1 Reply Latest reply on May 10, 2006 12:52 PM by Sean Duddy

    Restricting Cipher suites

    Sean Duddy Newbie

      Hi,
      I am trying to retrict the enabled cipher suites to just TLS_RSA_WITH_AES_128_CBC_SHA on the JBOSS server side, i.e. any clients connect using my stateless beans MUST use this suite. I was using JBOSS 4.0.2, but it appears there was no way to restrict the suites,
      so I switched to 4.0.3SP1 (http://jira.jboss.com/jira/browse/JBAS-1983)
      which is supposed to solve this problem. However when I use the xml configuration described in the bug fix:-

      <

      mbean code="org.jboss.invocation.jrmp.server.JRMPInvoker"
       name="jboss:service=invoker,type=jrmp,socketType=SSLSocketFactory,wantsClientAuth=true">
       <attribute name="RMIObjectPort">0</attribute>
       <attribute name="RMIClientSocketFactory">org.jboss.security.ssl.RMISSLClientSocketFactory
       </attribute>
       <attribute name="RMIServerSocketFactoryBean"
       attributeClass="org.jboss.security.ssl.RMISSLServerSocketFactory"
       serialDataType="javaBean">
       <property name="bindAddress">${jboss.bind.address}</property>
       <property name="securityDomain">java:/jaas/rmi+ssl</property>
       <property name="wantsClientAuth">true</property>
       <property name="needsClientAuth">true</property>
       <property name="CiperSuites">TLS_RSA_WITH_AES_128_CBC_SHA</property>
       <property name="Protocols">SSLv2Hello,SSLv3,TLSv1</property>
       </attribute>
       <depends>jboss:service=TransactionManager</depends>
       <depends>jboss.security:service=JaasSecurityDomain,domain=rmi+ssl</depends>
       </mbean>


      I get the following error at startup:-

      java.lang.NullPointerException
      at org.jboss.security.ssl.Context.forDomain(Context.java:51)
      at org.jboss.security.ssl.DomainServerSocketFactory.initSSLContext(DomainServerSocketFactory.java:220)
      at org.jboss.security.ssl.DomainServerSocketFactory.createServerSocket(DomainServerSocketFactory.java:143)
      at org.jboss.security.ssl.DomainServerSocketFactory.createServerSocket(DomainServerSocketFactory.java:121)
      at org.jboss.security.ssl.RMISSLServerSocketFactory.createServerSocket(RMISSLServerSocketFactory.java:105)
      at sun.rmi.transport.tcp.TCPEndpoint.newServerSocket(TCPEndpoint.java:615)
      at sun.rmi.transport.tcp.TCPTransport.listen(TCPTransport.java:231)
      at sun.rmi.transport.tcp.TCPTransport.exportObject(TCPTransport.java:178)
      at sun.rmi.transport.tcp.TCPEndpoint.exportObject(TCPEndpoint.java:382)
      at sun.rmi.transport.LiveRef.exportObject(LiveRef.java:116)
      at sun.rmi.server.UnicastServerRef.exportObject(UnicastServerRef.java:145)
      at sun.rmi.server.UnicastServerRef.exportObject(UnicastServerRef.java:129)
      at java.rmi.server.UnicastRemoteObject.exportObject(UnicastRemoteObject.java:275)
      at java.rmi.server.UnicastRemoteObject.exportObject(UnicastRemoteObject.java:206)
      at org.jboss.invocation.jrmp.server.JRMPInvoker.exportCI(JRMPInvoker.java:437)
      at org.jboss.invocation.jrmp.server.JRMPInvoker.startService(JRMPInvoker.java:359)
      at org.jboss.invocation.jrmp.server.JRMPInvoker$1.startService(JRMPInvoker.java:136)
      at org.jboss.system.ServiceMBeanSupport.jbossInternalStart(ServiceMBeanSupport.java:274)
      at org.jboss.system.ServiceMBeanSupport.jbossInternalLifecycle(ServiceMBeanSupport.java:230)
      at org.jboss.invocation.jrmp.server.JRMPInvoker.jbossInternalLifecycle(JRMPInvoker.java:631)
      at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
      at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
      at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
      at java.lang.reflect.Method.invoke(Method.java:324)
      at org.jboss.mx.interceptor.ReflectedDispatcher.invoke(ReflectedDispatcher.java:141)
      at org.jboss.mx.server.Invocation.dispatch(Invocation.java:80)
      at org.jboss.mx.server.Invocation.invoke(Invocation.java:72)
      at org.jboss.mx.server.AbstractMBeanInvoker.invoke(AbstractMBeanInvoker.java:245)
      at org.jboss.mx.server.MBeanServerImpl.invoke(MBeanServerImpl.java:644)
      at org.jboss.system.ServiceController$ServiceProxy.invoke(ServiceController.java:943)
      at $Proxy0.start(Unknown Source)
      at org.jboss.system.ServiceController.start(ServiceController.java:428)
      at org.jboss.system.ServiceController.start(ServiceController.java:446)
      at org.jboss.system.ServiceController.start(ServiceController.java:446)
      at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
      at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
      at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
      at java.lang.reflect.Method.invoke(Method.java:324)
      at org.jboss.mx.interceptor.ReflectedDispatcher.invoke(ReflectedDispatcher.java:141)
      at org.jboss.mx.server.Invocation.dispatch(Invocation.java:80)
      at org.jboss.mx.server.Invocation.invoke(Invocation.java:72)
      at org.jboss.mx.server.AbstractMBeanInvoker.invoke(AbstractMBeanInvoker.java:245)
      at org.jboss.mx.server.MBeanServerImpl.invoke(MBeanServerImpl.java:644)
      at org.jboss.mx.util.MBeanProxyExt.invoke(MBeanProxyExt.java:176)
      at $Proxy4.start(Unknown Source)
      at org.jboss.deployment.SARDeployer.start(SARDeployer.java:285)
      at org.jboss.deployment.MainDeployer.start(MainDeployer.java:989)
      at org.jboss.deployment.MainDeployer.deploy(MainDeployer.java:790)
      at org.jboss.deployment.MainDeployer.deploy(MainDeployer.java:753)
      at org.jboss.deployment.MainDeployer.deploy(MainDeployer.java:737)
      at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
      at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
      at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
      at java.lang.reflect.Method.invoke(Method.java:324)
      at org.jboss.mx.interceptor.ReflectedDispatcher.invoke(ReflectedDispatcher.java:141)
      at org.jboss.mx.server.Invocation.dispatch(Invocation.java:80)
      at org.jboss.mx.interceptor.AbstractInterceptor.invoke(AbstractInterceptor.java:118)
      at org.jboss.mx.server.Invocation.invoke(Invocation.java:74)
      at org.jboss.mx.interceptor.ModelMBeanOperationInterceptor.invoke(ModelMBeanOperationInterceptor.java:127)
      at org.jboss.mx.server.Invocation.invoke(Invocation.java:74)
      at org.jboss.mx.server.AbstractMBeanInvoker.invoke(AbstractMBeanInvoker.java:245)
      at org.jboss.mx.server.MBeanServerImpl.invoke(MBeanServerImpl.java:644)
      at org.jboss.mx.util.MBeanProxyExt.invoke(MBeanProxyExt.java:176)
      at $Proxy5.deploy(Unknown Source)
      at org.jboss.system.server.ServerImpl.doStart(ServerImpl.java:453)
      at org.jboss.system.server.ServerImpl.start(ServerImpl.java:330)
      at org.jboss.Main.boot(Main.java:187)
      at org.jboss.Main$1.run(Main.java:438)
      at java.lang.Thread.run(Thread.java:534)

      Anyone got any idea what is worng with this xml configuration?
      Note: I have SSL working when I use the configuration as descibed in the admin guide(chapter 8), however this section has not been updated to include these new property values to restrict the suites and it differs in format also ...