[jboss-jira] [JBoss JIRA] (ELY-1605) ELY05016: Unrecognized token for CCM mode cipher suites.

Martin Choma (JIRA) issues at jboss.org
Wed Jul 4 05:30:00 EDT 2018 

    [ https://issues.jboss.org/browse/ELY-1605?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13600134#comment-13600134 ] 

Martin Choma edited comment on ELY-1605 at 7/4/18 5:29 AM:
-----------------------------------------------------------

This brings up bigger question. I know there was discussed we should revise/update database and defaults with each release. But I can't find any such blocker JIRA. Should I create one?

Trying few  from java cipher suite list [1]. I have noticed:
* Elytron is missing CHACHA20 variants introduced in [rfc 7905|http://tools.ietf.org/html/rfc7905]
* missing ciphersuites from RFC 6209
* ...

[1] https://docs.oracle.com/javase/10/docs/specs/security/standard-names.html#jsse-cipher-suite-names


was (Author: mchoma):
This brings up bigger question. I know there was discussed we should revise/update database and defaults with each release. But I can't find any such blocker JIRA. Should I create one?

> ELY05016: Unrecognized token for CCM mode cipher suites.
> --------------------------------------------------------
>
>                 Key: ELY-1605
>                 URL: https://issues.jboss.org/browse/ELY-1605
>             Project: WildFly Elytron
>          Issue Type: Bug
>          Components: SSL
>    Affects Versions: 1.3.3.Final
>            Reporter: Martin Choma
>            Priority: Critical
>
> {code}
> /subsystem=elytron/server-ssl-context=a:add(cipher-suite-filter="TLS_RSA_WITH_AES_256_CCM,TLS_RSA_WITH_AES_128_CCM")
> {
>     "outcome" => "failed",
>     "failure-description" => "WFLYELY01017: Invalid value for cipher-suite-filter. ELY05016: Unrecognized token \"TLS_RSA_WITH_AES_256_CCM\" in mechanism selection string \"TLS_RSA_WITH_AES_256_CCM,TLS_RSA_WITH_AES_128_CCM\"",
>     "rolled-back" => true
> }
> {code}
> This is probably simply because MechanismDatabase.properties does not know CCM cipher suites.
> Marking as Critical because both of ciphersuites from reproducer are listed as FIPS cipher suites for FIPS BC TLS [1]
> These two ciphersuites (TLS_RSA_WITH_AES_256_CCM,TLS_RSA_WITH_AES_128_CCM) are introduced in [rfc6655|https://tools.ietf.org/html/rfc6655].
> [1] https://downloads.bouncycastle.org/fips-java/BC-FJA-(D)TLSUserGuide-1.0.5.pdf
> [2] https://tools.ietf.org/html/rfc6655



--
This message was sent by Atlassian JIRA
(v7.5.0#75005)

More information about the jboss-jira mailing list