| Summary: | Web HTTPS connector with TLSv1 cipher string offers no cipher suites on IBM JDK | ||
|---|---|---|---|
| Product: | [JBoss] JBoss Enterprise Application Platform 6 | Reporter: | Ondrej Kotek <okotek> |
| Component: | Web | Assignee: | jboss-set |
| Status: | CLOSED WONTFIX | QA Contact: | Ondrej Kotek <okotek> |
| Severity: | low | Docs Contact: | |
| Priority: | unspecified | ||
| Version: | 6.3.3 | CC: | rmaucher |
| Target Milestone: | --- | ||
| Target Release: | --- | ||
| Hardware: | Unspecified | ||
| OS: | Unspecified | ||
| Whiteboard: | |||
| Fixed In Version: | Doc Type: | Bug Fix | |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2019-03-01 12:28:53 UTC | Type: | Bug |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
Description of problem: Having set TLSv1 cipher string to Web HTTPS connector, the HTTPS connector service offers no cipher suites for handshake on IBM JDK. How reproducible: Set TLSv1 cipher string as cipher suite of Web HTTPS connector. Start server. Try handshake with HTTPS connector. <connector name="https" protocol="HTTP/1.1" scheme="https" socket-binding="https" secure="true" enabled="true"> <ssl key-alias="javaserver" password="tomcat" certificate-key-file="/path-to/server-cert-key-rsa.jks" cipher-suite="TLSv1" verify-client="false" certificate-file="/path-to/server-cert-key-rsa.jks" ca-certificate-file="/path-to/ca-cert.jks"/> </connector> Actual results: Handshake fails because there are no cipher suites offered by server. Expected results: Handshake succeeds and an TLSv1 cipher suite is used for communication. Additional info: It works with concrete TLSv1 cipher suites.