[jboss-jira] [JBoss JIRA] (WFCORE-2689) Elytron, unable to use elytron ssl-context in server to host controller communication

Martin Choma (JIRA) issues at jboss.org
Wed Apr 19 07:58:00 EDT 2017 

Martin Choma created WFCORE-2689:
------------------------------------

             Summary: Elytron, unable to use elytron ssl-context in server to host controller communication
                 Key: WFCORE-2689
                 URL: https://issues.jboss.org/browse/WFCORE-2689
             Project: WildFly Core
          Issue Type: Bug
          Components: Security
            Reporter: Martin Choma
            Assignee: Darran Lofthouse
            Priority: Blocker


In legacy there is possible to configure ssl context for the connection from the application server back to it's host controller in domain mode. This legacy configuration was added based on JBEAP-2514.

I don't see Elytron alternative, such it would be possible to configure Elytron client ssl context.

I have verified it is still possible to successfully configure domain mode in FIPS mode mixing 2 approaches:
* Elytron for controller to controller communication 
* Legacy for server to controller communication. 


{code:title=wildfly-config_5_0.xsd}
    <xs:complexType name="serverType">
        <xs:all>
            <xs:element name="paths" type="specified-pathsType" minOccurs="0" maxOccurs="1" />

            <xs:element name="interfaces" type="specified-interfacesType" minOccurs="0"/>
            <xs:element name="socket-bindings" type="server-socket-bindingsType" minOccurs="0"/>

            <!--<xs:element name="loggers" type="loggersType" minOccurs="0"/>-->
            <xs:element name="system-properties" type="properties-with-boottime" minOccurs="0"/>
            <xs:element name="jvm" minOccurs="0" type="serverJvmType"/>

            <xs:element name="ssl" minOccurs="0" type="server-sslType">
                <xs:annotation>
                    <xs:documentation>
                        Configuration of the SSLContext used for the connection from the application server back to it's host controller.
                    </xs:documentation>
                </xs:annotation>
            </xs:element>
        </xs:all>
        <xs:attribute name="name" type="xs:string" use="required"/>
        <xs:attribute name="group" type="xs:string" use="required"/>
        <xs:attribute name="auto-start" type="xs:boolean" default="true"/>
        <xs:attribute name="update-auto-start-with-server-status" type="xs:boolean" default="false">
            <xs:annotation>
                <xs:documentation>
                    Iif the server last status (STARTED or STOPPED) is to be used to define the value of auto-start.
                </xs:documentation>
            </xs:annotation>
        </xs:attribute>
    </xs:complexType>
{code}

I found issue now as:
* RFE was switched into Verificaiton TODO in DR16
* There existed and still exists couple of related issues (JBEAP-8147, JBEAP-10060, JBEAP-9630) which hint this area is not working properly, so focus was on another areas.





--
This message was sent by Atlassian JIRA
(v7.2.3#72005)

More information about the jboss-jira mailing list