Note: This is a beta release of Red Hat Bugzilla 5.0. The data contained within is a snapshot of the live data so any changes you make will not be reflected in the production Bugzilla. Also email is disabled so feel free to test any aspect of the site that you want. File any problems you find or give feedback here.
Bug 1430730 - No matching cipher on IBM JDK
Summary: No matching cipher on IBM JDK
Keywords:
Status: NEW
Alias: None
Product: JBoss Enterprise Application Platform 6
Classification: JBoss
Component: Web, Security
Version: 6.4.13
Hardware: Unspecified
OS: Linux
unspecified
high
Target Milestone: ---
: ---
Assignee: jboss-set
QA Contact: Pavel Slavicek
URL:
Whiteboard:
Depends On:
Blocks: 1510331
TreeView+ depends on / blocked
 
Reported: 2017-03-09 12:47 UTC by Ivo Hradek
Modified: 2018-06-07 21:39 UTC (History)
2 users (show)

Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed:
Type: Bug


Attachments (Terms of Use)

Description Ivo Hradek 2017-03-09 12:47:50 UTC
Hello,

It seems that SSL Encryption doesn't work with new release of IBM JDK (7.1 service refresh 4).

Step to reproduce:
1. Configure EAP using SSL as usual [1].
2. Running:
 $ cat $JBOSS_HOME/version.txt
  Red Hat JBoss Enterprise Application Platform - Version 6.4.13.GA
 $ java -version
  java version "1.8.0"
  Java(TM) SE Runtime Environment (build px6480sr4fp1-20170215_01(SR4 FP1))
  IBM J9 VM (build 2.8, JRE 1.8.0 Linux amd64-64 Compressed References 20170209_336038 (JIT enabled, AOT enabled)
  J9VM - R28_20170209_0201_B336038
  JIT  - tr.r14.java.green.20170209_0201_B336038_131456
  GC   - r28_20170209_0201_B336038_CMPRSS
  J9CL - 20170209_0201_336038)
  JCL - 20170215_01 based on Oracle jdk8u121-b13
 $ sh $JBOSS_HOME/bin/standalone.sh
  ...
  ERROR [org.apache.coyote.http11.Http11Protocol] (MSC service thread 1-1) JBWEB003043: Error initializing endpoint: java.io.IOException: JBWEB002081: No cipher match
  ...

Same EAP setup is working with older IBM JDK release (1.7.1.3.60) and OpenJDK as well. This applies for all java versions (6,7,8).
For full stack-trace see [2].

Note: This might has been caused by missing some SSL/TLS cipher-suite mappings(matchings) either in org.apache.tomcat.util.net.jsse.openssl.Cipher or IBM JDK implementation (or both?), even though official IBM docs [3] claims, that supported are both variants.
--
[1] https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/6.4/html/how_to_configure_server_security/securing_the_server_and_its_interfaces#setting_up_an_ssl_tls_connector
[2] http://pastebin.test.redhat.com/460269
[3] https://www.ibm.com/support/knowledgecenter/en/SSYKE2_7.1.0/com.ibm.java.security.component.71.doc/security-component/jsse2Docs/ciphersuites.html


Note You need to log in before you can comment on or make changes to this bug.