cipher suites for HTTPS with undertow
dbschofield Oct 18, 2013 3:16 AMWorking with WildFly beta1 to get https up and running and followed the configuration described at Re: Setting up https connector, is it the same as AS7?. The socket listener on port 8443 starts fine but appears that the server side ciphers are not getting set.
2013-10-18 02:21:36,019 DEBUG [io.undertow.request.io] (default I/O-3) Error reading request: javax.net.ssl.SSLHandshakeException: no cipher suites in common
at sun.security.ssl.Handshaker.checkThrown(Handshaker.java:1362) [jsse.jar:1.7.0_25]
at sun.security.ssl.SSLEngineImpl.checkTaskThrown(SSLEngineImpl.java:513) [jsse.jar:1.7.0_25]
at sun.security.ssl.SSLEngineImpl.readNetRecord(SSLEngineImpl.java:790) [jsse.jar:1.7.0_25]
at sun.security.ssl.SSLEngineImpl.unwrap(SSLEngineImpl.java:758) [jsse.jar:1.7.0_25]
at javax.net.ssl.SSLEngine.unwrap(SSLEngine.java:624) [rt.jar:1.7.0_25]
at org.xnio.ssl.JsseSslConduitEngine.engineUnwrap(JsseSslConduitEngine.java:641) [xnio-api-3.1.0.CR7.jar:3.1.0.CR7]
at org.xnio.ssl.JsseSslConduitEngine.unwrap(JsseSslConduitEngine.java:588) [xnio-api-3.1.0.CR7.jar:3.1.0.CR7]
at org.xnio.ssl.JsseSslConduitEngine.unwrap(JsseSslConduitEngine.java:543) [xnio-api-3.1.0.CR7.jar:3.1.0.CR7]
at org.xnio.ssl.JsseSslStreamSourceConduit.read(JsseSslStreamSourceConduit.java:89) [xnio-api-3.1.0.CR7.jar:3.1.0.CR7]
at org.xnio.conduits.ConduitStreamSourceChannel.read(ConduitStreamSourceChannel.java:127) [xnio-api-3.1.0.CR7.jar:3.1.0.CR7]
at io.undertow.server.protocol.http.HttpReadListener.handleEvent(HttpReadListener.java:87)
at io.undertow.server.protocol.http.HttpOpenListener.handleEvent(HttpOpenListener.java:68)
at io.undertow.server.protocol.http.HttpOpenListener.handleEvent(HttpOpenListener.java:38)
at org.xnio.ChannelListeners.invokeChannelListener(ChannelListeners.java:92) [xnio-api-3.1.0.CR7.jar:3.1.0.CR7]
at org.xnio.ChannelListeners$10.handleEvent(ChannelListeners.java:291) [xnio-api-3.1.0.CR7.jar:3.1.0.CR7]
at org.xnio.ChannelListeners$10.handleEvent(ChannelListeners.java:286) [xnio-api-3.1.0.CR7.jar:3.1.0.CR7]
at org.xnio.ChannelListeners.invokeChannelListener(ChannelListeners.java:92) [xnio-api-3.1.0.CR7.jar:3.1.0.CR7]
at org.xnio.ChannelListeners$DelegatingChannelListener.handleEvent(ChannelListeners.java:1092) [xnio-api-3.1.0.CR7.jar:3.1.0.CR7]
at org.xnio.ChannelListeners.invokeChannelListener(ChannelListeners.java:92) [xnio-api-3.1.0.CR7.jar:3.1.0.CR7]
at org.xnio.nio.NioTcpServerHandle.handleReady(NioTcpServerHandle.java:53) [xnio-nio-3.1.0.CR7.jar:3.1.0.CR7]
at org.xnio.nio.WorkerThread.run(WorkerThread.java:528) [xnio-nio-3.1.0.CR7.jar:3.1.0.CR7]
Caused by: javax.net.ssl.SSLHandshakeException: no cipher suites in common
at sun.security.ssl.Alerts.getSSLException(Alerts.java:192) [jsse.jar:1.7.0_25]
at sun.security.ssl.SSLEngineImpl.fatal(SSLEngineImpl.java:1619) [jsse.jar:1.7.0_25]
at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:278) [jsse.jar:1.7.0_25]
at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:266) [jsse.jar:1.7.0_25]
at sun.security.ssl.ServerHandshaker.chooseCipherSuite(ServerHandshaker.java:894) [jsse.jar:1.7.0_25]
at sun.security.ssl.ServerHandshaker.clientHello(ServerHandshaker.java:622) [jsse.jar:1.7.0_25]
at sun.security.ssl.ServerHandshaker.processMessage(ServerHandshaker.java:167) [jsse.jar:1.7.0_25]
at sun.security.ssl.Handshaker.processLoop(Handshaker.java:868) [jsse.jar:1.7.0_25]
at sun.security.ssl.Handshaker$1.run(Handshaker.java:808) [jsse.jar:1.7.0_25]
at sun.security.ssl.Handshaker$1.run(Handshaker.java:806) [jsse.jar:1.7.0_25]
at java.security.AccessController.doPrivileged(Native Method) [rt.jar:1.7.0_25]
at sun.security.ssl.Handshaker$DelegatedTask.run(Handshaker.java:1299) [jsse.jar:1.7.0_25]
at org.xnio.ssl.JsseSslConduitEngine.handleHandshake(JsseSslConduitEngine.java:512) [xnio-api-3.1.0.CR7.jar:3.1.0.CR7]
at org.xnio.ssl.JsseSslConduitEngine.unwrap(JsseSslConduitEngine.java:595) [xnio-api-3.1.0.CR7.jar:3.1.0.CR7]
Here is my configuration in standalone-full-ha.xml
...
<security-realm name="ssl">
<server-identities>
<ssl>
<keystore path="../standalone/configuration/ssl.jks" relative-to="jboss.server.config.dir" keystore-password="wildfly"/>
</ssl>
</server-identities>
</security-realm>
...
<https-listener name="https" socket-binding="https" security-realm="ssl"/>
Curious thing is that I never see the ssl.jks keystore get loaded. It's as if the SSL context is never initialized. Thoughts?