[jboss-jira] [JBoss JIRA] (WFCORE-3799) FIPS mode is not detected correctly
Martin Choma (JIRA)
issues at jboss.org
Thu May 3 12:06:00 EDT 2018
Martin Choma created WFCORE-3799:
------------------------------------
Summary: FIPS mode is not detected correctly
Key: WFCORE-3799
URL: https://issues.jboss.org/browse/WFCORE-3799
Project: WildFly Core
Issue Type: Bug
Components: Security
Affects Versions: 5.0.0.Alpha4
Reporter: Martin Choma
Assignee: Darran Lofthouse
Priority: Blocker
Trying SSL in FIPS mode I get "KeyManagementException: FIPS mode: only SunJSSE KeyManagers may be used"
{code}
17:45:32,678 ERROR [org.jboss.msc.service.fail] (MSC service thread 1-1) MSC000001: Failed to start service org.wildfly.security.ssl-context.server-ssl-context: org.jboss.msc.service.StartException in service org.wildfly.security.ssl-context.server-ssl-context: java.security.KeyManagementException: FIPS mode: only SunJSSE KeyManagers may be used
at org.wildfly.extension.elytron.SSLDefinitions$6.lambda$getValueSupplier$1(SSLDefinitions.java:926)
at org.wildfly.extension.elytron.TrivialService.start(TrivialService.java:53)
at org.jboss.msc.service.ServiceControllerImpl$StartTask.startService(ServiceControllerImpl.java:1714)
at org.jboss.msc.service.ServiceControllerImpl$StartTask.execute(ServiceControllerImpl.java:1693)
at org.jboss.msc.service.ServiceControllerImpl$ControllerTask.run(ServiceControllerImpl.java:1540)
at org.jboss.threads.ContextClassLoaderSavingRunnable.run(ContextClassLoaderSavingRunnable.java:35)
at org.jboss.threads.EnhancedQueueExecutor.safeRun(EnhancedQueueExecutor.java:1985)
at org.jboss.threads.EnhancedQueueExecutor$ThreadBody.doRunTask(EnhancedQueueExecutor.java:1487)
at org.jboss.threads.EnhancedQueueExecutor$ThreadBody.run(EnhancedQueueExecutor.java:1378)
at java.lang.Thread.run(Thread.java:748)
Caused by: java.security.KeyManagementException: FIPS mode: only SunJSSE KeyManagers may be used
at sun.security.ssl.SSLContextImpl.chooseKeyManager(SSLContextImpl.java:149)
at sun.security.ssl.SSLContextImpl.engineInit(SSLContextImpl.java:66)
at javax.net.ssl.SSLContext.init(SSLContext.java:282)
at org.wildfly.security.ssl.SSLContextBuilder.lambda$build$0(SSLContextBuilder.java:372)
at org.wildfly.security.OneTimeSecurityFactory.create(OneTimeSecurityFactory.java:53)
at org.wildfly.extension.elytron.SSLDefinitions$6.lambda$getValueSupplier$1(SSLDefinitions.java:924)
... 9 more
17:45:32,686 ERROR [org.jboss.as.controller.management-operation] (management-handler-thread - 1) WFLYCTL0013: Operation ("add") failed - address: ([
("subsystem" => "elytron"),
("server-ssl-context" => "server-ssl-context")
]) - failure description: {"WFLYCTL0080: Failed services" => {"org.wildfly.security.ssl-context.server-ssl-context" => "java.security.KeyManagementException: FIPS mode: only SunJSSE KeyManagers may be used
Caused by: java.security.KeyManagementException: FIPS mode: only SunJSSE KeyManagers may be used"}}
{code}
Debugging revealed problem is in this call
{code:java|title=SSLDefinitions.java}
final Class<?> providerClazz = SSLDefinitions.class.getClassLoader().loadClass("com.sun.net.ssl.internal.ssl.Provider");
{code}
which ends with ClassNotFoundException
{code}
java.lang.ClassNotFoundException: com.sun.net.ssl.internal.ssl.Provider from [Module "org.wildfly.extension.elytron" version 5.0.0.Alpha-redhat-20180502 from local module loader @41ee392b (finder: local module finder @1e67a849 (roots: /home/mchoma/Repos/tests-security/fips/target/dist/jboss-eap/modules,/home/mchoma/Repos/tests-security/fips/target/dist/jboss-eap/modules/system/layers/base))]
{code}
--
This message was sent by Atlassian JIRA
(v7.5.0#75005)
More information about the jboss-jira
mailing list