Uploaded image for project: 'WildFly OpenSSL'
  1. WildFly OpenSSL
  2. WFSSL-83

wildfly-openssl error message when wrong implementation path given

XMLWordPrintable

    • Icon: Improvement Improvement
    • Resolution: Unresolved
    • Icon: Major Major
    • None
    • None
    • None
    • False
    • False

      When server-ssl-context resource has its providers attribute set to value openssl and the WildFly server is started with

      ./standalone.sh -Dorg.wildfly.openssl.path=nonexistent-path
or
./standalone.sh -Dorg.wildfly.openssl.libwfssl.path=nonexistent-path
or both 
./standalone.sh -Dorg.wildfly.openssl.path=nonexistent-path -Dorg.wildfly.openssl.libwfssl.path=nonexistent-path

      Then following error can be observed in the server log:

      14:27:42,107 ERROR [org.jboss.msc.service.fail] (MSC service thread 1-4) MSC000001: Failed to start service org.wildfly.security.ssl-context.applicationSSC: org.jboss.msc.service.StartException in service org.wildfly.security.ssl-context.applicationSSC: java.security.NoSuchAlgorithmException: ELY04001: No algorithm found matching TLS/SSL protocol selection criteria

...

14:27:42,330 ERROR [org.jboss.as.controller.management-operation] (Controller Boot Thread) WFLYCTL0013: Operation ("add") failed - address: ([
    ("subsystem" => "elytron"),
    ("server-ssl-context" => "applicationSSC")
]) - failure description: {"WFLYCTL0080: Failed services" => {"org.wildfly.security.ssl-context.applicationSSC" => "java.security.NoSuchAlgorithmException: ELY04001: No algorithm found matching TLS/SSL protocol selection criteria
    Caused by: java.security.NoSuchAlgorithmException: ELY04001: No algorithm found matching TLS/SSL protocol selection criteria"}}

...

14:27:42,364 ERROR [org.jboss.as] (Controller Boot Thread) WFLYSRV0026: JBoss EAP 8.0.0.Alpha (WildFly Core 17.0.0.Final-redhat-20210930) started (with errors) in 1596ms - Started 288 of 533 services (3 services failed or missing dependencies, 336 services are lazy, passive or on-demand)

      There is wrong path to open SSL implementation given to the server so server boot failure is expected. Although, I would expect a more specific message that it could not load the library, find appropriate file in the given path or something similar instead of just plain:

      No algorithm found matching TLS/SSL protocol.

      Would it be possible?

              rhn-cservice-bbaranow Bartosz Baranowski
              rhn-support-kstekovi Krystof Stekovic
              Votes:
              0 Vote for this issue
              Watchers:
              5 Start watching this issue

                Created:
                Updated: