Uploaded image for project: 'WildFly Core'
  1. WildFly Core
  2. WFCORE-2795

Writing invalid value for cipher-suite-filter attribute of Elytron *-ssl-context should result in failure

XMLWordPrintable

    • Hide
      1. /subsystem=elytron/server-ssl-context=server-ssl-context1:add
      2. /subsystem=elytron/server-ssl-context=server-ssl-context1:write-attribute(name=cipher-suite-filter,value="ab")
      • should fail
      1. reload
      • errors in server log
      13:19:15,855 ERROR [org.jboss.msc.service.fail] (MSC service thread 1-4) MSC000001: Failed to start service org.wildfly.security.ssl-context.server-ssl-context1: org.jboss.msc.service.StartException in service org.wildfly.security.ssl-context.server-ssl-context1: Failed to start service
      	at org.jboss.msc.service.ServiceControllerImpl$StartTask.run(ServiceControllerImpl.java:1919)
      	at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
      	at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
      	at java.lang.Thread.run(Thread.java:745)
      Caused by: java.lang.IllegalArgumentException: ELY05016: Unrecognized token "ab" in mechanism selection string "ab"
      	at org.wildfly.security.ssl.CipherSuiteSelector.fromString(CipherSuiteSelector.java:423)
      	at org.wildfly.extension.elytron.SSLDefinitions$3.lambda$getValueSupplier$1(SSLDefinitions.java:510)
      	at org.wildfly.extension.elytron.TrivialService.start(TrivialService.java:53)
      	at org.jboss.msc.service.ServiceControllerImpl$StartTask.startService(ServiceControllerImpl.java:1963)
      	at org.jboss.msc.service.ServiceControllerImpl$StartTask.run(ServiceControllerImpl.java:1896)
      	... 3 more
      
      ...
      
      13:19:15,923 ERROR [org.jboss.as.controller.management-operation] (Controller Boot Thread) WFLYCTL0013: Operation ("add") failed - address: ([
          ("subsystem" => "elytron"),
          ("server-ssl-context" => "server-ssl-context1")
      ]) - failure description: {
          "WFLYCTL0080: Failed services" => {"org.wildfly.security.ssl-context.server-ssl-context1" => "org.jboss.msc.service.StartException in service org.wildfly.security.ssl-context.server-ssl-context1: Failed to start service
          Caused by: java.lang.IllegalArgumentException: ELY05016: Unrecognized token \"ab\" in mechanism selection string \"ab\""},
          "WFLYCTL0412: Required services that are not installed:" => ["org.wildfly.security.ssl-context.server-ssl-context1"],
          "WFLYCTL0180: Services with missing/unavailable dependencies" => undefined
      }
      
      Show
      /subsystem=elytron/server-ssl-context=server-ssl-context1:add /subsystem=elytron/server-ssl-context=server-ssl-context1:write-attribute(name=cipher-suite-filter,value="ab") should fail reload errors in server log 13:19:15,855 ERROR [org.jboss.msc.service.fail] (MSC service thread 1-4) MSC000001: Failed to start service org.wildfly.security.ssl-context.server-ssl-context1: org.jboss.msc.service.StartException in service org.wildfly.security.ssl-context.server-ssl-context1: Failed to start service at org.jboss.msc.service.ServiceControllerImpl$StartTask.run(ServiceControllerImpl.java:1919) at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142) at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617) at java.lang.Thread.run(Thread.java:745) Caused by: java.lang.IllegalArgumentException: ELY05016: Unrecognized token "ab" in mechanism selection string "ab" at org.wildfly.security.ssl.CipherSuiteSelector.fromString(CipherSuiteSelector.java:423) at org.wildfly.extension.elytron.SSLDefinitions$3.lambda$getValueSupplier$1(SSLDefinitions.java:510) at org.wildfly.extension.elytron.TrivialService.start(TrivialService.java:53) at org.jboss.msc.service.ServiceControllerImpl$StartTask.startService(ServiceControllerImpl.java:1963) at org.jboss.msc.service.ServiceControllerImpl$StartTask.run(ServiceControllerImpl.java:1896) ... 3 more ... 13:19:15,923 ERROR [org.jboss.as.controller.management-operation] (Controller Boot Thread) WFLYCTL0013: Operation ("add") failed - address: ([ ("subsystem" => "elytron"), ("server-ssl-context" => "server-ssl-context1") ]) - failure description: { "WFLYCTL0080: Failed services" => {"org.wildfly.security.ssl-context.server-ssl-context1" => "org.jboss.msc.service.StartException in service org.wildfly.security.ssl-context.server-ssl-context1: Failed to start service Caused by: java.lang.IllegalArgumentException: ELY05016: Unrecognized token \"ab\" in mechanism selection string \"ab\""}, "WFLYCTL0412: Required services that are not installed:" => ["org.wildfly.security.ssl-context.server-ssl-context1"], "WFLYCTL0180: Services with missing/unavailable dependencies" => undefined }
    • User Experience

      Writing invalid value for cipher-suite-filter attribute of *-ssl-context results in "outcome" => "success" and requires reload. After reload there are errors in server log, but there is no notice in CLI. A user should be notified immediately that entered value is not correct – the operation should fail.

      Furthermore, when an invalid combination of cipher-suite-filter and protocols is entered, the operation passes and there are errors in server log after reload only. Again, a user should be notified immediately that entered combination of values is not correct – the operation should fail. Should I create separate JIRA issue for this?

              yborgess1@redhat.com Yeray Borges Santana
              yborgess1@redhat.com Yeray Borges Santana
              Ondrej Kotek Ondrej Kotek
              Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

                Created:
                Updated:
                Resolved: