[jboss-jira] [JBoss JIRA] (ELY-1624) BC FIPS with CLI: Could not connect to remote+https://127.0.0.1:9993. The connection timed out

Farah Juma (JIRA) issues at jboss.org
Mon Aug 13 10:16:00 EDT 2018 

    [ https://issues.jboss.org/browse/ELY-1624?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13618263#comment-13618263 ] 

Farah Juma commented on ELY-1624:
---------------------------------

[~mchoma] Stuart reviewed and approved the fix. He noted that it does waste memory when not using Bouncy Castle but he also said that any other fix would be very invasive. This parameter isn't currently configurable, but we could look at making it configurable in the future. 

The IllegalArgumentException was being thrown in [RemoteConnectionProvider#createSslConnection()|https://github.com/jboss-remoting/jboss-remoting/blob/b35f0c57c99e1e67d5db17743f32d77c4188ac40/src/main/java/org/jboss/remoting3/remote/RemoteConnectionProvider.java#L271] preventing [ServerConnectionOpenListener#handleEvent()|https://github.com/jboss-remoting/jboss-remoting/blob/b35f0c57c99e1e67d5db17743f32d77c4188ac40/src/main/java/org/jboss/remoting3/remote/RemoteConnectionProvider.java#L283] from being called so the connection would just time out.

The PR to get this into WildFly Core is here:

https://github.com/wildfly/wildfly-core/pull/3450

> BC FIPS with CLI: Could not connect to remote+https://127.0.0.1:9993. The connection timed out
> ----------------------------------------------------------------------------------------------
>
>                 Key: ELY-1624
>                 URL: https://issues.jboss.org/browse/ELY-1624
>             Project: WildFly Elytron
>          Issue Type: Bug
>          Components: SSL
>            Reporter: Martin Choma
>            Assignee: Farah Juma
>            Priority: Blocker
>         Attachments: eap_server.log, jboss-cli.log, keystore.bcfks, standalone.xml
>
>
> I am trying to connect from jboss-cli.sh to EAP server. Server and client run with BC FIPS.
> {code:java|title=jboss-cli.log}
> 11:48:08,992 TRACE [org.jboss.remoting.remote] Attempting to connect to "remote+https://127.0.0.1:9993" with options {org.xnio.Options.SSL_STARTTLS=>false,org.xnio.Options.SSL_ENABLED=>true}
> 11:48:14,005 ERROR [org.jboss.as.cli.impl.CliLauncher] Error processing CLI: org.jboss.as.cli.CliInitializationException: Failed to connect to the controller
>         at org.jboss.as.cli.impl.CliLauncher.initCommandContext(CliLauncher.java:330)
>         at org.jboss.as.cli.impl.CliLauncher.main(CliLauncher.java:304)
>         at org.jboss.as.cli.CommandLineMain.main(CommandLineMain.java:45)
>         at org.jboss.modules.Module.run(Module.java:352)
>         at org.jboss.modules.Module.run(Module.java:320)
>         at org.jboss.modules.Main.main(Main.java:593)
> Caused by: org.jboss.as.cli.CommandLineException: The controller is not available at 127.0.0.1:9993
>         at org.jboss.as.cli.impl.CommandContextImpl.tryConnection(CommandContextImpl.java:1447)
>         at org.jboss.as.cli.impl.CommandContextImpl.connectController(CommandContextImpl.java:1226)
>         at org.jboss.as.cli.impl.CommandContextImpl.connectController(CommandContextImpl.java:1203)
>         at org.jboss.as.cli.impl.CommandContextImpl.connectController(CommandContextImpl.java:1198)
>         at org.jboss.as.cli.impl.CliLauncher.initCommandContext(CliLauncher.java:328)
>         ... 5 more
> Caused by: java.io.IOException: java.net.ConnectException: WFLYPRT0023: Could not connect to remote+https://127.0.0.1:9993. The connection timed out
>         at org.jboss.as.controller.client.impl.AbstractModelControllerClient.executeForResult(AbstractModelControllerClient.java:149)
>         at org.jboss.as.controller.client.impl.AbstractModelControllerClient.execute(AbstractModelControllerClient.java:75)
>         at org.jboss.as.cli.impl.CommandContextImpl.tryConnection(CommandContextImpl.java:1394)
>         ... 9 more
> Caused by: java.net.ConnectException: WFLYPRT0023: Could not connect to remote+https://127.0.0.1:9993. The connection timed out
>         at org.jboss.as.protocol.ProtocolConnectionUtils.connectSync(ProtocolConnectionUtils.java:130)
>         at org.jboss.as.protocol.ProtocolConnectionManager$EstablishingConnection.connect(ProtocolConnectionManager.java:259)
>         at org.jboss.as.protocol.ProtocolConnectionManager.connect(ProtocolConnectionManager.java:70)
>         at org.jboss.as.protocol.mgmt.ManagementClientChannelStrategy$Establishing.getChannel(ManagementClientChannelStrategy.java:167)
>         at org.jboss.as.cli.impl.CLIModelControllerClient.getOrCreateChannel(CLIModelControllerClient.java:192)
>         at org.jboss.as.cli.impl.CLIModelControllerClient$2.getChannel(CLIModelControllerClient.java:126)
>         at org.jboss.as.protocol.mgmt.ManagementChannelHandler.executeRequest(ManagementChannelHandler.java:135)
>         at org.jboss.as.protocol.mgmt.ManagementChannelHandler.executeRequest(ManagementChannelHandler.java:110)
>         at org.jboss.as.controller.client.impl.AbstractModelControllerClient.executeRequest(AbstractModelControllerClient.java:263)
>         at org.jboss.as.controller.client.impl.AbstractModelControllerClient.execute(AbstractModelControllerClient.java:168)
>         at org.jboss.as.controller.client.impl.AbstractModelControllerClient.executeForResult(AbstractModelControllerClient.java:147)
> {code}
> It works when I use 
> - non-FIPS java for CLI and FIPS java for server when connecting to secured 9993 port
> - FIPS java for CLI and non-FIPS java for server when connecting to unsecured port 9990
> Here I get getting over ELY-1621 and ELY-1622
> I would appreciate any hint for way of investigation.



--
This message was sent by Atlassian JIRA
(v7.5.0#75005)

More information about the jboss-jira mailing list