Bug 1308894 - Some ADH cipher suites are not recognized by Web HTTPS connector
Some ADH cipher suites are not recognized by Web HTTPS connector
Status: NEW
Product: JBoss Enterprise Application Platform 6
Classification: JBoss
Component: Web (Show other bugs)
6.3.3
Unspecified Unspecified
unspecified Severity medium
: ---
: ---
Assigned To: jboss-set
Ondrej Kotek
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2016-02-16 06:53 EST by Ondrej Kotek
Modified: 2016-02-17 07:20 EST (History)
2 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed:
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Ondrej Kotek 2016-02-16 06:53:08 EST
Description of problem:
There are 5 ADH cipher suites that are not recognized by HTTPS connector (listener does not start). Namely: EXP-ADH-DES-CBC-SHA, ADH-DES-CBC-SHA, ADH-DES-CBC3-SHA, EXP-ADH-RC4-MD5, ADH-RC4-MD5.

How reproducible:
Set given cipher suite to Web HTTPS connector. Start server.

    <connector name="https" protocol="HTTP/1.1" scheme="https" socket-binding="https" secure="true" enabled="true">
        <ssl key-alias="javaserver" password="tomcat" certificate-key-file="/path-to/server-cert-key-rsa.jks" cipher-suite="EXP-ADH-DES-CBC-SHA" verify-client="false" certificate-file="/path-to/server-cert-key-rsa.jks" ca-certificate-file="/path-to/ca-cert.jks"/>
    </connector>


Actual results:
ERROR [org.apache.coyote.http11.Http11Protocol] (MSC service thread 1-2) JBWEB003043: Error initializing endpoint: java.io.IOException: JBWEB002081: No cipher match
...
ERROR [org.jboss.msc.service.fail] (MSC service thread 1-2) MSC000001: Failed to start service jboss.web.connector.https: org.jboss.msc.service.StartException in service jboss.web.connector.https: JBAS018007: Error starting web connector

Expected results:
HTTPS connector service starts.
Comment 1 Ondrej Kotek 2016-02-17 07:20:47 EST
The 5 cipher suites named above are the only that are supported by IBM JDK for "aNULL" and "ADH" cipher strings. Hence the cipher strings are also not recognized by HTTPS connector on IBM JDK (causes the same error described above).

Note You need to log in before you can comment on or make changes to this bug.