Uploaded image for project: 'WildFly Elytron'
  1. WildFly Elytron
  2. ELY-1624

BC FIPS with CLI: Could not connect to remote+https://127.0.0.1:9993. The connection timed out

    Details

    • Type: Bug
    • Status: Closed (View Workflow)
    • Priority: Blocker
    • Resolution: Duplicate Issue
    • Affects Version/s: None
    • Fix Version/s: None
    • Component/s: SSL
    • Labels:
      None
    • Steps to Reproduce:
      Hide
      • run ./standalone.sh with BC FIPS java
      • run CLI with BC FIPS java
        ./jboss-cli.sh \
            -c \
            :read-attribute\(name=server-state\)
        Failed to connect to the controller: The controller is not available at 127.0.0.1:9993: java.net.ConnectException: WFLYPRT0023: Could not connect to remote+https://127.0.0.1:9993. The connection timed out: WFLYPRT0023: Could not connect to remote+https://127.0.0.1:9993. The connection timed out
        
      Show
      run ./standalone.sh with BC FIPS java run CLI with BC FIPS java ./jboss-cli.sh \ -c \ :read-attribute\(name=server-state\) Failed to connect to the controller: The controller is not available at 127.0.0.1:9993: java.net.ConnectException: WFLYPRT0023: Could not connect to remote+https: //127.0.0.1:9993. The connection timed out: WFLYPRT0023: Could not connect to remote+https://127.0.0.1:9993. The connection timed out

      Description

      I am trying to connect from jboss-cli.sh to EAP server. Server and client run with BC FIPS.

      jboss-cli.log
      11:48:08,992 TRACE [org.jboss.remoting.remote] Attempting to connect to "remote+https://127.0.0.1:9993" with options {org.xnio.Options.SSL_STARTTLS=>false,org.xnio.Options.SSL_ENABLED=>true}
      11:48:14,005 ERROR [org.jboss.as.cli.impl.CliLauncher] Error processing CLI: org.jboss.as.cli.CliInitializationException: Failed to connect to the controller
              at org.jboss.as.cli.impl.CliLauncher.initCommandContext(CliLauncher.java:330)
              at org.jboss.as.cli.impl.CliLauncher.main(CliLauncher.java:304)
              at org.jboss.as.cli.CommandLineMain.main(CommandLineMain.java:45)
              at org.jboss.modules.Module.run(Module.java:352)
              at org.jboss.modules.Module.run(Module.java:320)
              at org.jboss.modules.Main.main(Main.java:593)
      Caused by: org.jboss.as.cli.CommandLineException: The controller is not available at 127.0.0.1:9993
              at org.jboss.as.cli.impl.CommandContextImpl.tryConnection(CommandContextImpl.java:1447)
              at org.jboss.as.cli.impl.CommandContextImpl.connectController(CommandContextImpl.java:1226)
              at org.jboss.as.cli.impl.CommandContextImpl.connectController(CommandContextImpl.java:1203)
              at org.jboss.as.cli.impl.CommandContextImpl.connectController(CommandContextImpl.java:1198)
              at org.jboss.as.cli.impl.CliLauncher.initCommandContext(CliLauncher.java:328)
              ... 5 more
      Caused by: java.io.IOException: java.net.ConnectException: WFLYPRT0023: Could not connect to remote+https://127.0.0.1:9993. The connection timed out
              at org.jboss.as.controller.client.impl.AbstractModelControllerClient.executeForResult(AbstractModelControllerClient.java:149)
              at org.jboss.as.controller.client.impl.AbstractModelControllerClient.execute(AbstractModelControllerClient.java:75)
              at org.jboss.as.cli.impl.CommandContextImpl.tryConnection(CommandContextImpl.java:1394)
              ... 9 more
      Caused by: java.net.ConnectException: WFLYPRT0023: Could not connect to remote+https://127.0.0.1:9993. The connection timed out
              at org.jboss.as.protocol.ProtocolConnectionUtils.connectSync(ProtocolConnectionUtils.java:130)
              at org.jboss.as.protocol.ProtocolConnectionManager$EstablishingConnection.connect(ProtocolConnectionManager.java:259)
              at org.jboss.as.protocol.ProtocolConnectionManager.connect(ProtocolConnectionManager.java:70)
              at org.jboss.as.protocol.mgmt.ManagementClientChannelStrategy$Establishing.getChannel(ManagementClientChannelStrategy.java:167)
              at org.jboss.as.cli.impl.CLIModelControllerClient.getOrCreateChannel(CLIModelControllerClient.java:192)
              at org.jboss.as.cli.impl.CLIModelControllerClient$2.getChannel(CLIModelControllerClient.java:126)
              at org.jboss.as.protocol.mgmt.ManagementChannelHandler.executeRequest(ManagementChannelHandler.java:135)
              at org.jboss.as.protocol.mgmt.ManagementChannelHandler.executeRequest(ManagementChannelHandler.java:110)
              at org.jboss.as.controller.client.impl.AbstractModelControllerClient.executeRequest(AbstractModelControllerClient.java:263)
              at org.jboss.as.controller.client.impl.AbstractModelControllerClient.execute(AbstractModelControllerClient.java:168)
              at org.jboss.as.controller.client.impl.AbstractModelControllerClient.executeForResult(AbstractModelControllerClient.java:147)
      

      It works when I use

      • non-FIPS java for CLI and FIPS java for server when connecting to secured 9993 port
      • FIPS java for CLI and non-FIPS java for server when connecting to unsecured port 9990

      Here I get getting over ELY-1621 and ELY-1622

      I would appreciate any hint for way of investigation.

        Gliffy Diagrams

          Attachments

          1. eap_server.log
            72 kB
          2. jboss-cli.log
            40 kB
          3. keystore.bcfks
            3 kB
          4. standalone.xml
            31 kB

            Issue Links

              Activity

                People

                • Assignee:
                  fjuma Farah Juma
                  Reporter:
                  mchoma Martin Choma
                • Votes:
                  0 Vote for this issue
                  Watchers:
                  3 Start watching this issue

                  Dates

                  • Created:
                    Updated:
                    Resolved: