[jboss-jira] [JBoss JIRA] (WFCORE-4051) KeyManagementException: FIPS mode: only SunJSSE TrustManagers may be used

Martin Choma (JIRA) issues at jboss.org
Tue Aug 21 07:09:00 EDT 2018 

Martin Choma created WFCORE-4051:
------------------------------------

             Summary: KeyManagementException: FIPS mode: only SunJSSE TrustManagers may be used
                 Key: WFCORE-4051
                 URL: https://issues.jboss.org/browse/WFCORE-4051
             Project: WildFly Core
          Issue Type: Bug
          Components: Security
    Affects Versions: 6.0.0.CR2
            Reporter: Martin Choma
            Assignee: Darran Lofthouse
            Priority: Blocker


Creating 2-way SSL Context fails with error.

{code}
12:04:28,689 ERROR [org.jboss.msc.service.fail] (MSC service thread 1-4) MSC000001: Failed to start service org.wildfly.security.ssl-context.ssl-context-client-cert: org.jboss.msc.service.StartException in service org.wildfly.security.ssl-context.ssl-context-client-cert: java.security.KeyManagementException: FIPS mode: only SunJSSE TrustManagers may be used
	at org.wildfly.extension.elytron.SSLDefinitions$6.lambda$getValueSupplier$1(SSLDefinitions.java:982)
	at org.wildfly.extension.elytron.TrivialService.start(TrivialService.java:53)
	at org.jboss.msc.service.ServiceControllerImpl$StartTask.startService(ServiceControllerImpl.java:1736)
	at org.jboss.msc.service.ServiceControllerImpl$StartTask.execute(ServiceControllerImpl.java:1698)
	at org.jboss.msc.service.ServiceControllerImpl$ControllerTask.run(ServiceControllerImpl.java:1556)
	at org.jboss.threads.ContextClassLoaderSavingRunnable.run(ContextClassLoaderSavingRunnable.java:35)
	at org.jboss.threads.EnhancedQueueExecutor.safeRun(EnhancedQueueExecutor.java:1985)
	at org.jboss.threads.EnhancedQueueExecutor$ThreadBody.doRunTask(EnhancedQueueExecutor.java:1487)
	at org.jboss.threads.EnhancedQueueExecutor$ThreadBody.run(EnhancedQueueExecutor.java:1378)
	at java.lang.Thread.run(Thread.java:748)
Caused by: java.security.KeyManagementException: FIPS mode: only SunJSSE TrustManagers may be used
	at sun.security.ssl.SSLContextImpl.chooseTrustManager(SSLContextImpl.java:115)
	at sun.security.ssl.SSLContextImpl.engineInit(SSLContextImpl.java:78)
	at javax.net.ssl.SSLContext.init(SSLContext.java:282)
	at org.wildfly.security.ssl.SSLContextBuilder.lambda$build$0(SSLContextBuilder.java:372)
	at org.wildfly.security.OneTimeSecurityFactory.create(OneTimeSecurityFactory.java:53)
	at org.wildfly.extension.elytron.SSLDefinitions$6.lambda$getValueSupplier$1(SSLDefinitions.java:980)
	... 9 more

12:04:28,690 ERROR [org.jboss.as.controller.management-operation] (management-handler-thread - 1) WFLYCTL0013: Operation ("add") failed - address: ([
    ("subsystem" => "elytron"),
    ("server-ssl-context" => "ssl-context-client-cert")
]) - failure description: {"WFLYCTL0080: Failed services" => {"org.wildfly.security.ssl-context.ssl-context-client-cert" => "java.security.KeyManagementException: FIPS mode: only SunJSSE TrustManagers may be used
    Caused by: java.security.KeyManagementException: FIPS mode: only SunJSSE TrustManagers may be used"}}
{code}

Seems DelegatingTrustManager is created always.



--
This message was sent by Atlassian JIRA
(v7.5.0#75005)

More information about the jboss-jira mailing list