Loading...

XML

Word

Printable

Type: Bug
Resolution: Done
Priority: Major
Fix Version/s: 7.4.9.CR1, 7.4.9.GA
Affects Version/s: 7.4.8.CR2
Component/s: Security, Web Services
Labels:
None

Blocked:
False
Blocked Reason:
None
Ready:
False
CDW devel_ack:
CDW docs_ack:
CDW pm_ack:
CDW qa_ack:
CDW release:
QE Test Coverage:
+
Target Release:

7.4.z.GA
Git Pull Request:
https://github.com/wildfly-security/wildfly-elytron/pull/1850
Steps to Reproduce:
Hide

git clone git@github.com:jbossws/jbossws-cxf.git # set IBM JDK on path # pass mvn -V -Pwildfly2300 -Dwildfly2300.version=23.0.0.Final clean integration-test -Dtest=SSLContextElytronClientConfigTestCaseForked -Dwildfly.elytron.version=1.13.0.Final # fail mvn -V -Pwildfly2300 -Dwildfly2300.version=23.0.0.Final clean integration-test -Dtest=SSLContextElytronClientConfigTestCaseForked -Dwildfly.elytron.version=1.13.1.Final
Show
git clone git@github.com:jbossws/jbossws-cxf.git # set IBM JDK on path # pass mvn -V -Pwildfly2300 -Dwildfly2300.version=23.0.0.Final clean integration-test -Dtest=SSLContextElytronClientConfigTestCaseForked -Dwildfly.elytron.version=1.13.0.Final # fail mvn -V -Pwildfly2300 -Dwildfly2300.version=23.0.0.Final clean integration-test -Dtest=SSLContextElytronClientConfigTestCaseForked -Dwildfly.elytron.version=1.13.1.Final
Intelligence Requested:
Market:

SFDC Cases Counter:
SFDC Cases Open:
SFDC Cases Links:

I wanted to update elytron client version for tests at jbossws-cxf project but when I did I started to see handshake exceptions in one test. I tried several elytron version to pinpoint it to ~~ELY-2026~~

IOW test works with IBM JDK8 up to elytron client version 1.13.0.Final, it fails with any version after that (see steps to reproduce).

The test fails because it is not able to process SSL handshake before sending message:

Caused by: javax.net.ssl.SSLHandshakeException: No appropriate protocol (protocol is disabled or cipher suites are inappropriate)
	at org.jboss.test.ws.jaxws.cxf.clientConfig.SSLContextElytronClientConfigTestCaseForked.testConfiguredSSLContext(SSLContextElytronClientConfigTestCaseForked.java:93)

Running with `-Djavax.net.debug=ssl:handshake` reveals:

javax.net.ssl|FINE|01|main|2021-04-23 02:48:11.031 CEST|Thread.java:1164|No available cipher suite for TLS13
javax.net.ssl|FINE|01|main|2021-04-23 02:48:11.032 CEST|Thread.java:1164|No available cipher suite for TLS12
javax.net.ssl|FINE|01|main|2021-04-23 02:48:11.032 CEST|Thread.java:1164|No available cipher suite for TLS11
javax.net.ssl|FINE|01|main|2021-04-23 02:48:11.032 CEST|Thread.java:1164|No available cipher suite for TLS10
javax.net.ssl|SEVERE|01|main|2021-04-23 02:48:11.039 CEST|Thread.java:1164|Fatal (HANDSHAKE_FAILURE): Couldn't kickstart handshaking

So it looks like the changes introduced in ~~ELY-2026~~ somehow filter out usable cipher suites for the handshake, but that is only my naive guess.

clones

ELY-2117 SSLHandshakeException: No appropriate protocol (protocol is disabled or cipher suites are inappropriate) on IBM JDK after ELY-2026

Resolved

is incorporated by

JBEAP-24081 (7.4.z) Upgrade Elytron from 1.15.14.Final-redhat-00001 to 1.15.15.Final-redhat-00001

Closed

Assignee:: Ricardo Martin Camarero

Reporter:: Petr Adamec

Votes:: 0 Vote for this issue

Watchers:: 5 Start watching this issue

Created:: 2022/11/24 1:21 PM

Updated:: 2024/08/19 1:58 PM

Resolved:: 2022/12/06 2:09 PM

Details

Description

Attachments

Issue Links

Easy Agile Planning Poker

Activity

People

Dates