Loading...

XML

Word

Printable

Details

Type: Bug
Resolution: Not a Bug
Priority: Major
Fix Version/s: None
Affects Version/s: 7.0.0.ER6
Component/s: Management, Security
Labels:
- nss

Target Release:

7.backlog.GA
Steps to Reproduce:

Hide

1. Setting domain master/slave host controller communication.
As described here https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.0/html-single/how_to_configure_server_security/#configure-fips-domain-rhel6
2. Using NSS keystore with expired key fipsdb_invalid.zip from attachment.
3. Solution works seamlessly, even no warning message in server log.

Show
1. Setting domain master/slave host controller communication. As described here https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.0/html-single/how_to_configure_server_security/#configure-fips-domain-rhel6 2. Using NSS keystore with expired key fipsdb_invalid.zip from attachment. 3. Solution works seamlessly, even no warning message in server log.

SFDC Cases Counter:
SFDC Cases Links:

Description

Description:
Setting EAP in FIPS mode and securing domain master/slave host controllers communication with SSL/TLS. Communication works even if certificate is expired. I can't find any message regarding this fact in server log (setting logging to ALL level).

Slave host controller act as client of TLS handshake and in my opinion should react somehow on certification invalidity. Warning message at least. Maybe refuse to connect at all?

Attachments

- Sort By Name
- Sort By Date
- Ascending
- Descending
- Thumbnails
- List
- Download All

fipsdb_invalid.zip
3 kB
2016/03/15 9:29 AM
reproducer.zip
17 kB
2018/03/13 9:58 AM

Issue Links

blocks

JBEAP-4120 FIPS mode issues

Resolved

Activity

People

Assignee:: Jan Kalina (Inactive)

Reporter:: Martin Choma

Votes:: 0 Vote for this issue

Watchers:: 3 Start watching this issue

Dates

Created:: 2016/03/15 9:30 AM

Updated:: 2021/10/24 6:41 AM

Resolved:: 2018/03/13 9:59 AM