Loading...

XML

Word

Printable

Details

Type: Bug
Resolution: Done
Priority: Blocker
Fix Version/s: 7.1.0.GA
Affects Version/s: 7.1.0.DR16
Component/s: Documentation
Labels:
- docs-bulk-37
- docs-bulk-39
- fips
- openssl
- pkcs#11
- ssl

Target Release:

7.1.0.GA
Git Pull Request:
https://gitlab.cee.redhat.com/red-hat-jboss-enterprise-application-platform-documentation/eap-documentation/merge_requests/3482
Steps to Reproduce:
Hide

elytron ssl context used to configure TLS.

FIPS PKCS11 keystore used

OpenSSL provider registered before Elytron provider

<subsystem xmlns="urn:wildfly:elytron:1.0" initial-providers="combined-providers"> <providers> <provider-loader name="elytron" module="org.wildfly.security.elytron"/> <provider-loader name="openssl" module="org.wildfly.openssl"/> <aggregate-providers name="combined-providers"> <providers name="openssl"/> <providers name="elytron"/> </aggregate-providers>
Show
elytron ssl context used to configure TLS. FIPS PKCS11 keystore used OpenSSL provider registered before Elytron provider <subsystem xmlns= "urn:wildfly:elytron:1.0" initial-providers= "combined-providers" > <providers> <provider-loader name= "elytron" module= "org.wildfly.security.elytron" /> <provider-loader name= "openssl" module= "org.wildfly.openssl" /> <aggregate-providers name= "combined-providers" > <providers name= "openssl" /> <providers name= "elytron" /> </aggregate-providers>

SFDC Cases Counter:
SFDC Cases Links:

Description

User impact: In FIPS mode user can't use OpenSSL provider for TLS. User can still use "standard" JSSE TLS - that works just fine.

OpenSSL TLS is considered to have better performance than java JSSE implementation
I believe OpenSSL provider is also currently prerequisite for HTTP/2

[Host Controller] 14:50:45,678 ERROR [org.jboss.msc.service.fail] (MSC service thread 1-3) MSC000001: Failed to start service org.wildfly.security.ssl-context.oneWaySSC: org.jboss.msc.service.StartException in service org.wildfly.security.ssl-context.oneWaySSC: Failed to start service
[Host Controller] 	at org.jboss.msc.service.ServiceControllerImpl$StartTask.run(ServiceControllerImpl.java:1978)
[Host Controller] 	at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
[Host Controller] 	at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
[Host Controller] 	at java.lang.Thread.run(Thread.java:745)
[Host Controller] Caused by: java.lang.RuntimeException: java.lang.NullPointerException
[Host Controller] 	at org.wildfly.openssl.OpenSSLContextSPI.init(OpenSSLContextSPI.java:249)
[Host Controller] 	at org.wildfly.openssl.OpenSSLContextSPI.engineInit(OpenSSLContextSPI.java:319)
[Host Controller] 	at javax.net.ssl.SSLContext.init(SSLContext.java:282)
[Host Controller] 	at org.wildfly.security.ssl.SSLContextBuilder.lambda$build$0(SSLContextBuilder.java:345)
[Host Controller] 	at org.wildfly.security.OneTimeSecurityFactory.create(OneTimeSecurityFactory.java:45)
[Host Controller] 	at org.wildfly.extension.elytron.SSLDefinitions$4.lambda$getValueSupplier$1(SSLDefinitions.java:730)
[Host Controller] 	at org.wildfly.extension.elytron.TrivialService.start(TrivialService.java:53)
[Host Controller] 	at org.jboss.msc.service.ServiceControllerImpl$StartTask.startService(ServiceControllerImpl.java:2032)
[Host Controller] 	at org.jboss.msc.service.ServiceControllerImpl$StartTask.run(ServiceControllerImpl.java:1955)
[Host Controller] 	... 3 more
[Host Controller] Caused by: java.lang.NullPointerException
[Host Controller] 	at java.util.Base64$Encoder.encode(Base64.java:261)
[Host Controller] 	at java.util.Base64$Encoder.encodeToString(Base64.java:315)
[Host Controller] 	at org.wildfly.openssl.OpenSSLContextSPI.init(OpenSSLContextSPI.java:199)
[Host Controller] 	... 11 more

Attachments

Issue Links

is cloned by

WFSSL-7 NPE on obtaining PrivateKey from FIPS PKCS11 key manager should be handled

Resolved

Activity

People

Assignee:: Priyanka Pandey

Reporter:: Martin Choma

Votes:: 0 Vote for this issue

Watchers:: 10 Start watching this issue

Dates

Created:: 2017/04/18 9:08 AM

Updated:: 2021/10/24 6:50 AM

Resolved:: 2017/08/29 8:56 AM