Uploaded image for project: 'WildFly Elytron'
  1. WildFly Elytron
  2. ELY-395

Undertow HTTPS listener offers no cipher suite for DEFAULT enabled-cipher-suites

    XMLWordPrintable

Details

    • Bug
    • Resolution: Done
    • Major
    • 1.1.0.Beta6
    • 1.0.2.Final
    • SSL
    • None
      1. add HTTPS listener to Undertow subsytem, add corresponding security realm
      2. set enabled-cipher-suites="DEFAULT" for the listener
      3. try to do a handshake with HTTPS listener
    • Workaround Exists
    • Hide

      The following string can be manually specified instead: -

      ALL:!aNULL:!eNULL
      Show
      The following string can be manually specified instead: - ALL:!aNULL:!eNULL

    Description

      No cipher suites are available for handshake with HTTPS Undertow listener.

      According to OpenSSL documentation [1], cipher suites corresponding with ALL:!COMPLEMENTOFDEFAULT:!eNULL cipher string should be available for handshake.

      According to Elytron documentation [2], cipher suites corresponding with ALL:!aNULL:!eNULL cipher string should be available for handshake.

      [1] https://www.openssl.org/docs/manmaster/apps/ciphers.html#CIPHER-STRINGS
      [2] http://wildfly-security.github.io/wildfly-elytron/org/wildfly/security/ssl/CipherSuiteSelector.html#fromString-java.lang.String-

      Attachments

        Issue Links

          clones

          Bug - A problem that impairs or prevents the functions of the product. JBEAP-2198 Undertow HTTPS listener offers no cipher suite for DEFAULT enabled-cipher-suites

          • Major - To be worked after higher priority work items are addressed. When the severity is high and the effort to change it is low to moderate, this term is chosen. Issues in this category likely have an existing workaround but implementation or execution may be non-trivial.
          • Closed

          Activity

            People

              darran.lofthouse@redhat.com Darran Lofthouse
              okotek@redhat.com Ondrej Kotek
              Ondrej Kotek Ondrej Kotek
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: