Uploaded image for project: 'Infinispan'
  1. Infinispan
  2. ISPN-15928

[DOC]Unexpected attribute 'enabled-ciphersuites-tls13' in Redhat Datagrid 8.3.1

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Unresolved
    • Icon: Major Major
    • None
    • 13.0.0.Final
    • Documentation
    • None
    • Documentation (Ref Guide, User Guide, etc.)

      There is error whenever enabled-ciphersuites-tls13 attribute is used in the configuration in Redhat Datagrid 8.3.1
      Configuration as below throws Error.
       ~~~
      {{<ssl>
      <keystore path="server.p12"
      relative-to="infinispan.server.config.path"
      password="secret"
      alias="server"/>
      <!-- Configures Data Grid Server to use specific TLS versions and cipher suites. -->
      <engine enabled-protocols="TLSv1.3 TLSv1.2"
      enabled-ciphersuites="TLS_AES_256_GCM_SHA384,TLS_AES_128_GCM_SHA256"
      enabled-ciphersuites-tls13="TLS_AES_256_GCM_SHA384"/>
      </ssl>}}
      ~~~
      {{}}
      Error encountered was:
       ~~~
      2023-05-31 16:54:00,553 FATAL (main) [org.infinispan.SERVER] ISPN080028: Red Hat Data Grid Server failed to start org.infinispan.commons.configuration.io.ConfigurationReaderException: Unexpected attribute 'enabled-ciphersuites-tls13' encountered[25,174]
      {{}}
      ~~~
      {{}}
      Resolution:-
       
      The attribute is not present in Infinispan-server-13.0.xsd which is used in Redhat Datagrid 8.3.1 but present in Infinispan-server-14.0.xsd, therefore this needs a removal from the documentation.

      https://access.redhat.com/documentation/en-us/red_hat_data_grid/8.3/html/data_grid_server_guide/configuring-encryption#configuring-ssl-engine_endpoint-security

       
      Infinispan-server-13.0.xsd

      {{</xs:complexType>
      <xs:complexType name="security-realm-ssl-engine">
      <xs:attribute type="tns:name-list" name="enabled-protocols"/>
      <xs:attribute type="xs:string" name="enabled-ciphersuites"/>
      </xs:complexType>
      <xs:complexType name="security-realm-properties">}}
      Infinispan-server-14.0.xsd
       ~~
      {{ <xs:complexType name="security-realm-ssl-engine">
      <xs:attribute type="tns:name-list" name="enabled-protocols"/>
      <xs:attribute type="xs:string" name="enabled-ciphersuites" default="DEFAULT">
      <xs:annotation>
      <xs:documentation>
      The filter to be applied to the cipher suites made available by this SSL engine.
      </xs:documentation>
      </xs:annotation>
      </xs:attribute>
      <xs:attribute type="xs:string" name="enabled-ciphersuites-tls13" default="TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_128_GCM_SHA256">
      <xs:annotation>
      <xs:documentation>
      The ciphersuite names to use for the TLSv1.3 engine.
      </xs:documentation>
      </xs:annotation>
      </xs:attribute>}}
      ~~~
       

              sunag@redhat.com Suparna Nag
              sunag@redhat.com Suparna Nag
              Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

                Created:
                Updated: