[jboss-jira] [JBoss JIRA] (ELY-1618) TLS with BCJSSE Provider does not work

Fri Jul 27 09:00:00 EDT 2018

Martin Choma created ELY-1618:
---------------------------------

             Summary: TLS with BCJSSE Provider does not work
                 Key: ELY-1618
                 URL: https://issues.jboss.org/browse/ELY-1618
             Project: WildFly Elytron
          Issue Type: Bug
          Components: SSL
    Affects Versions: 1.4.0.Final
            Reporter: Martin Choma
            Priority: Blocker

When I configure BouncyCastleJsseProvider to by only possible provider providing TLS TLS does not work with exception

{code} 
14:07:53,905 TRACE [org.wildfly.security] (MSC service thread 1-4) No SSLContext provided by providers in SSLUtils: [BCFIPS version 1.01, BCJSSE version 1.0005, SUN version 1.8, ApacheXMLDSig version 2.11, SunJCE version 1.8, TLSP version 1.0, WildFlyElytron version 1.0]
14:07:53,906 ERROR [org.jboss.msc.service.fail] (MSC service thread 1-4) MSC000001: Failed to start service org.wildfly.security.ssl-context.test-server-ssl-context: org.jboss.msc.service.StartException in service org.wildfly.security.ssl-context.test-server-ssl-context: java.security.NoSuchAlgorithmException: ELY04001: No algorithm found matching TLS/SSL protocol selection criteria
	at org.wildfly.extension.elytron.SSLDefinitions$6.lambda$getValueSupplier$1(SSLDefinitions.java:926)
	at org.wildfly.extension.elytron.TrivialService.start(TrivialService.java:53)
	at org.jboss.msc.service.ServiceControllerImpl$StartTask.startService(ServiceControllerImpl.java:1736)
	at org.jboss.msc.service.ServiceControllerImpl$StartTask.execute(ServiceControllerImpl.java:1698)
	at org.jboss.msc.service.ServiceControllerImpl$ControllerTask.run(ServiceControllerImpl.java:1556)
	at org.jboss.threads.ContextClassLoaderSavingRunnable.run(ContextClassLoaderSavingRunnable.java:35)
	at org.jboss.threads.EnhancedQueueExecutor.safeRun(EnhancedQueueExecutor.java:1985)
	at org.jboss.threads.EnhancedQueueExecutor$ThreadBody.doRunTask(EnhancedQueueExecutor.java:1487)
	at org.jboss.threads.EnhancedQueueExecutor$ThreadBody.run(EnhancedQueueExecutor.java:1378)
	at java.lang.Thread.run(Thread.java:748)
Caused by: java.security.NoSuchAlgorithmException: ELY04001: No algorithm found matching TLS/SSL protocol selection criteria
	at org.wildfly.security.ssl.SSLUtils.throwIt(SSLUtils.java:142)
	at org.wildfly.security.ssl.SSLContextBuilder.lambda$build$0(SSLContextBuilder.java:340)
	at org.wildfly.security.OneTimeSecurityFactory.create(OneTimeSecurityFactory.java:53)
	at org.wildfly.extension.elytron.SSLDefinitions$6.lambda$getValueSupplier$1(SSLDefinitions.java:924)
	... 9 more

14:07:53,910 ERROR [org.jboss.as.controller.management-operation] (management-handler-thread - 1) WFLYCTL0013: Operation ("add") failed - address: ([
    ("subsystem" => "elytron"),
    ("server-ssl-context" => "test-server-ssl-context")
]) - failure description: {"WFLYCTL0080: Failed services" => {"org.wildfly.security.ssl-context.test-server-ssl-context" => "java.security.NoSuchAlgorithmException: ELY04001: No algorithm found matching TLS/SSL protocol selection criteria
    Caused by: java.security.NoSuchAlgorithmException: ELY04001: No algorithm found matching TLS/SSL protocol selection criteria"}}
{code}

After debugging it seems problem is this:
Supported protocols resolved from BCJSSE version 1.0005 are [TLS, TLSV1, TLSV1.2, DEFAULT, TLSV1.1]
Whereas Elytron class org.wildfly.security.ssl.Protocol use constants TLSv1, TLSv1.1, TLSv1.2, ... It means lower case "v"
And thus ProtocolSelector.evaluate does return empty set.

Possible solution to this particular problem will be make Protocol case insensitive. It means define enum constants in upper case and adjust methods to use .toUpperCase(). But I am probably not aware of all consequences of such change.

--
This message was sent by Atlassian JIRA
(v7.5.0#75005)