Uploaded image for project: 'JBoss Enterprise Application Platform'
  1. JBoss Enterprise Application Platform
  2. JBEAP-3829

FIPS mode: expired certificate doesn't impact master slave communication.

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Not a Bug
    • Icon: Major Major
    • None
    • 7.0.0.ER6
    • Management, Security

      Description:
      Setting EAP in FIPS mode and securing domain master/slave host controllers communication with SSL/TLS. Communication works even if certificate is expired. I can't find any message regarding this fact in server log (setting logging to ALL level).

      Slave host controller act as client of TLS handshake and in my opinion should react somehow on certification invalidity. Warning message at least. Maybe refuse to connect at all?

        1. reproducer.zip
          17 kB
        2. fipsdb_invalid.zip
          3 kB

            jkalina@redhat.com Jan Kalina (Inactive)
            mchoma@redhat.com Martin Choma
            Votes:
            0 Vote for this issue
            Watchers:
            3 Start watching this issue

              Created:
              Updated:
              Resolved: