Uploaded image for project: 'WildFly WIP'
  1. WildFly WIP
  2. WFWIP-155

WildFly gets stuck with TLSv1.3 on JDK 11

    Details

    • Type: Bug
    • Status: Resolved (View Workflow)
    • Priority: Blocker
    • Resolution: Done
    • Component/s: Security
    • Labels:
    • Environment:

      JDK 11

    • Steps to Reproduce:
      Hide
      1. Build WildFly with necessary components containing this feature:
        https://github.com/fjuma/wildfly-elytron/tree/ELY-1706
        https://github.com/undertow-io/undertow/tree/2.0.17.Final
        https://github.com/fjuma/wildfly-core/tree/WFCORE-4172
        https://github.com/wildfly/wildfly/commit/4583669
      2. Configure server-ssl-context allowing TLSv1.3
        connect
        /subsystem=elytron/key-store=tls13:add(path=keystore.jks,relative-to=jboss.server.config.dir,credential-reference={clear-text=secret},type=JKS)
        /subsystem=elytron/key-store=tls13:generate-key-pair(alias=localhost,algorithm=RSA,key-size=1024,validity=365,credential-reference={clear-text=secret},distinguished-name="CN=localhost")
        /subsystem=elytron/key-store=tls13:store()
        /subsystem=elytron/key-manager=tls13:add(key-store=tls13,credential-reference={clear-text=secret})
        /subsystem=elytron/server-ssl-context=tls13:add(key-manager=tls13,protocols=["TLSv1.3"])
        
        batch
        /subsystem=undertow/server=default-server/https-listener=https:undefine-attribute(name=security-realm)
        /subsystem=undertow/server=default-server/https-listener=https:write-attribute(name=ssl-context,value=tls13)
        run-batch
        
        reload
        
      3. Send request to localhost
        while [ True ]; do curl --verbose --insecure --tlsv1.3 --http2  https://localhost:8443; sleep 1; done
        
      4. Wait for the server to get stuck
      Show
      Build WildFly with necessary components containing this feature: https://github.com/fjuma/wildfly-elytron/tree/ELY-1706 https://github.com/undertow-io/undertow/tree/2.0.17.Final https://github.com/fjuma/wildfly-core/tree/WFCORE-4172 https://github.com/wildfly/wildfly/commit/4583669 Configure server-ssl-context allowing TLSv1.3 connect /subsystem=elytron/key-store=tls13:add(path=keystore.jks,relative-to=jboss.server.config.dir,credential-reference={clear-text=secret},type=JKS) /subsystem=elytron/key-store=tls13:generate-key-pair(alias=localhost,algorithm=RSA,key-size=1024,validity=365,credential-reference={clear-text=secret},distinguished-name= "CN=localhost" ) /subsystem=elytron/key-store=tls13:store() /subsystem=elytron/key-manager=tls13:add(key-store=tls13,credential-reference={clear-text=secret}) /subsystem=elytron/server-ssl-context=tls13:add(key-manager=tls13,protocols=[ "TLSv1.3" ]) batch /subsystem=undertow/server= default -server/https-listener=https:undefine-attribute(name=security-realm) /subsystem=undertow/server= default -server/https-listener=https:write-attribute(name=ssl-context,value=tls13) run-batch reload Send request to localhost while [ True ]; do curl --verbose --insecure --tlsv1.3 --http2 https: //localhost:8443; sleep 1; done Wait for the server to get stuck

      Description

      WildFly gets stuck with when using TLSv1.3. The process starts to heavily use the processor and cannot be stopped by simple SIGINT(Ctrl+C). The issue needs further investigation as no apparent reason for it being stuck.

      One possibility is mentioned in the comments for UNDERTOW-1493 is JDK-8208526.

        Gliffy Diagrams

          Attachments

            Issue Links

              Activity

                People

                • Assignee:
                  fjuma Farah Juma
                  Reporter:
                  adamkrajcik Adam Krajcik
                • Votes:
                  0 Vote for this issue
                  Watchers:
                  4 Start watching this issue

                  Dates

                  • Created:
                    Updated:
                    Resolved: