[jboss-jira] [JBoss JIRA] (ELY-1624) BC FIPS with CLI: Could not connect to remote+https://127.0.0.1:9993. The connection timed out

Martin Choma (JIRA) issues at jboss.org
Mon Aug 13 05:38:00 EDT 2018 

    [ https://issues.jboss.org/browse/ELY-1624?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13618050#comment-13618050 ] 

Martin Choma commented on ELY-1624:
-----------------------------------

[~fjuma] thank you for this deep investigation. This is really interesting. Couple of questions comes to my mind. 
- Does this change has performance implication? Eg. bigger memory footprint on environment with lot of ssl connections? Is it worth to have this parameter configurable (at least through system property in xnio)? So users have option to keep the old behaviour?
- How is it possible root exception was hidden to me?
- When will this fix make it into WF?

> BC FIPS with CLI: Could not connect to remote+https://127.0.0.1:9993. The connection timed out
> ----------------------------------------------------------------------------------------------
>
>                 Key: ELY-1624
>                 URL: https://issues.jboss.org/browse/ELY-1624
>             Project: WildFly Elytron
>          Issue Type: Bug
>          Components: SSL
>            Reporter: Martin Choma
>            Assignee: Farah Juma
>            Priority: Blocker
>         Attachments: eap_server.log, jboss-cli.log, keystore.bcfks, standalone.xml
>
>
> I am trying to connect from jboss-cli.sh to EAP server. Server and client run with BC FIPS.
> {code:java|title=jboss-cli.log}
> 11:48:08,992 TRACE [org.jboss.remoting.remote] Attempting to connect to "remote+https://127.0.0.1:9993" with options {org.xnio.Options.SSL_STARTTLS=>false,org.xnio.Options.SSL_ENABLED=>true}
> 11:48:14,005 ERROR [org.jboss.as.cli.impl.CliLauncher] Error processing CLI: org.jboss.as.cli.CliInitializationException: Failed to connect to the controller
>         at org.jboss.as.cli.impl.CliLauncher.initCommandContext(CliLauncher.java:330)
>         at org.jboss.as.cli.impl.CliLauncher.main(CliLauncher.java:304)
>         at org.jboss.as.cli.CommandLineMain.main(CommandLineMain.java:45)
>         at org.jboss.modules.Module.run(Module.java:352)
>         at org.jboss.modules.Module.run(Module.java:320)
>         at org.jboss.modules.Main.main(Main.java:593)
> Caused by: org.jboss.as.cli.CommandLineException: The controller is not available at 127.0.0.1:9993
>         at org.jboss.as.cli.impl.CommandContextImpl.tryConnection(CommandContextImpl.java:1447)
>         at org.jboss.as.cli.impl.CommandContextImpl.connectController(CommandContextImpl.java:1226)
>         at org.jboss.as.cli.impl.CommandContextImpl.connectController(CommandContextImpl.java:1203)
>         at org.jboss.as.cli.impl.CommandContextImpl.connectController(CommandContextImpl.java:1198)
>         at org.jboss.as.cli.impl.CliLauncher.initCommandContext(CliLauncher.java:328)
>         ... 5 more
> Caused by: java.io.IOException: java.net.ConnectException: WFLYPRT0023: Could not connect to remote+https://127.0.0.1:9993. The connection timed out
>         at org.jboss.as.controller.client.impl.AbstractModelControllerClient.executeForResult(AbstractModelControllerClient.java:149)
>         at org.jboss.as.controller.client.impl.AbstractModelControllerClient.execute(AbstractModelControllerClient.java:75)
>         at org.jboss.as.cli.impl.CommandContextImpl.tryConnection(CommandContextImpl.java:1394)
>         ... 9 more
> Caused by: java.net.ConnectException: WFLYPRT0023: Could not connect to remote+https://127.0.0.1:9993. The connection timed out
>         at org.jboss.as.protocol.ProtocolConnectionUtils.connectSync(ProtocolConnectionUtils.java:130)
>         at org.jboss.as.protocol.ProtocolConnectionManager$EstablishingConnection.connect(ProtocolConnectionManager.java:259)
>         at org.jboss.as.protocol.ProtocolConnectionManager.connect(ProtocolConnectionManager.java:70)
>         at org.jboss.as.protocol.mgmt.ManagementClientChannelStrategy$Establishing.getChannel(ManagementClientChannelStrategy.java:167)
>         at org.jboss.as.cli.impl.CLIModelControllerClient.getOrCreateChannel(CLIModelControllerClient.java:192)
>         at org.jboss.as.cli.impl.CLIModelControllerClient$2.getChannel(CLIModelControllerClient.java:126)
>         at org.jboss.as.protocol.mgmt.ManagementChannelHandler.executeRequest(ManagementChannelHandler.java:135)
>         at org.jboss.as.protocol.mgmt.ManagementChannelHandler.executeRequest(ManagementChannelHandler.java:110)
>         at org.jboss.as.controller.client.impl.AbstractModelControllerClient.executeRequest(AbstractModelControllerClient.java:263)
>         at org.jboss.as.controller.client.impl.AbstractModelControllerClient.execute(AbstractModelControllerClient.java:168)
>         at org.jboss.as.controller.client.impl.AbstractModelControllerClient.executeForResult(AbstractModelControllerClient.java:147)
> {code}
> It works when I use 
> - non-FIPS java for CLI and FIPS java for server when connecting to secured 9993 port
> - FIPS java for CLI and non-FIPS java for server when connecting to unsecured port 9990
> Here I get getting over ELY-1621 and ELY-1622
> I would appreciate any hint for way of investigation.



--
This message was sent by Atlassian JIRA
(v7.5.0#75005)

More information about the jboss-jira mailing list