[jboss-jira] [JBoss JIRA] (ELY-1605) ELY05016: Unrecognized token for CCM mode cipher suites.

Martin Choma (JIRA) issues at jboss.org
Wed Jul 4 05:15:00 EDT 2018 

     [ https://issues.jboss.org/browse/ELY-1605?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Martin Choma updated ELY-1605:
------------------------------
    Description: 
{code}
/subsystem=elytron/server-ssl-context=a:add(cipher-suite-filter="TLS_RSA_WITH_AES_256_CCM,TLS_RSA_WITH_AES_128_CCM")
{
    "outcome" => "failed",
    "failure-description" => "WFLYELY01017: Invalid value for cipher-suite-filter. ELY05016: Unrecognized token \"TLS_RSA_WITH_AES_256_CCM\" in mechanism selection string \"TLS_RSA_WITH_AES_256_CCM,TLS_RSA_WITH_AES_128_CCM\"",
    "rolled-back" => true
}
{code}

This is probably simply because MechanismDatabase.properties does not know CCM cipher suites.

Marking as Critical because both of ciphersuites from reproducer are listed as FIPS cipher suites for FIPS BC TLS [1]

These two ciphersuites (TLS_RSA_WITH_AES_256_CCM,TLS_RSA_WITH_AES_128_CCM) are introduced in [rfc6655|https://tools.ietf.org/html/rfc6655].

[1] https://downloads.bouncycastle.org/fips-java/BC-FJA-(D)TLSUserGuide-1.0.5.pdf
[2] https://tools.ietf.org/html/rfc6655

  was:
{code}
/subsystem=elytron/server-ssl-context=a:add(cipher-suite-filter="TLS_RSA_WITH_AES_256_CCM,TLS_RSA_WITH_AES_128_CCM")
{
    "outcome" => "failed",
    "failure-description" => "WFLYELY01017: Invalid value for cipher-suite-filter. ELY05016: Unrecognized token \"TLS_RSA_WITH_AES_256_CCM\" in mechanism selection string \"TLS_RSA_WITH_AES_256_CCM,TLS_RSA_WITH_AES_128_CCM\"",
    "rolled-back" => true
}
{code}

This is probably simply because MechanismDatabase.properties does not know CCM cipher suites.

Marking as Critical because both of ciphersuites from reproducer are listed as FIPS cipher suites for FIPS BC TLS [1]

[1] https://downloads.bouncycastle.org/fips-java/BC-FJA-(D)TLSUserGuide-1.0.5.pdf



> ELY05016: Unrecognized token for CCM mode cipher suites.
> --------------------------------------------------------
>
>                 Key: ELY-1605
>                 URL: https://issues.jboss.org/browse/ELY-1605
>             Project: WildFly Elytron
>          Issue Type: Bug
>          Components: SSL
>    Affects Versions: 1.3.3.Final
>            Reporter: Martin Choma
>            Priority: Critical
>
> {code}
> /subsystem=elytron/server-ssl-context=a:add(cipher-suite-filter="TLS_RSA_WITH_AES_256_CCM,TLS_RSA_WITH_AES_128_CCM")
> {
>     "outcome" => "failed",
>     "failure-description" => "WFLYELY01017: Invalid value for cipher-suite-filter. ELY05016: Unrecognized token \"TLS_RSA_WITH_AES_256_CCM\" in mechanism selection string \"TLS_RSA_WITH_AES_256_CCM,TLS_RSA_WITH_AES_128_CCM\"",
>     "rolled-back" => true
> }
> {code}
> This is probably simply because MechanismDatabase.properties does not know CCM cipher suites.
> Marking as Critical because both of ciphersuites from reproducer are listed as FIPS cipher suites for FIPS BC TLS [1]
> These two ciphersuites (TLS_RSA_WITH_AES_256_CCM,TLS_RSA_WITH_AES_128_CCM) are introduced in [rfc6655|https://tools.ietf.org/html/rfc6655].
> [1] https://downloads.bouncycastle.org/fips-java/BC-FJA-(D)TLSUserGuide-1.0.5.pdf
> [2] https://tools.ietf.org/html/rfc6655



--
This message was sent by Atlassian JIRA
(v7.5.0#75005)

More information about the jboss-jira mailing list