Uploaded image for project: 'JBoss Enterprise Application Platform'
  1. JBoss Enterprise Application Platform
  2. JBEAP-7422

Writing invalid value for cipher-suite-filter attribute of Elytron *-ssl-context should result in failure

XMLWordPrintable

    • User Experience
    • Hide
      1. /subsystem=elytron/server-ssl-context=server-ssl-context1:add
      2. /subsystem=elytron/server-ssl-context=server-ssl-context1:write-attribute(name=cipher-suite-filter,value="ab")
      • should fail
      1. reload
      • errors in server log
      13:19:15,855 ERROR [org.jboss.msc.service.fail] (MSC service thread 1-4) MSC000001: Failed to start service org.wildfly.security.ssl-context.server-ssl-context1: org.jboss.msc.service.StartException in service org.wildfly.security.ssl-context.server-ssl-context1: Failed to start service
	at org.jboss.msc.service.ServiceControllerImpl$StartTask.run(ServiceControllerImpl.java:1919)
	at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
	at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
	at java.lang.Thread.run(Thread.java:745)
Caused by: java.lang.IllegalArgumentException: ELY05016: Unrecognized token "ab" in mechanism selection string "ab"
	at org.wildfly.security.ssl.CipherSuiteSelector.fromString(CipherSuiteSelector.java:423)
	at org.wildfly.extension.elytron.SSLDefinitions$3.lambda$getValueSupplier$1(SSLDefinitions.java:510)
	at org.wildfly.extension.elytron.TrivialService.start(TrivialService.java:53)
	at org.jboss.msc.service.ServiceControllerImpl$StartTask.startService(ServiceControllerImpl.java:1963)
	at org.jboss.msc.service.ServiceControllerImpl$StartTask.run(ServiceControllerImpl.java:1896)
	... 3 more

...

13:19:15,923 ERROR [org.jboss.as.controller.management-operation] (Controller Boot Thread) WFLYCTL0013: Operation ("add") failed - address: ([
    ("subsystem" => "elytron"),
    ("server-ssl-context" => "server-ssl-context1")
]) - failure description: {
    "WFLYCTL0080: Failed services" => {"org.wildfly.security.ssl-context.server-ssl-context1" => "org.jboss.msc.service.StartException in service org.wildfly.security.ssl-context.server-ssl-context1: Failed to start service
    Caused by: java.lang.IllegalArgumentException: ELY05016: Unrecognized token \"ab\" in mechanism selection string \"ab\""},
    "WFLYCTL0412: Required services that are not installed:" => ["org.wildfly.security.ssl-context.server-ssl-context1"],
    "WFLYCTL0180: Services with missing/unavailable dependencies" => undefined
}
      Show
      /subsystem=elytron/server-ssl-context=server-ssl-context1:add /subsystem=elytron/server-ssl-context=server-ssl-context1:write-attribute(name=cipher-suite-filter,value="ab") should fail reload errors in server log 13:19:15,855 ERROR [org.jboss.msc.service.fail] (MSC service thread 1-4) MSC000001: Failed to start service org.wildfly.security.ssl-context.server-ssl-context1: org.jboss.msc.service.StartException in service org.wildfly.security.ssl-context.server-ssl-context1: Failed to start service at org.jboss.msc.service.ServiceControllerImpl$StartTask.run(ServiceControllerImpl.java:1919) at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142) at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617) at java.lang.Thread.run(Thread.java:745) Caused by: java.lang.IllegalArgumentException: ELY05016: Unrecognized token "ab" in mechanism selection string "ab" at org.wildfly.security.ssl.CipherSuiteSelector.fromString(CipherSuiteSelector.java:423) at org.wildfly.extension.elytron.SSLDefinitions$3.lambda$getValueSupplier$1(SSLDefinitions.java:510) at org.wildfly.extension.elytron.TrivialService.start(TrivialService.java:53) at org.jboss.msc.service.ServiceControllerImpl$StartTask.startService(ServiceControllerImpl.java:1963) at org.jboss.msc.service.ServiceControllerImpl$StartTask.run(ServiceControllerImpl.java:1896) ... 3 more ... 13:19:15,923 ERROR [org.jboss.as.controller.management-operation] (Controller Boot Thread) WFLYCTL0013: Operation ("add") failed - address: ([ ("subsystem" => "elytron"), ("server-ssl-context" => "server-ssl-context1") ]) - failure description: { "WFLYCTL0080: Failed services" => {"org.wildfly.security.ssl-context.server-ssl-context1" => "org.jboss.msc.service.StartException in service org.wildfly.security.ssl-context.server-ssl-context1: Failed to start service Caused by: java.lang.IllegalArgumentException: ELY05016: Unrecognized token \"ab\" in mechanism selection string \"ab\""}, "WFLYCTL0412: Required services that are not installed:" => ["org.wildfly.security.ssl-context.server-ssl-context1"], "WFLYCTL0180: Services with missing/unavailable dependencies" => undefined }

      Writing invalid value for cipher-suite-filter attribute of *-ssl-context results in "outcome" => "success" and requires reload. After reload there are errors in server log, but there is no notice in CLI. A user should be notified immediately that entered value is not correct – the operation should fail.

      Furthermore, when an invalid combination of cipher-suite-filter and protocols is entered, the operation passes and there are errors in server log after reload only. Again, a user should be notified immediately that entered combination of values is not correct – the operation should fail. Should I create separate JIRA issue for this?

              yborgess1@redhat.com Yeray Borges Santana
              okotek@redhat.com Ondrej Kotek
              Ondrej Kotek Ondrej Kotek
              Ondrej Kotek Ondrej Kotek
              Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

                Created:
                Updated:
                Resolved: