Uploaded image for project: 'WildFly WIP'
  1. WildFly WIP
  2. WFWIP-155

WildFly gets stuck with TLSv1.3 on JDK 11

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Done
    • Icon: Blocker Blocker
    • Security
    • Hide
      1. Build WildFly with necessary components containing this feature:
        https://github.com/fjuma/wildfly-elytron/tree/ELY-1706
        https://github.com/undertow-io/undertow/tree/2.0.17.Final
        https://github.com/fjuma/wildfly-core/tree/WFCORE-4172
        https://github.com/wildfly/wildfly/commit/4583669
      2. Configure server-ssl-context allowing TLSv1.3 
        connect
/subsystem=elytron/key-store=tls13:add(path=keystore.jks,relative-to=jboss.server.config.dir,credential-reference={clear-text=secret},type=JKS)
/subsystem=elytron/key-store=tls13:generate-key-pair(alias=localhost,algorithm=RSA,key-size=1024,validity=365,credential-reference={clear-text=secret},distinguished-name="CN=localhost")
/subsystem=elytron/key-store=tls13:store()
/subsystem=elytron/key-manager=tls13:add(key-store=tls13,credential-reference={clear-text=secret})
/subsystem=elytron/server-ssl-context=tls13:add(key-manager=tls13,protocols=["TLSv1.3"])

batch
/subsystem=undertow/server=default-server/https-listener=https:undefine-attribute(name=security-realm)
/subsystem=undertow/server=default-server/https-listener=https:write-attribute(name=ssl-context,value=tls13)
run-batch

reload
      3. Send request to localhost 
        while [ True ]; do curl --verbose --insecure --tlsv1.3 --http2  https://localhost:8443; sleep 1; done
      4. Wait for the server to get stuck
      Show
      Build WildFly with necessary components containing this feature: https://github.com/fjuma/wildfly-elytron/tree/ELY-1706 https://github.com/undertow-io/undertow/tree/2.0.17.Final https://github.com/fjuma/wildfly-core/tree/WFCORE-4172 https://github.com/wildfly/wildfly/commit/4583669 Configure server-ssl-context allowing TLSv1.3 connect /subsystem=elytron/key-store=tls13:add(path=keystore.jks,relative-to=jboss.server.config.dir,credential-reference={clear-text=secret},type=JKS) /subsystem=elytron/key-store=tls13:generate-key-pair(alias=localhost,algorithm=RSA,key-size=1024,validity=365,credential-reference={clear-text=secret},distinguished-name= "CN=localhost" ) /subsystem=elytron/key-store=tls13:store() /subsystem=elytron/key-manager=tls13:add(key-store=tls13,credential-reference={clear-text=secret}) /subsystem=elytron/server-ssl-context=tls13:add(key-manager=tls13,protocols=[ "TLSv1.3" ]) batch /subsystem=undertow/server= default -server/https-listener=https:undefine-attribute(name=security-realm) /subsystem=undertow/server= default -server/https-listener=https:write-attribute(name=ssl-context,value=tls13) run-batch reload Send request to localhost while [ True ]; do curl --verbose --insecure --tlsv1.3 --http2 https: //localhost:8443; sleep 1; done Wait for the server to get stuck

      WildFly gets stuck with when using TLSv1.3. The process starts to heavily use the processor and cannot be stopped by simple SIGINT(Ctrl+C). The issue needs further investigation as no apparent reason for it being stuck.

      One possibility is mentioned in the comments for UNDERTOW-1493 is JDK-8208526.

              fjuma1@redhat.com Farah Juma
              akrajcik@redhat.com Adam Krajcik
              Votes:
              0 Vote for this issue
              Watchers:
              4 Start watching this issue

                Created:
                Updated:
                Resolved: