[jboss-jira] [JBoss JIRA] (ELY-1535) CipherSuiteSelector does not know about CHACHA20_POLY1305
Martin Choma (JIRA)
issues at jboss.org
Wed Sep 26 07:25:00 EDT 2018
[ https://issues.jboss.org/browse/ELY-1535?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Martin Choma updated ELY-1535:
------------------------------
Git Pull Request: https://github.com/wildfly-security/wildfly-elytron/pull/1185, https://github.com/wildfly-security/wildfly-elytron/pull/1197 (was: https://github.com/wildfly-security/wildfly-elytron/pull/1185)
> CipherSuiteSelector does not know about CHACHA20_POLY1305
> ---------------------------------------------------------
>
> Key: ELY-1535
> URL: https://issues.jboss.org/browse/ELY-1535
> Project: WildFly Elytron
> Issue Type: Bug
> Components: SSL
> Reporter: Mike Yoder
> Assignee: Martin Mazanek
>
> I was trying to be a good person and implement the Mozilla "Modern" cipher suite described here:
> https://wiki.mozilla.org/Security/Server_Side_TLS
> I'm doing this in a keycloak server. The config line there looks like
> {noformat}
> <https-listener security-realm="ApplicationRealm"
> enabled-protocols="SSLv2Hello,TLSv1.2"
> enabled-cipher-suites="TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384:TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384:TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256:TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256:TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256:TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256:TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384:TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384:TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256:TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256"
> name="default"
> socket-binding="httpish"
> enable-http2="true"
> proxy-address-forwarding="true"
> />
> {noformat}
> But I got this:
> {noformat}
> 13:20:46,574 ERROR [org.jboss.msc.service.fail] (MSC service thread 1-1) MSC000001: Failed to start service org.wildfly.undertow.listener.default: org.jboss.msc.service.StartException in serv
> ice org.wildfly.undertow.listener.default: Failed to start service
> at org.jboss.msc.service.ServiceControllerImpl$StartTask.run(ServiceControllerImpl.java:1978)
> at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
> at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
> at java.lang.Thread.run(Thread.java:748)
> Caused by: java.lang.IllegalArgumentException: ELY05016: Unrecognized token "TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256" in mechanism selection string "TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384:TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384:TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256:TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256:TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256:TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256:TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384:TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384:TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256:TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256"
> at org.wildfly.security.ssl.CipherSuiteSelector.fromString(CipherSuiteSelector.java:423)
> at org.wildfly.extension.undertow.HttpsListenerService.startListening(HttpsListenerService.java:120)
> at org.wildfly.extension.undertow.ListenerService.start(ListenerService.java:169)
> at org.jboss.msc.service.ServiceControllerImpl$StartTask.startService(ServiceControllerImpl.java:2032)
> at org.jboss.msc.service.ServiceControllerImpl$StartTask.run(ServiceControllerImpl.java:1955)
> {noformat}
> With a little digging it appears that CipherSuiteSelector doesn't know what CHACHA20 or POLY1305 are. See:
> https://github.com/wildfly-security/wildfly-elytron/blame/master/src/main/java/org/wildfly/security/ssl/CipherSuiteSelector.java
--
This message was sent by Atlassian JIRA
(v7.5.0#75005)
More information about the jboss-jira
mailing list