-
Bug
-
Resolution: Done
-
Major
-
None
-
None
I wanted to update elytron client version for tests at jbossws-cxf project but when I did I started to see handshake exceptions in one test. I tried several elytron version to pinpoint it to ELY-2026
IOW test works with IBM JDK8 up to elytron client version 1.13.0.Final, it fails with any version after that (see steps to reproduce).
The test fails because it is not able to process SSL handshake before sending message:
Caused by: javax.net.ssl.SSLHandshakeException: No appropriate protocol (protocol is disabled or cipher suites are inappropriate) at org.jboss.test.ws.jaxws.cxf.clientConfig.SSLContextElytronClientConfigTestCaseForked.testConfiguredSSLContext(SSLContextElytronClientConfigTestCaseForked.java:93)
Running with `-Djavax.net.debug=ssl:handshake` reveals:
javax.net.ssl|FINE|01|main|2021-04-23 02:48:11.031 CEST|Thread.java:1164|No available cipher suite for TLS13 javax.net.ssl|FINE|01|main|2021-04-23 02:48:11.032 CEST|Thread.java:1164|No available cipher suite for TLS12 javax.net.ssl|FINE|01|main|2021-04-23 02:48:11.032 CEST|Thread.java:1164|No available cipher suite for TLS11 javax.net.ssl|FINE|01|main|2021-04-23 02:48:11.032 CEST|Thread.java:1164|No available cipher suite for TLS10 javax.net.ssl|SEVERE|01|main|2021-04-23 02:48:11.039 CEST|Thread.java:1164|Fatal (HANDSHAKE_FAILURE): Couldn't kickstart handshaking
So it looks like the changes introduced in ELY-2026 somehow filter out usable cipher suites for the handshake, but that is only my naive guess.
- is cloned by
-
ELY-2494 SSLHandshakeException: No appropriate protocol (protocol is disabled or cipher suites are inappropriate) on IBM JDK after ELY-2026
- Closed
-
JBEAP-24221 [QA](7.4.z) ELY-2117 - SSLHandshakeException: No appropriate protocol (protocol is disabled or cipher suites are inappropriate) on IBM JDK after ELY-2026
- Closed
-
JBWS-4221 SSLHandshakeException: No appropriate protocol (protocol is disabled or cipher suites are inappropriate) on IBM JDK after ELY-2026
- Closed
- is duplicated by
-
ELY-2495 ConfiguredSSL(Server)SocketFactory method getDefaultCipherSuites returns incorrect list of ciphers
- Closed