1 Reply Latest reply on Oct 21, 2013 10:47 AM by ctomc

cipher suites for HTTPS with undertow

dbschofield Oct 18, 2013 3:16 AM

Working with WildFly beta1 to get https up and running and followed the configuration described at Re: Setting up https connector, is it the same as AS7?. The socket listener on port 8443 starts fine but appears that the server side ciphers are not getting set.

2013-10-18 02:21:36,019 DEBUG [io.undertow.request.io] (default I/O-3) Error reading request: javax.net.ssl.SSLHandshakeException: no cipher suites in common

at sun.security.ssl.Handshaker.checkThrown(Handshaker.java:1362) [jsse.jar:1.7.0_25]

at sun.security.ssl.SSLEngineImpl.checkTaskThrown(SSLEngineImpl.java:513) [jsse.jar:1.7.0_25]

at sun.security.ssl.SSLEngineImpl.readNetRecord(SSLEngineImpl.java:790) [jsse.jar:1.7.0_25]

at sun.security.ssl.SSLEngineImpl.unwrap(SSLEngineImpl.java:758) [jsse.jar:1.7.0_25]

at javax.net.ssl.SSLEngine.unwrap(SSLEngine.java:624) [rt.jar:1.7.0_25]

at org.xnio.ssl.JsseSslConduitEngine.engineUnwrap(JsseSslConduitEngine.java:641) [xnio-api-3.1.0.CR7.jar:3.1.0.CR7]

at org.xnio.ssl.JsseSslConduitEngine.unwrap(JsseSslConduitEngine.java:588) [xnio-api-3.1.0.CR7.jar:3.1.0.CR7]

at org.xnio.ssl.JsseSslConduitEngine.unwrap(JsseSslConduitEngine.java:543) [xnio-api-3.1.0.CR7.jar:3.1.0.CR7]

at org.xnio.ssl.JsseSslStreamSourceConduit.read(JsseSslStreamSourceConduit.java:89) [xnio-api-3.1.0.CR7.jar:3.1.0.CR7]

at org.xnio.conduits.ConduitStreamSourceChannel.read(ConduitStreamSourceChannel.java:127) [xnio-api-3.1.0.CR7.jar:3.1.0.CR7]

at io.undertow.server.protocol.http.HttpReadListener.handleEvent(HttpReadListener.java:87)

at io.undertow.server.protocol.http.HttpOpenListener.handleEvent(HttpOpenListener.java:68)

at io.undertow.server.protocol.http.HttpOpenListener.handleEvent(HttpOpenListener.java:38)

at org.xnio.ChannelListeners.invokeChannelListener(ChannelListeners.java:92) [xnio-api-3.1.0.CR7.jar:3.1.0.CR7]

at org.xnio.ChannelListeners$10.handleEvent(ChannelListeners.java:291) [xnio-api-3.1.0.CR7.jar:3.1.0.CR7]

at org.xnio.ChannelListeners$10.handleEvent(ChannelListeners.java:286) [xnio-api-3.1.0.CR7.jar:3.1.0.CR7]

at org.xnio.ChannelListeners.invokeChannelListener(ChannelListeners.java:92) [xnio-api-3.1.0.CR7.jar:3.1.0.CR7]

at org.xnio.ChannelListeners$DelegatingChannelListener.handleEvent(ChannelListeners.java:1092) [xnio-api-3.1.0.CR7.jar:3.1.0.CR7]

at org.xnio.ChannelListeners.invokeChannelListener(ChannelListeners.java:92) [xnio-api-3.1.0.CR7.jar:3.1.0.CR7]

at org.xnio.nio.NioTcpServerHandle.handleReady(NioTcpServerHandle.java:53) [xnio-nio-3.1.0.CR7.jar:3.1.0.CR7]

at org.xnio.nio.WorkerThread.run(WorkerThread.java:528) [xnio-nio-3.1.0.CR7.jar:3.1.0.CR7]

Caused by: javax.net.ssl.SSLHandshakeException: no cipher suites in common

at sun.security.ssl.Alerts.getSSLException(Alerts.java:192) [jsse.jar:1.7.0_25]

at sun.security.ssl.SSLEngineImpl.fatal(SSLEngineImpl.java:1619) [jsse.jar:1.7.0_25]

at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:278) [jsse.jar:1.7.0_25]

at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:266) [jsse.jar:1.7.0_25]

at sun.security.ssl.ServerHandshaker.chooseCipherSuite(ServerHandshaker.java:894) [jsse.jar:1.7.0_25]

at sun.security.ssl.ServerHandshaker.clientHello(ServerHandshaker.java:622) [jsse.jar:1.7.0_25]

at sun.security.ssl.ServerHandshaker.processMessage(ServerHandshaker.java:167) [jsse.jar:1.7.0_25]

at sun.security.ssl.Handshaker.processLoop(Handshaker.java:868) [jsse.jar:1.7.0_25]

at sun.security.ssl.Handshaker$1.run(Handshaker.java:808) [jsse.jar:1.7.0_25]

at sun.security.ssl.Handshaker$1.run(Handshaker.java:806) [jsse.jar:1.7.0_25]

at java.security.AccessController.doPrivileged(Native Method) [rt.jar:1.7.0_25]

at sun.security.ssl.Handshaker$DelegatedTask.run(Handshaker.java:1299) [jsse.jar:1.7.0_25]

at org.xnio.ssl.JsseSslConduitEngine.handleHandshake(JsseSslConduitEngine.java:512) [xnio-api-3.1.0.CR7.jar:3.1.0.CR7]

at org.xnio.ssl.JsseSslConduitEngine.unwrap(JsseSslConduitEngine.java:595) [xnio-api-3.1.0.CR7.jar:3.1.0.CR7]

Here is my configuration in standalone-full-ha.xml

...

<security-realm name="ssl">

<server-identities>

<ssl>

</ssl>

</server-identities>

</security-realm>

...

<https-listener name="https" socket-binding="https" security-realm="ssl"/>

Curious thing is that I never see the ssl.jks keystore get loaded. It's as if the SSL context is never initialized. Thoughts?

1. Re: cipher suites for HTTPS with undertow

ctomc Oct 21, 2013 10:47 AM (in response to dbschofield)

you configuration looks bit odd.
try with
<ssl>
<keystore path="ssl.jks" relative-to="jboss.server.config.dir" keystore-password="wildfly"/>
</ssl>
Actions