Details
-
Bug
-
Resolution: Won't Do
-
Major
-
None
-
25.0.0.Final
-
None
Description
By default there exist two security providers in WildFly standalone.xml configuration: openssl and elytron
<providers> <aggregate-providers name="combined-providers"> <providers name="elytron"/> <providers name="openssl"/> </aggregate-providers> <provider-loader name="elytron" module="org.wildfly.security.elytron"/> <provider-loader name="openssl" module="org.wildfly.openssl"/> </providers>
When server-ssl-context don't have specified ssl provider defined or openssl or combined-providers provider is used then WildFly starts normally and SSL works just fine.
<server-ssl-context name="applicationSSC" key-manager="applicationKM" /> or <server-ssl-context name="applicationSSC" key-manager="applicationKM" providers="openssl"/> or <server-ssl-context name="applicationSSC" key-manager="applicationKM" providers="combined-providers"/>
In case we configure elytron provider I get an error messages during Wildfly start and HTTPS doesn't work
12:00:16,533 ERROR [org.jboss.msc.service.fail] (MSC service thread 1-5) MSC000001: Failed to start service org.wildfly.security.ssl-context.applicationSSC: org.jboss.msc.service.StartException in service org.wildfly.security.ssl-context.applicationSSC: java.security.NoSuchAlgorithmException: ELY04001: No algorithm found matching TLS/SSL protocol selection criteria at org.wildfly.extension.elytron@17.0.0.Final-redhat-20210930//org.wildfly.extension.elytron.SSLDefinitions$6.lambda$getValueSupplier$1(SSLDefinitions.java:1372) at org.wildfly.extension.elytron@17.0.0.Final-redhat-20210930//org.wildfly.extension.elytron.TrivialService.start(TrivialService.java:61) ... 12:00:16,816 ERROR [org.jboss.as.controller.management-operation] (Controller Boot Thread) WFLYCTL0013: Operation ("add") failed - address: ([ ("subsystem" => "elytron"), ("server-ssl-context" => "applicationSSC") ]) - failure description: {"WFLYCTL0080: Failed services" => {"org.wildfly.security.ssl-context.applicationSSC" => "java.security.NoSuchAlgorithmException: ELY04001: No algorithm found matching TLS/SSL protocol selection criteria Caused by: java.security.NoSuchAlgorithmException: ELY04001: No algorithm found matching TLS/SSL protocol selection criteria"}} ... 12:00:16,848 ERROR [org.jboss.as] (Controller Boot Thread) WFLYSRV0026: JBoss EAP 8.0.0.Alpha (WildFly Core 17.0.0.Final-redhat-20210930) started (with errors) in 1698ms - Started 290 of 535 services (3 services failed or missing dependencies, 336 services are lazy, passive or on-demand)
Is there an explanation why this happens? Is there some dependency on openssl provider we don't see that may cause this failure when we explicitly configure elytron provider only?
same behavior is also for WildFly 24.0.1.Final
Attachments
Issue Links
- is related to
-
ELY-2228 Update the exception message that occurs when no SSLContext implementation is provided by the configured providers
-
- Resolved
-
