1 Reply Latest reply on Oct 21, 2013 10:47 AM by Tomaz Cerar

    cipher suites for HTTPS with undertow

    Ben Schofield Novice

      Working with WildFly beta1 to get https up and running and followed the configuration described at Re: Setting up https connector, is it the same as AS7?.  The socket listener on port 8443 starts fine but appears that the server side ciphers are not getting set.

       

      2013-10-18 02:21:36,019 DEBUG [io.undertow.request.io] (default I/O-3) Error reading request: javax.net.ssl.SSLHandshakeException: no cipher suites in common

              at sun.security.ssl.Handshaker.checkThrown(Handshaker.java:1362) [jsse.jar:1.7.0_25]

              at sun.security.ssl.SSLEngineImpl.checkTaskThrown(SSLEngineImpl.java:513) [jsse.jar:1.7.0_25]

              at sun.security.ssl.SSLEngineImpl.readNetRecord(SSLEngineImpl.java:790) [jsse.jar:1.7.0_25]

              at sun.security.ssl.SSLEngineImpl.unwrap(SSLEngineImpl.java:758) [jsse.jar:1.7.0_25]

              at javax.net.ssl.SSLEngine.unwrap(SSLEngine.java:624) [rt.jar:1.7.0_25]

              at org.xnio.ssl.JsseSslConduitEngine.engineUnwrap(JsseSslConduitEngine.java:641) [xnio-api-3.1.0.CR7.jar:3.1.0.CR7]

              at org.xnio.ssl.JsseSslConduitEngine.unwrap(JsseSslConduitEngine.java:588) [xnio-api-3.1.0.CR7.jar:3.1.0.CR7]

              at org.xnio.ssl.JsseSslConduitEngine.unwrap(JsseSslConduitEngine.java:543) [xnio-api-3.1.0.CR7.jar:3.1.0.CR7]

              at org.xnio.ssl.JsseSslStreamSourceConduit.read(JsseSslStreamSourceConduit.java:89) [xnio-api-3.1.0.CR7.jar:3.1.0.CR7]

              at org.xnio.conduits.ConduitStreamSourceChannel.read(ConduitStreamSourceChannel.java:127) [xnio-api-3.1.0.CR7.jar:3.1.0.CR7]

              at io.undertow.server.protocol.http.HttpReadListener.handleEvent(HttpReadListener.java:87)

              at io.undertow.server.protocol.http.HttpOpenListener.handleEvent(HttpOpenListener.java:68)

              at io.undertow.server.protocol.http.HttpOpenListener.handleEvent(HttpOpenListener.java:38)

              at org.xnio.ChannelListeners.invokeChannelListener(ChannelListeners.java:92) [xnio-api-3.1.0.CR7.jar:3.1.0.CR7]

              at org.xnio.ChannelListeners$10.handleEvent(ChannelListeners.java:291) [xnio-api-3.1.0.CR7.jar:3.1.0.CR7]

              at org.xnio.ChannelListeners$10.handleEvent(ChannelListeners.java:286) [xnio-api-3.1.0.CR7.jar:3.1.0.CR7]

              at org.xnio.ChannelListeners.invokeChannelListener(ChannelListeners.java:92) [xnio-api-3.1.0.CR7.jar:3.1.0.CR7]

              at org.xnio.ChannelListeners$DelegatingChannelListener.handleEvent(ChannelListeners.java:1092) [xnio-api-3.1.0.CR7.jar:3.1.0.CR7]

              at org.xnio.ChannelListeners.invokeChannelListener(ChannelListeners.java:92) [xnio-api-3.1.0.CR7.jar:3.1.0.CR7]

              at org.xnio.nio.NioTcpServerHandle.handleReady(NioTcpServerHandle.java:53) [xnio-nio-3.1.0.CR7.jar:3.1.0.CR7]

              at org.xnio.nio.WorkerThread.run(WorkerThread.java:528) [xnio-nio-3.1.0.CR7.jar:3.1.0.CR7]

      Caused by: javax.net.ssl.SSLHandshakeException: no cipher suites in common

              at sun.security.ssl.Alerts.getSSLException(Alerts.java:192) [jsse.jar:1.7.0_25]

              at sun.security.ssl.SSLEngineImpl.fatal(SSLEngineImpl.java:1619) [jsse.jar:1.7.0_25]

              at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:278) [jsse.jar:1.7.0_25]

              at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:266) [jsse.jar:1.7.0_25]

              at sun.security.ssl.ServerHandshaker.chooseCipherSuite(ServerHandshaker.java:894) [jsse.jar:1.7.0_25]

              at sun.security.ssl.ServerHandshaker.clientHello(ServerHandshaker.java:622) [jsse.jar:1.7.0_25]

              at sun.security.ssl.ServerHandshaker.processMessage(ServerHandshaker.java:167) [jsse.jar:1.7.0_25]

              at sun.security.ssl.Handshaker.processLoop(Handshaker.java:868) [jsse.jar:1.7.0_25]

              at sun.security.ssl.Handshaker$1.run(Handshaker.java:808) [jsse.jar:1.7.0_25]

              at sun.security.ssl.Handshaker$1.run(Handshaker.java:806) [jsse.jar:1.7.0_25]

              at java.security.AccessController.doPrivileged(Native Method) [rt.jar:1.7.0_25]

              at sun.security.ssl.Handshaker$DelegatedTask.run(Handshaker.java:1299) [jsse.jar:1.7.0_25]

              at org.xnio.ssl.JsseSslConduitEngine.handleHandshake(JsseSslConduitEngine.java:512) [xnio-api-3.1.0.CR7.jar:3.1.0.CR7]

              at org.xnio.ssl.JsseSslConduitEngine.unwrap(JsseSslConduitEngine.java:595) [xnio-api-3.1.0.CR7.jar:3.1.0.CR7]

       

      Here is my configuration in standalone-full-ha.xml

                ...

                   <security-realm name="ssl">

                      <server-identities>

                          <ssl>

                              <keystore path="../standalone/configuration/ssl.jks" relative-to="jboss.server.config.dir" keystore-password="wildfly"/>

                          </ssl>

                      </server-identities>

                  </security-realm>

                ...

                 <https-listener name="https" socket-binding="https" security-realm="ssl"/>

       

      Curious thing is that I never see the ssl.jks keystore get loaded.  It's as if the SSL context is never initialized.  Thoughts?