[jboss-jira] [JBoss JIRA] (WFLY-8800) JBoss CLI run with IBM JDK is not able to use secure connection when server uses Elytron ssl-context
Ondrej Lukas (JIRA)
issues at jboss.org
Thu May 18 04:55:01 EDT 2017
[ https://issues.jboss.org/browse/WFLY-8800?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Ondrej Lukas updated WFLY-8800:
-------------------------------
Description:
In case SSL through Elytron ssl-context is configured for management interface then JBoss CLI is not able to authenticate when it is run with IBM JDK.
It works correctly when
* Legacy SSL is used instead of Elytron ssl-context
* or non-IBM JDK is used for JBoss CLI
* or only authentication without SSL is used
It fails for http-interface as well as native-interface.
When different client is used for connection to management interface (I tried it with ModelControllerClient) then authentication and SSL works correctly.
For http-interface following output of CLI is print:
{code}
Failed to connect to the controller: The controller is not available at localhost:9993: java.net.ConnectException: WFLYPRT0053: Could not connect to remote+https://localhost:9993. The connection failed: WFLYPRT0053: Could not connect to remote+https://localhost:9993. The connection failed: java.nio.channels.ClosedChannelException
{code}
For native-interface following output of CLI is print:
{code}
Failed to connect to the controller: Unable to negotiate SSL connection with controller at localhost:9999
{code}
was:
In case SSL through Elytron ssl-context is configured for management interface then JBoss CLI is not able to authenticate when it is run with IBM JDK.
It works correctly when
* Legacy SSL is used instead of Elytron ssl-context
* or non-IBM JDK is used for JBoss CLI
* or only authentication without SSL is used
It fails for http-interface as well as native-interface.
When different client is used for connection to management interface (I tried it with ModelControllerClient) then authentication and SSL works correctly.
For http-interface following output of CLI is print:
{code}
Failed to connect to the controller: The controller is not available at localhost:9993: java.net.ConnectException: WFLYPRT0053: Could not connect to remote+https://localhost:9993. The connection failed: WFLYPRT0053: Could not connect to remote+https://localhost:9993. The connection failed: java.nio.channels.ClosedChannelException
{code}
For native-interface following output of CLI is print:
{code}
Failed to connect to the controller: Unable to negotiate SSL connection with controller at localhost:9999
{code}
This issues is reported in EAP 7.1.0.DR18 because previous versions have not been able to start application server with IBM JDK. We request blocker since IBM JDK is supported and missing ability to connect to application server with secured connection blocks RFE EAP7-628.
> JBoss CLI run with IBM JDK is not able to use secure connection when server uses Elytron ssl-context
> ----------------------------------------------------------------------------------------------------
>
> Key: WFLY-8800
> URL: https://issues.jboss.org/browse/WFLY-8800
> Project: WildFly
> Issue Type: Bug
> Components: CLI, Security
> Reporter: Ondrej Lukas
> Assignee: Darran Lofthouse
> Priority: Blocker
>
> In case SSL through Elytron ssl-context is configured for management interface then JBoss CLI is not able to authenticate when it is run with IBM JDK.
> It works correctly when
> * Legacy SSL is used instead of Elytron ssl-context
> * or non-IBM JDK is used for JBoss CLI
> * or only authentication without SSL is used
> It fails for http-interface as well as native-interface.
> When different client is used for connection to management interface (I tried it with ModelControllerClient) then authentication and SSL works correctly.
> For http-interface following output of CLI is print:
> {code}
> Failed to connect to the controller: The controller is not available at localhost:9993: java.net.ConnectException: WFLYPRT0053: Could not connect to remote+https://localhost:9993. The connection failed: WFLYPRT0053: Could not connect to remote+https://localhost:9993. The connection failed: java.nio.channels.ClosedChannelException
> {code}
> For native-interface following output of CLI is print:
> {code}
> Failed to connect to the controller: Unable to negotiate SSL connection with controller at localhost:9999
> {code}
--
This message was sent by Atlassian JIRA
(v7.2.3#72005)
More information about the jboss-jira
mailing list