Uploaded image for project: 'JBoss Enterprise Application Platform'
  1. JBoss Enterprise Application Platform
  2. JBEAP-13934

[GSS](7.1.z) Unable to set multiple ssl protocols and ciphers on security-realms using system properties

XMLWordPrintable

    • Icon: Enhancement Enhancement
    • Resolution: Done
    • Icon: Major Major
    • 7.1.1.CR1, 7.1.1.GA
    • None
    • Management
    • None
    • EAP 7.1.1

      It is not possible to set the ssl protocol and ciphers on a security-realm using system property if multiple protocols and/or ciphers are needed.

      Setting the "enabled-cipher-suites" and "enabled-protocols" using a system property works if the system property value resolves to a single value ("TLSv1.2" for example).

      An error is thrown if the system property has multiple values (-Dtlsversion="TLSv1.1 TLSv1.2"). Here is the error that is generated:

      13:20:43,315 ERROR [org.jboss.msc.service.fail] (MSC service thread 1-4) MSC000001: Failed to start service org.wildfly.core.management.security.realm.ManagementRealm.ssl-context: org.jboss.msc.service.StartException in service org.wildfly.core.management.security.realm.ManagementRealm.ssl-context: WFLYDM0096: No protocols in common, supported=([SSLv2Hello, SSLv3, TLSv1, TLSv1.1, TLSv1.2]), requested=([TLSv1.1 TLSv1.2])
      at org.jboss.as.domain.management.security.SSLContextService.wrapSslContext(SSLContextService.java:137)
      at org.jboss.as.domain.management.security.SSLContextService.start(SSLContextService.java:102)
      at org.jboss.msc.service.ServiceControllerImpl$StartTask.startService(ServiceControllerImpl.java:2032)
      at org.jboss.msc.service.ServiceControllerImpl$StartTask.run(ServiceControllerImpl.java:1955)
      at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
      at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
      at java.lang.Thread.run(Thread.java:745)

            rhn-engineering-lgao Lin Gao
            rhn-support-bmaxwell Brad Maxwell
            Daniel Cihak Daniel Cihak
            Daniel Cihak Daniel Cihak
            Votes:
            0 Vote for this issue
            Watchers:
            6 Start watching this issue

              Created:
              Updated:
              Resolved:

                Estimated:
                Original Estimate - 1 day
                1d
                Remaining:
                Remaining Estimate - 1 day
                1d
                Logged:
                Time Spent - Not Specified
                Not Specified