Uploaded image for project: 'JBoss Enterprise Application Platform'
  1. JBoss Enterprise Application Platform
  2. JBEAP-7422

Writing invalid value for cipher-suite-filter attribute of Elytron *-ssl-context should result in failure

    XMLWordPrintable

Details

    • User Experience
    • Hide
      1. /subsystem=elytron/server-ssl-context=server-ssl-context1:add
      2. /subsystem=elytron/server-ssl-context=server-ssl-context1:write-attribute(name=cipher-suite-filter,value="ab")
      • should fail
      1. reload
      • errors in server log
      13:19:15,855 ERROR [org.jboss.msc.service.fail] (MSC service thread 1-4) MSC000001: Failed to start service org.wildfly.security.ssl-context.server-ssl-context1: org.jboss.msc.service.StartException in service org.wildfly.security.ssl-context.server-ssl-context1: Failed to start service
	at org.jboss.msc.service.ServiceControllerImpl$StartTask.run(ServiceControllerImpl.java:1919)
	at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
	at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
	at java.lang.Thread.run(Thread.java:745)
Caused by: java.lang.IllegalArgumentException: ELY05016: Unrecognized token "ab" in mechanism selection string "ab"
	at org.wildfly.security.ssl.CipherSuiteSelector.fromString(CipherSuiteSelector.java:423)
	at org.wildfly.extension.elytron.SSLDefinitions$3.lambda$getValueSupplier$1(SSLDefinitions.java:510)
	at org.wildfly.extension.elytron.TrivialService.start(TrivialService.java:53)
	at org.jboss.msc.service.ServiceControllerImpl$StartTask.startService(ServiceControllerImpl.java:1963)
	at org.jboss.msc.service.ServiceControllerImpl$StartTask.run(ServiceControllerImpl.java:1896)
	... 3 more

...

13:19:15,923 ERROR [org.jboss.as.controller.management-operation] (Controller Boot Thread) WFLYCTL0013: Operation ("add") failed - address: ([
    ("subsystem" => "elytron"),
    ("server-ssl-context" => "server-ssl-context1")
]) - failure description: {
    "WFLYCTL0080: Failed services" => {"org.wildfly.security.ssl-context.server-ssl-context1" => "org.jboss.msc.service.StartException in service org.wildfly.security.ssl-context.server-ssl-context1: Failed to start service
    Caused by: java.lang.IllegalArgumentException: ELY05016: Unrecognized token \"ab\" in mechanism selection string \"ab\""},
    "WFLYCTL0412: Required services that are not installed:" => ["org.wildfly.security.ssl-context.server-ssl-context1"],
    "WFLYCTL0180: Services with missing/unavailable dependencies" => undefined
}
      Show
      /subsystem=elytron/server-ssl-context=server-ssl-context1:add /subsystem=elytron/server-ssl-context=server-ssl-context1:write-attribute(name=cipher-suite-filter,value="ab") should fail reload errors in server log 13:19:15,855 ERROR [org.jboss.msc.service.fail] (MSC service thread 1-4) MSC000001: Failed to start service org.wildfly.security.ssl-context.server-ssl-context1: org.jboss.msc.service.StartException in service org.wildfly.security.ssl-context.server-ssl-context1: Failed to start service at org.jboss.msc.service.ServiceControllerImpl$StartTask.run(ServiceControllerImpl.java:1919) at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142) at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617) at java.lang.Thread.run(Thread.java:745) Caused by: java.lang.IllegalArgumentException: ELY05016: Unrecognized token "ab" in mechanism selection string "ab" at org.wildfly.security.ssl.CipherSuiteSelector.fromString(CipherSuiteSelector.java:423) at org.wildfly.extension.elytron.SSLDefinitions$3.lambda$getValueSupplier$1(SSLDefinitions.java:510) at org.wildfly.extension.elytron.TrivialService.start(TrivialService.java:53) at org.jboss.msc.service.ServiceControllerImpl$StartTask.startService(ServiceControllerImpl.java:1963) at org.jboss.msc.service.ServiceControllerImpl$StartTask.run(ServiceControllerImpl.java:1896) ... 3 more ... 13:19:15,923 ERROR [org.jboss.as.controller.management-operation] (Controller Boot Thread) WFLYCTL0013: Operation ("add") failed - address: ([ ("subsystem" => "elytron"), ("server-ssl-context" => "server-ssl-context1") ]) - failure description: { "WFLYCTL0080: Failed services" => {"org.wildfly.security.ssl-context.server-ssl-context1" => "org.jboss.msc.service.StartException in service org.wildfly.security.ssl-context.server-ssl-context1: Failed to start service Caused by: java.lang.IllegalArgumentException: ELY05016: Unrecognized token \"ab\" in mechanism selection string \"ab\""}, "WFLYCTL0412: Required services that are not installed:" => ["org.wildfly.security.ssl-context.server-ssl-context1"], "WFLYCTL0180: Services with missing/unavailable dependencies" => undefined }

    Description

      Writing invalid value for cipher-suite-filter attribute of *-ssl-context results in "outcome" => "success" and requires reload. After reload there are errors in server log, but there is no notice in CLI. A user should be notified immediately that entered value is not correct – the operation should fail.

      Furthermore, when an invalid combination of cipher-suite-filter and protocols is entered, the operation passes and there are errors in server log after reload only. Again, a user should be notified immediately that entered combination of values is not correct – the operation should fail. Should I create separate JIRA issue for this?

      Attachments

        Issue Links

          is cloned by

          Bug - A problem that impairs or prevents the functions of the product. WFCORE-2795 Writing invalid value for cipher-suite-filter attribute of Elytron *-ssl-context should result in failure

          • Major - To be worked after higher priority work items are addressed. When the severity is high and the effort to change it is low to moderate, this term is chosen. Issues in this category likely have an existing workaround but implementation or execution may be non-trivial.
          • Resolved

          Bug - A problem that impairs or prevents the functions of the product. JBEAP-10868 Writing invalid combination of cipher-suite-filter and protocols attributes of Elytron *-ssl-context should result in failure

          • Major - To be worked after higher priority work items are addressed. When the severity is high and the effort to change it is low to moderate, this term is chosen. Issues in this category likely have an existing workaround but implementation or execution may be non-trivial.
          • Closed
          is incorporated by

          Component Upgrade - A task tracking an update to a bundled component or revision of component upstream of the project. JBEAP-10845 (7.1.0) Upgrade to WildFly Core to 3.0.0.Beta23

          • Major - To be worked after higher priority work items are addressed. When the severity is high and the effort to change it is low to moderate, this term is chosen. Issues in this category likely have an existing workaround but implementation or execution may be non-trivial.
          • Verified

          Activity

            People

              yborgess1@redhat.com Yeray Borges Santana
              okotek@redhat.com Ondrej Kotek
              Ondrej Kotek Ondrej Kotek
              Ondrej Kotek Ondrej Kotek
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: