Uploaded image for project: 'WildFly Elytron'
  1. WildFly Elytron
  2. ELY-1605

ELY05016: Unrecognized token for CCM mode cipher suites.

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Done
    • Icon: Critical Critical
    • 1.5.0.Final
    • 1.3.3.Final
    • SSL
    • None 

      /subsystem=elytron/server-ssl-context=a:add(cipher-suite-filter="TLS_RSA_WITH_AES_256_CCM,TLS_RSA_WITH_AES_128_CCM")
{
    "outcome" => "failed",
    "failure-description" => "WFLYELY01017: Invalid value for cipher-suite-filter. ELY05016: Unrecognized token \"TLS_RSA_WITH_AES_256_CCM\" in mechanism selection string \"TLS_RSA_WITH_AES_256_CCM,TLS_RSA_WITH_AES_128_CCM\"",
    "rolled-back" => true
}

      This is probably simply because MechanismDatabase.properties does not know CCM cipher suites.

      Marking as Critical because both of ciphersuites from reproducer are listed as FIPS cipher suites for FIPS BC TLS [1]

      These two ciphersuites (TLS_RSA_WITH_AES_256_CCM,TLS_RSA_WITH_AES_128_CCM) are introduced in rfc6655.

      [1] https://downloads.bouncycastle.org/fips-java/BC-FJA-(D)TLSUserGuide-1.0.5.pdf
      [2] https://tools.ietf.org/html/rfc6655

              jucook Justin Cook (Inactive)
              mchoma@redhat.com Martin Choma
              Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

                Created:
                Updated:
                Resolved: