[jboss-jira] [JBoss JIRA] (JGRP-2152) ASYM_ENCRYPT failure on Wildfly 10.1.0

Richard Achmatowicz (JIRA) issues at jboss.org
Thu Jan 12 14:47:00 EST 2017 

    [ https://issues.jboss.org/browse/JGRP-2152?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13347510#comment-13347510 ] 

Richard Achmatowicz commented on JGRP-2152:
-------------------------------------------

I added an ASYM_ENCRYT layer to the server configuration for the clustering testsuite and turned on TRACE logging for the ASYM_ENCRYPT protocol. Here is the stack:
{noformat}
<stack name="tcp">
    <transport type="TCP" socket-binding="jgroups-tcp"/>
    <protocol type="MPING" socket-binding="jgroups-mping">
        <property name="ip_ttl">0</property>
    </protocol>
    <protocol type="MERGE3"/>
    <protocol type="FD_SOCK" socket-binding="jgroups-tcp-fd"/>
    <protocol type="FD"/>
    <protocol type="VERIFY_SUSPECT"/>
    <protocol type="ASYM_ENCRYPT">
       <property name="encrypt_entire_message">true</property>
       <property name="asym_keylength">512</property>
       <property name="asym_algorithm">RSA</property>
    </protocol>
   <protocol type="pbcast.NAKACK2"/>
   <protocol type="UNICAST3"/>
   <protocol type="pbcast.STABLE"/>
   <protocol type="pbcast.GMS"/>
   <protocol type="MFC"/>
   <protocol type="FRAG2"/>
</stack>
{noformat}

The clustering tests pass with the old config and fail with the new config. One such test, CdiFailoverTestCase, fails with the same error message as in this issue. In this test, two servers, node-0 and node-1, are started. Then node-1 is stopped and then restarted, followed by node-0 which is stolled and then retsrated. Looking at the logs, encryption seems to be progressing normally until the time at which node-1 is restarted. Then messages start getting enqueued and the cipher is reported as being null.

I am attaching the files containing the server logs.

So this might be a JGroups issue. 

> ASYM_ENCRYPT failure on Wildfly 10.1.0
> --------------------------------------
>
>                 Key: JGRP-2152
>                 URL: https://issues.jboss.org/browse/JGRP-2152
>             Project: JGroups
>          Issue Type: Bug
>    Affects Versions: 3.6.10
>            Reporter: Matt Wringe
>            Assignee: Bela Ban
>             Fix For: 4.0, 3.6.13
>
>         Attachments: hawkular-metrics-1.log, hawkular-metrics-2.log, standalone.xml
>
>
> Using ASYM_ENCRYPT on Wildfly 10.1.0 seems to be broken.
> I am using the parameters for ASYM_ENCRYPT specified in http://www.jgroups.org/manual/index.html#Security
> Note: running with SYM_ENCRYPT doesn't cause any issues and it works fine with my setup. Its only ASYM_ENCRYPT which is currently failing.
> Note: running this on EAP fails in a similar manner.
> Eg:
> <protocol type="ASYM_ENCRYPT">
>   <property name="encrypt_entire_message">true</property>
>   <property name="sym_keylength">128</property>
>   <property name="sym_algorithm">AES/ECB/PKCS5Padding</property>
>   <property name="asym_keylength">512</property>
>   <property name="asym_algorithm">RSA</property>
> </protocol>
> If I run a single instance, then I don't see any problems appear in the logs. Its when I start a second instance that I start to see errors about unrecognised ciphers and timeouts.



--
This message was sent by Atlassian JIRA
(v7.2.3#72005)

More information about the jboss-jira mailing list