Note: This bug is displayed in read-only format because the product is no longer active in Red Hat Bugzilla.

Bug 1430730

Summary: No matching cipher on IBM JDK
Product: [JBoss] JBoss Enterprise Application Platform 6 Reporter: Ivo Hradek <ihradek>
Component: Web, SecurityAssignee: jboss-set
Status: CLOSED EOL QA Contact: Pavel Slavicek <pslavice>
Severity: high Docs Contact:
Priority: unspecified    
Version: 6.4.13CC: pmackay, rmartinc, rmaucher
Target Milestone: ---   
Target Release: ---   
Hardware: Unspecified   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2019-08-19 12:45:28 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 1510331    

Description Ivo Hradek 2017-03-09 12:47:50 UTC 
Hello,

It seems that SSL Encryption doesn't work with new release of IBM JDK (7.1 service refresh 4).

Step to reproduce:
1. Configure EAP using SSL as usual [1].
2. Running:
 $ cat $JBOSS_HOME/version.txt
  Red Hat JBoss Enterprise Application Platform - Version 6.4.13.GA
 $ java -version
  java version "1.8.0"
  Java(TM) SE Runtime Environment (build px6480sr4fp1-20170215_01(SR4 FP1))
  IBM J9 VM (build 2.8, JRE 1.8.0 Linux amd64-64 Compressed References 20170209_336038 (JIT enabled, AOT enabled)
  J9VM - R28_20170209_0201_B336038
  JIT  - tr.r14.java.green.20170209_0201_B336038_131456
  GC   - r28_20170209_0201_B336038_CMPRSS
  J9CL - 20170209_0201_336038)
  JCL - 20170215_01 based on Oracle jdk8u121-b13
 $ sh $JBOSS_HOME/bin/standalone.sh
  ...
  ERROR [org.apache.coyote.http11.Http11Protocol] (MSC service thread 1-1) JBWEB003043: Error initializing endpoint: java.io.IOException: JBWEB002081: No cipher match
  ...

Same EAP setup is working with older IBM JDK release (1.7.1.3.60) and OpenJDK as well. This applies for all java versions (6,7,8).
For full stack-trace see [2].

Note: This might has been caused by missing some SSL/TLS cipher-suite mappings(matchings) either in org.apache.tomcat.util.net.jsse.openssl.Cipher or IBM JDK implementation (or both?), even though official IBM docs [3] claims, that supported are both variants.
--
[1] https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/6.4/html/how_to_configure_server_security/securing_the_server_and_its_interfaces#setting_up_an_ssl_tls_connector
[2] http://pastebin.test.redhat.com/460269
[3] https://www.ibm.com/support/knowledgecenter/en/SSYKE2_7.1.0/com.ibm.java.security.component.71.doc/security-component/jsse2Docs/ciphersuites.html