Details
-
Bug
-
Resolution: Done
-
Major
-
25.0.0.Beta1, 25.0.0.Final
-
None
-
- Dowload and unzip WildFly 25.0.0.Final https://github.com/wildfly/wildfly/releases/download/25.0.0.Final/wildfly-25.0.0.Final.zip
- start it in the standalone mode and connect to it via jboss-cli.sh
- execute following configuration in jboss-cli
/subsystem=elytron/server-ssl-context=applicationSSC:write-attribute(name=protocols,value=[TLSv1.2]) /subsystem=elytron/server-ssl-context=applicationSSC:write-attribute(name=providers,value=openssl) reload
- deploy attached application sessionCounter.war
- make request to deployment via curl and you should see the errors.
curl --http1.1 -k -v https://127.0.0.1:8443/sessionCounter/SessionAccessCounter
Dowload and unzip WildFly 25.0.0.Final https://github.com/wildfly/wildfly/releases/download/25.0.0.Final/wildfly-25.0.0.Final.zip start it in the standalone mode and connect to it via jboss-cli.sh execute following configuration in jboss-cli /subsystem=elytron/server-ssl-context=applicationSSC:write-attribute(name=protocols,value=[TLSv1.2]) /subsystem=elytron/server-ssl-context=applicationSSC:write-attribute(name=providers,value=openssl) reload deploy attached application sessionCounter.war make request to deployment via curl and you should see the errors. curl --http1.1 -k -v https: //127.0.0.1:8443/sessionCounter/SessionAccessCounter
Description
Request on deployment over HTTP 1.1 protocol with configured TLSv1.2 only and using openssl provider throws an IllegalStateException in server log:
11:23:45,304 ERROR [io.undertow.request] (default task-1) UT005023: Exception handling request to /sessionCounter/SessionAccessCounter: java.lang.IllegalStateException: UT000124: renegotiation timed out at io.undertow.core@2.2.12.Final//io.undertow.server.ConnectionSSLSessionInfo.renegotiateNoRequest(ConnectionSSLSessionInfo.java:235) at io.undertow.core@2.2.12.Final//io.undertow.server.ConnectionSSLSessionInfo.renegotiate(ConnectionSSLSessionInfo.java:136) at org.wildfly.security.elytron-web.undertow-server@1.9.1.Final//org.wildfly.elytron.web.undertow.server.ElytronHttpExchange.getPeerCertificates(ElytronHttpExchange.java:143) at org.wildfly.security.elytron-base@1.17.1.Final//org.wildfly.security.http.HttpAuthenticator$AuthenticationExchange.getPeerCertificates(HttpAuthenticator.java:400) at org.wildfly.security.elytron-base@1.17.1.Final//org.wildfly.security.http.cert.ClientCertAuthenticationMechanism.attemptAuthentication(ClientCertAuthenticationMechanism.java:102) at org.wildfly.security.elytron-base@1.17.1.Final//org.wildfly.security.http.cert.ClientCertAuthenticationMechanism.evaluateRequest(ClientCertAuthenticationMechanism.java:94) at org.wildfly.security.elytron-base@1.17.1.Final//org.wildfly.security.auth.server.SecurityIdentityServerMechanismFactory$1.evaluateRequest(SecurityIdentityServerMechanismFactory.java:85) at org.wildfly.security.elytron-base@1.17.1.Final//org.wildfly.security.http.HttpAuthenticator$AuthenticationExchange.authenticate(HttpAuthenticator.java:325) at org.wildfly.security.elytron-base@1.17.1.Final//org.wildfly.security.http.HttpAuthenticator$AuthenticationExchange.access$800(HttpAuthenticator.java:300) at org.wildfly.security.elytron-base@1.17.1.Final//org.wildfly.security.http.HttpAuthenticator.authenticate(HttpAuthenticator.java:94)
On client side it show also error.
* TLSv1.2 (IN), TLS handshake, Hello request (0): * TLSv1.2 (OUT), TLS handshake, Client hello (1): * OpenSSL SSL_read: SSL_ERROR_SYSCALL, errno 0 * Closing connection 0 curl: (56) OpenSSL SSL_read: SSL_ERROR_SYSCALL, errno 0
This happen only for TLSv1.2 of OpenSSL when is used HTTP 1.1 protocol. With protocol HTTP 2 or TLSv1.3 it works fine. Also JDK TLS provider works fine for both version of TLS and both HTTP protocols.
This not happen for WildFly 24.0.1.Final.
Attachments
Issue Links
- is caused by
-
-
- Resolved
-
- is incorporated by
-
WFCORE-5677 Upgrade Elytron Web to 1.10.0.Final
-
- Closed
-
- is related to
-
-
- Closed
-
-
-
- Closed
-
