Uploaded image for project: 'WildFly Elytron'
  1. WildFly Elytron
  2. ELY-395

Undertow HTTPS listener offers no cipher suite for DEFAULT enabled-cipher-suites

    XMLWordPrintable

Details

    • Bug
    • Status: Resolved (View Workflow)
    • Major
    • Resolution: Done
    • 1.0.2.Final
    • 1.1.0.Beta6
    • SSL
    • None
      1. add HTTPS listener to Undertow subsytem, add corresponding security realm
      2. set enabled-cipher-suites="DEFAULT" for the listener
      3. try to do a handshake with HTTPS listener
    • Workaround Exists
    • Hide

      The following string can be manually specified instead: -

      ALL:!aNULL:!eNULL
      
      Show
      The following string can be manually specified instead: - ALL:!aNULL:!eNULL

    Description

      No cipher suites are available for handshake with HTTPS Undertow listener.

      According to OpenSSL documentation [1], cipher suites corresponding with ALL:!COMPLEMENTOFDEFAULT:!eNULL cipher string should be available for handshake.

      According to Elytron documentation [2], cipher suites corresponding with ALL:!aNULL:!eNULL cipher string should be available for handshake.

      [1] https://www.openssl.org/docs/manmaster/apps/ciphers.html#CIPHER-STRINGS
      [2] http://wildfly-security.github.io/wildfly-elytron/org/wildfly/security/ssl/CipherSuiteSelector.html#fromString-java.lang.String-

      Attachments

        Issue Links

          Activity

            People

              darran.lofthouse@redhat.com Darran Lofthouse
              okotek@redhat.com Ondrej Kotek
              Ondrej Kotek Ondrej Kotek
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: