It looks like after the latest EAP7.1.3.CP release there has been incomplete update of the wildfly-openssl libraries. See what packages have been installed on the machine using jb-eap-7.1-for-rhel-7-server-rpms RPM repository:
# rpm -qa | grep "eap7.*openssl"
eap7-wildfly-openssl-java-1.0.6-1.Final_redhat_1.1.ep7.el7.noarch
eap7-wildfly-openssl-linux-1.0.2-13.Final_redhat_1.1.ep7.el7.x86_64
eap7-wildfly-openssl-1.0.6-1.Final_redhat_1.1.ep7.el7.noarch
Looking at the list of packages in the repository itself, it looks like there is really missing latest version of eap7-wildfly-openssl-linux package:
eap7-wildfly-openssl-1.0.2-1.Final_redhat_1.1.ep7.el6.noarch.rpm 28-Nov-2017 07:06 4.3K RPM package file eap7-wildfly-openssl-1.0.6-1.Final_redhat_1.1.ep7.el6.noarch.rpm 22-Jun-2018 08:45 4.4K RPM package file eap7-wildfly-openssl-java-1.0.2-1.Final_redhat_1.1.ep7.el6.noarch.rpm 28-Nov-2017 07:06 235K RPM package file eap7-wildfly-openssl-java-1.0.6-1.Final_redhat_1.1.ep7.el6.noarch.rpm 22-Jun-2018 08:44 240K RPM package file eap7-wildfly-openssl-linux-1.0.2-13.Final_redhat_1.1.ep7.el6.i686.rpm 28-Nov-2017 07:07 24K RPM package file
This inconsistency leads to the inability to use OpenSSL with the EAP, see Steps to Reproduce section. Server log contains following errors:
2018-07-25 07:08:46,422 ERROR [org.jboss.msc.service.fail] (MSC service thread 1-2) MSC000001: Failed to start service org.wildfly.security.ssl-context.sslSSC: org.jboss.msc.service.StartException in service org.wildfly.security.ssl-context.sslSSC: java.security.NoSuchAlgorithmException: ELY04001: No algorithm found matching TLS/SSL protocol selection criteria at org.wildfly.extension.elytron.SSLDefinitions$6.lambda$getValueSupplier$1(SSLDefinitions.java:921) at org.wildfly.extension.elytron.TrivialService.start(TrivialService.java:53) at org.jboss.msc.service.ServiceControllerImpl$StartTask.startService(ServiceControllerImpl.java:2032) at org.jboss.msc.service.ServiceControllerImpl$StartTask.run(ServiceControllerImpl.java:1955) at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149) at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624) at java.lang.Thread.run(Thread.java:748) Caused by: java.security.NoSuchAlgorithmException: ELY04001: No algorithm found matching TLS/SSL protocol selection criteria at org.wildfly.security.ssl.SSLUtils.lambda$createSslContextFactory$1(SSLUtils.java:130) at org.wildfly.security.ssl.SSLContextBuilder.lambda$build$0(SSLContextBuilder.java:338) at org.wildfly.security.OneTimeSecurityFactory.create(OneTimeSecurityFactory.java:45) at org.wildfly.extension.elytron.SSLDefinitions$6.lambda$getValueSupplier$1(SSLDefinitions.java:919) ... 6 more 2018-07-25 07:08:46,427 ERROR [org.jboss.as.controller.management-operation] (management-handler-thread - 1) WFLYCTL0013: Operation ("add") failed - address: ([ ("subsystem" => "elytron"), ("server-ssl-context" => "sslSSC") ]) - failure description: {"WFLYCTL0080: Failed services" => {"org.wildfly.security.ssl-context.sslSSC" => "java.security.NoSuchAlgorithmException: ELY04001: No algorithm found matching TLS/SSL protocol selection criteria Caused by: java.security.NoSuchAlgorithmException: ELY04001: No algorithm found matching TLS/SSL protocol selection criteria"}} 2018-07-25 07:09:00,422 ERROR [org.jboss.msc.service.fail] (MSC service thread 1-2) MSC000001: Failed to start service org.wildfly.security.ssl-context.sslSSC: org.jboss.msc.service.StartException in service org.wildfly.security.ssl-context.sslSSC: java.security.NoSuchAlgorithmException: ELY04001: No algorithm found matching TLS/SSL protocol selection criteria at org.wildfly.extension.elytron.SSLDefinitions$6.lambda$getValueSupplier$1(SSLDefinitions.java:921) at org.wildfly.extension.elytron.TrivialService.start(TrivialService.java:53) at org.jboss.msc.service.ServiceControllerImpl$StartTask.startService(ServiceControllerImpl.java:2032) at org.jboss.msc.service.ServiceControllerImpl$StartTask.run(ServiceControllerImpl.java:1955) at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149) at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624) at java.lang.Thread.run(Thread.java:748) Caused by: java.security.NoSuchAlgorithmException: ELY04001: No algorithm found matching TLS/SSL protocol selection criteria at org.wildfly.security.ssl.SSLUtils.lambda$createSslContextFactory$1(SSLUtils.java:130) at org.wildfly.security.ssl.SSLContextBuilder.lambda$build$0(SSLContextBuilder.java:338) at org.wildfly.security.OneTimeSecurityFactory.create(OneTimeSecurityFactory.java:45) at org.wildfly.extension.elytron.SSLDefinitions$6.lambda$getValueSupplier$1(SSLDefinitions.java:919) ... 6 more 2018-07-25 07:09:00,425 ERROR [org.jboss.as.controller.management-operation] (management-handler-thread - 3) WFLYCTL0013: Operation ("add") failed - address: ([ ("subsystem" => "elytron"), ("server-ssl-context" => "sslSSC") ]) - failure description: {"WFLYCTL0080: Failed services" => {"org.wildfly.security.ssl-context.sslSSC" => "java.security.NoSuchAlgorithmException: ELY04001: No algorithm found matching TLS/SSL protocol selection criteria Caused by: java.security.NoSuchAlgorithmException: ELY04001: No algorithm found matching TLS/SSL protocol selection criteria"}}
This problem for all platforms with regard to the RPM distribution - thus RHEL7 x86_64, RHEL6 x86_64 and i386.
Possible workaround can be used:
- locate file libwfssl.so in your EAP installation and replace it with same file from the EAP7.1.3 zip archive distribution, e.g.:
cp /tmp/jboss-eap-7.1/modules/system/layers/base/org/wildfly/openssl/main/lib/linux-x86_64/libwfssl.so /opt/rh/eap7/root/usr/share/wildfly/modules/system/layers/base/org/wildfly/openssl/main/lib/linux-x86_64/libwfssl.so