Hos
> {code}
--
This message was sent by Atlassian JIRA
(v6.4.11#64026)
More information about the jboss-jira
mailing list