Uploaded image for project: 'WildFly Elytron'
  1. WildFly Elytron
  2. ELY-1605

ELY05016: Unrecognized token for CCM mode cipher suites.

    XMLWordPrintable

Details

    • Bug
    • Resolution: Done
    • Critical
    • 1.5.0.Final
    • 1.3.3.Final
    • SSL
    • None

    Description

      /subsystem=elytron/server-ssl-context=a:add(cipher-suite-filter="TLS_RSA_WITH_AES_256_CCM,TLS_RSA_WITH_AES_128_CCM")
{
    "outcome" => "failed",
    "failure-description" => "WFLYELY01017: Invalid value for cipher-suite-filter. ELY05016: Unrecognized token \"TLS_RSA_WITH_AES_256_CCM\" in mechanism selection string \"TLS_RSA_WITH_AES_256_CCM,TLS_RSA_WITH_AES_128_CCM\"",
    "rolled-back" => true
}

      This is probably simply because MechanismDatabase.properties does not know CCM cipher suites.

      Marking as Critical because both of ciphersuites from reproducer are listed as FIPS cipher suites for FIPS BC TLS [1]

      These two ciphersuites (TLS_RSA_WITH_AES_256_CCM,TLS_RSA_WITH_AES_128_CCM) are introduced in rfc6655.

      [1] https://downloads.bouncycastle.org/fips-java/BC-FJA-(D)TLSUserGuide-1.0.5.pdf
      [2] https://tools.ietf.org/html/rfc6655

      Attachments

        Activity

          People

            jucook Justin Cook (Inactive)
            mchoma@redhat.com Martin Choma
            Votes:
            0 Vote for this issue
            Watchers:
            3 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: