Blocker It looks like after the latest EAP7.1.3.CP release there has been incomplete update of the wildfly-openssl libraries. See what packages have been installed on the machine using jb-eap-7.1-for-rhel-7-server-rpms RPM repository:
# rpm -qa | grep "eap7.*openssl"
eap7-wildfly-openssl-java-1.0.6-1.Final_redhat_1.1.ep7.el7.noarch
eap7-wildfly-openssl-linux-1.0.2-13.Final_redhat_1.1.ep7.el7.x86_64
eap7-wildfly-openssl-1.0.6-1.Final_redhat_1.1.ep7.el7.noarch
Looking at the list of packages in the repository itself, it looks like there is really missing latest version of eap7-wildfly-openssl-linux package:
eap7-wildfly-openssl-1.0.2-1.Final_redhat_1.1.ep7.el6.noarch.rpm 28-Nov-2017 07:06 4.3K RPM package file eap7-wildfly-openssl-1.0.6-1.Final_redhat_1.1.ep7.el6.noarch.rpm 22-Jun-2018 08:45 4.4K RPM package file eap7-wildfly-openssl-java-1.0.2-1.Final_redhat_1.1.ep7.el6.noarch.rpm 28-Nov-2017 07:06 235K RPM package file eap7-wildfly-openssl-java-1.0.6-1.Final_redhat_1.1.ep7.el6.noarch.rpm 22-Jun-2018 08:44 240K RPM package file eap7-wildfly-openssl-linux-1.0.2-13.Final_redhat_1.1.ep7.el6.i686.rpm 28-Nov-2017 07:07 24K RPM package file
This inconsistency leads to the inability to use OpenSSL with the EAP, see Steps to Reproduce section. Server log contains following errors:
2018-07-25 07:08:46,422 ERROR [org.jboss.msc.service.fail] (MSC service thread 1-2) MSC000001: Failed to start service org.wildfly.security.ssl-context.sslSSC: org.jboss.msc.service.StartException in service org.wildfly.security.ssl-context.sslSSC: java.security.NoSuchAlgorithmException: ELY04001: No algorithm found matching TLS/SSL protocol selection criteria
at org.wildfly.extension.elytron.SSLDefinitions$6.lambda$getValueSupplier$1(SSLDefinitions.java:921)
at org.wildfly.extension.elytron.TrivialService.start(TrivialService.java:53)
at org.jboss.msc.service.ServiceControllerImpl$StartTask.startService(ServiceControllerImpl.java:2032)
at org.jboss.msc.service.ServiceControllerImpl$StartTask.run(ServiceControllerImpl.java:1955)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
at java.lang.Thread.run(Thread.java:748)
Caused by: java.security.NoSuchAlgorithmException: ELY04001: No algorithm found matching TLS/SSL protocol selection criteria
at org.wildfly.security.ssl.SSLUtils.lambda$createSslContextFactory$1(SSLUtils.java:130)
at org.wildfly.security.ssl.SSLContextBuilder.lambda$build$0(SSLContextBuilder.java:338)
at org.wildfly.security.OneTimeSecurityFactory.create(OneTimeSecurityFactory.java:45)
at org.wildfly.extension.elytron.SSLDefinitions$6.lambda$getValueSupplier$1(SSLDefinitions.java:919)
... 6 more
2018-07-25 07:08:46,427 ERROR [org.jboss.as.controller.management-operation] (management-handler-thread - 1) WFLYCTL0013: Operation ("add") failed - address: ([
("subsystem" => "elytron"),
("server-ssl-context" => "sslSSC")
]) - failure description: {"WFLYCTL0080: Failed services" => {"org.wildfly.security.ssl-context.sslSSC" => "java.security.NoSuchAlgorithmException: ELY04001: No algorithm found matching TLS/SSL protocol selection criteria
Caused by: java.security.NoSuchAlgorithmException: ELY04001: No algorithm found matching TLS/SSL protocol selection criteria"}}
2018-07-25 07:09:00,422 ERROR [org.jboss.msc.service.fail] (MSC service thread 1-2) MSC000001: Failed to start service org.wildfly.security.ssl-context.sslSSC: org.jboss.msc.service.StartException in service org.wildfly.security.ssl-context.sslSSC: java.security.NoSuchAlgorithmException: ELY04001: No algorithm found matching TLS/SSL protocol selection criteria
at org.wildfly.extension.elytron.SSLDefinitions$6.lambda$getValueSupplier$1(SSLDefinitions.java:921)
at org.wildfly.extension.elytron.TrivialService.start(TrivialService.java:53)
at org.jboss.msc.service.ServiceControllerImpl$StartTask.startService(ServiceControllerImpl.java:2032)
at org.jboss.msc.service.ServiceControllerImpl$StartTask.run(ServiceControllerImpl.java:1955)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
at java.lang.Thread.run(Thread.java:748)
Caused by: java.security.NoSuchAlgorithmException: ELY04001: No algorithm found matching TLS/SSL protocol selection criteria
at org.wildfly.security.ssl.SSLUtils.lambda$createSslContextFactory$1(SSLUtils.java:130)
at org.wildfly.security.ssl.SSLContextBuilder.lambda$build$0(SSLContextBuilder.java:338)
at org.wildfly.security.OneTimeSecurityFactory.create(OneTimeSecurityFactory.java:45)
at org.wildfly.extension.elytron.SSLDefinitions$6.lambda$getValueSupplier$1(SSLDefinitions.java:919)
... 6 more
2018-07-25 07:09:00,425 ERROR [org.jboss.as.controller.management-operation] (management-handler-thread - 3) WFLYCTL0013: Operation ("add") failed - address: ([
("subsystem" => "elytron"),
("server-ssl-context" => "sslSSC")
]) - failure description: {"WFLYCTL0080: Failed services" => {"org.wildfly.security.ssl-context.sslSSC" => "java.security.NoSuchAlgorithmException: ELY04001: No algorithm found matching TLS/SSL protocol selection criteria
Caused by: java.security.NoSuchAlgorithmException: ELY04001: No algorithm found matching TLS/SSL protocol selection criteria"}}
This problem for all platforms with regard to the RPM distribution - thus RHEL7 x86_64, RHEL6 x86_64 and i386.
Possible workaround can be used:
- locate file libwfssl.so in your EAP installation and replace it with same file from the EAP7.1.3 zip archive distribution, e.g.:
cp /tmp/jboss-eap-7.1/modules/system/layers/base/org/wildfly/openssl/main/lib/linux-x86_64/libwfssl.so /opt/rh/eap7/root/usr/share/wildfly/modules/system/layers/base/org/wildfly/openssl/main/lib/linux-x86_64/libwfssl.so
