WildFly 10 SSL + Client certificate UT000124: renegotiation timed out
kevcodez May 25, 2016 11:07 AMHey,
I am using WildFly 10 and defined a SecurityRealm with a SSL certificate and a truststore containing a client certificate.
<security-realm name="UndertowRealm">
<server-identities>
<ssl>
<keystore path="selfsigned.jks" relative-to="jboss.server.config.dir" keystore-password="secret" alias="selfsigned" key-password="secret"/>
</ssl>
</server-identities>
<authentication>
<truststore path="wildflytruststore.jks" relative-to="jboss.server.config.dir" keystore-password="secret"/>
</authentication>
</security-realm>
This works fine for most of the time. However, from time to time (every ~1000th) request, I am getting the following exception:
2016-05-13 11:14:56,071 ERROR [io.undertow.request] (default task-19) UT005023: Exception handling request to /openshop-web/api/v1/signature/raw: java.lang.IllegalStateException: UT000124: renegotiation timed out |
at io.undertow.server.ConnectionSSLSessionInfo.renegotiateNoRequest(ConnectionSSLSessionInfo.java:175) |
at io.undertow.server.ConnectionSSLSessionInfo.renegotiateBufferRequest(ConnectionSSLSessionInfo.java:135) |
at io.undertow.server.ConnectionSSLSessionInfo.renegotiate(ConnectionSSLSessionInfo.java:91) |
at io.undertow.security.impl.ClientCertAuthenticationMechanism.getPeerCertificates(ClientCertAuthenticationMechanism.java:125) |
at io.undertow.security.impl.ClientCertAuthenticationMechanism.authenticate(ClientCertAuthenticationMechanism.java:92) |
at io.undertow.security.impl.SecurityContextImpl$AuthAttempter.transition(SecurityContextImpl.java:233) |
at io.undertow.security.impl.SecurityContextImpl$AuthAttempter.transition(SecurityContextImpl.java:250) |
at io.undertow.security.impl.SecurityContextImpl$AuthAttempter.access$100(SecurityContextImpl.java:219) |
at io.undertow.security.impl.SecurityContextImpl.attemptAuthentication(SecurityContextImpl.java:121) |
at io.undertow.security.impl.SecurityContextImpl.authTransition(SecurityContextImpl.java:96) |
at io.undertow.security.impl.SecurityContextImpl.authenticate(SecurityContextImpl.java:89) |
at io.undertow.servlet.handlers.security.ServletAuthenticationCallHandler.handleRequest(ServletAuthenticationCallHandler.java:55) |
at io.undertow.server.handlers.DisableCacheHandler.handleRequest(DisableCacheHandler.java:33) |
at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43) |
at io.undertow.security.handlers.AuthenticationConstraintHandler.handleRequest(AuthenticationConstraintHandler.java:51) |
at io.undertow.security.handlers.AbstractConfidentialityHandler.handleRequest(AbstractConfidentialityHandler.java:46) |
at io.undertow.servlet.handlers.security.ServletConfidentialityConstraintHandler.handleRequest(ServletConfidentialityConstraintHandler.java:64) |
at io.undertow.servlet.handlers.security.ServletSecurityConstraintHandler.handleRequest(ServletSecurityConstraintHandler.java:56) |
An external system requests our REST endpoint (RESTeasy) with the client certificate and I have no further information, how this external system builds the HTTP request.
I was unable to find further information or a solution to this problem. This might aswell just be a client-sided issue...
Any help in finding out what is going on here is appreciated.
Thanks in advance.