Uploaded image for project: 'WildFly WIP'
  1. WildFly WIP
  2. WFWIP-155

WildFly gets stuck with TLSv1.3 on JDK 11

    XMLWordPrintable

    Details

    • Steps to Reproduce:
      Hide
      1. Build WildFly with necessary components containing this feature:
        https://github.com/fjuma/wildfly-elytron/tree/ELY-1706
        https://github.com/undertow-io/undertow/tree/2.0.17.Final
        https://github.com/fjuma/wildfly-core/tree/WFCORE-4172
        https://github.com/wildfly/wildfly/commit/4583669
      2. Configure server-ssl-context allowing TLSv1.3
        connect
        /subsystem=elytron/key-store=tls13:add(path=keystore.jks,relative-to=jboss.server.config.dir,credential-reference={clear-text=secret},type=JKS)
        /subsystem=elytron/key-store=tls13:generate-key-pair(alias=localhost,algorithm=RSA,key-size=1024,validity=365,credential-reference={clear-text=secret},distinguished-name="CN=localhost")
        /subsystem=elytron/key-store=tls13:store()
        /subsystem=elytron/key-manager=tls13:add(key-store=tls13,credential-reference={clear-text=secret})
        /subsystem=elytron/server-ssl-context=tls13:add(key-manager=tls13,protocols=["TLSv1.3"])
        
        batch
        /subsystem=undertow/server=default-server/https-listener=https:undefine-attribute(name=security-realm)
        /subsystem=undertow/server=default-server/https-listener=https:write-attribute(name=ssl-context,value=tls13)
        run-batch
        
        reload
        
      3. Send request to localhost
        while [ True ]; do curl --verbose --insecure --tlsv1.3 --http2  https://localhost:8443; sleep 1; done
        
      4. Wait for the server to get stuck
      Show
      Build WildFly with necessary components containing this feature: https://github.com/fjuma/wildfly-elytron/tree/ELY-1706 https://github.com/undertow-io/undertow/tree/2.0.17.Final https://github.com/fjuma/wildfly-core/tree/WFCORE-4172 https://github.com/wildfly/wildfly/commit/4583669 Configure server-ssl-context allowing TLSv1.3 connect /subsystem=elytron/key-store=tls13:add(path=keystore.jks,relative-to=jboss.server.config.dir,credential-reference={clear-text=secret},type=JKS) /subsystem=elytron/key-store=tls13:generate-key-pair(alias=localhost,algorithm=RSA,key-size=1024,validity=365,credential-reference={clear-text=secret},distinguished-name= "CN=localhost" ) /subsystem=elytron/key-store=tls13:store() /subsystem=elytron/key-manager=tls13:add(key-store=tls13,credential-reference={clear-text=secret}) /subsystem=elytron/server-ssl-context=tls13:add(key-manager=tls13,protocols=[ "TLSv1.3" ]) batch /subsystem=undertow/server= default -server/https-listener=https:undefine-attribute(name=security-realm) /subsystem=undertow/server= default -server/https-listener=https:write-attribute(name=ssl-context,value=tls13) run-batch reload Send request to localhost while [ True ]; do curl --verbose --insecure --tlsv1.3 --http2 https: //localhost:8443; sleep 1; done Wait for the server to get stuck

      Description

      WildFly gets stuck with when using TLSv1.3. The process starts to heavily use the processor and cannot be stopped by simple SIGINT(Ctrl+C). The issue needs further investigation as no apparent reason for it being stuck.

      One possibility is mentioned in the comments for UNDERTOW-1493 is JDK-8208526.

        Attachments

          Issue Links

            Activity

              People

              Assignee:
              fjuma Farah Juma
              Reporter:
              adamkrajcik Adam Krajcik
              Votes:
              0 Vote for this issue
              Watchers:
              4 Start watching this issue

                Dates

                Created:
                Updated:
                Resolved: