Bug 1308894 - Some ADH cipher suites are not recognized by Web HTTPS connector
Summary: Some ADH cipher suites are not recognized by Web HTTPS connector
Keywords:
Status: CLOSED WONTFIX
Alias: None
Product: JBoss Enterprise Application Platform 6
Classification: JBoss
Component: Web
Version: 6.3.3
Hardware: Unspecified
OS: Unspecified
unspecified
medium
Target Milestone: ---
: ---
Assignee: jboss-set
QA Contact: Ondrej Kotek
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2016-02-16 11:53 UTC by Ondrej Kotek
Modified: 2019-03-01 12:28 UTC (History)
2 users (show)

Fixed In Version:
Clone Of:
Environment:
Last Closed: 2019-03-01 12:28:54 UTC
Type: Bug
Embargoed:


Attachments (Terms of Use)

Description Ondrej Kotek 2016-02-16 11:53:08 UTC
Description of problem:
There are 5 ADH cipher suites that are not recognized by HTTPS connector (listener does not start). Namely: EXP-ADH-DES-CBC-SHA, ADH-DES-CBC-SHA, ADH-DES-CBC3-SHA, EXP-ADH-RC4-MD5, ADH-RC4-MD5.

How reproducible:
Set given cipher suite to Web HTTPS connector. Start server.

    <connector name="https" protocol="HTTP/1.1" scheme="https" socket-binding="https" secure="true" enabled="true">
        <ssl key-alias="javaserver" password="tomcat" certificate-key-file="/path-to/server-cert-key-rsa.jks" cipher-suite="EXP-ADH-DES-CBC-SHA" verify-client="false" certificate-file="/path-to/server-cert-key-rsa.jks" ca-certificate-file="/path-to/ca-cert.jks"/>
    </connector>


Actual results:
ERROR [org.apache.coyote.http11.Http11Protocol] (MSC service thread 1-2) JBWEB003043: Error initializing endpoint: java.io.IOException: JBWEB002081: No cipher match
...
ERROR [org.jboss.msc.service.fail] (MSC service thread 1-2) MSC000001: Failed to start service jboss.web.connector.https: org.jboss.msc.service.StartException in service jboss.web.connector.https: JBAS018007: Error starting web connector

Expected results:
HTTPS connector service starts.

Comment 1 Ondrej Kotek 2016-02-17 12:20:47 UTC
The 5 cipher suites named above are the only that are supported by IBM JDK for "aNULL" and "ADH" cipher strings. Hence the cipher strings are also not recognized by HTTPS connector on IBM JDK (causes the same error described above).


Note You need to log in before you can comment on or make changes to this bug.