0 Replies Latest reply on Sep 5, 2005 8:28 PM by ryan.campbell

    jrmp SSL Tests Cipher

    ryan.campbell Expert

      In testsuite/src/resources/jrmp/service-inf/jboss-service.xml, there is:

      <mbean code="org.jboss.invocation.jrmp.server.JRMPInvoker"
      name="jboss:service=invoker,type=jrmp,socketType=SSLSocketFactory,wantsClientAuth=true">
      ...
       <property name="needsClientAuth">true</property>
       <property name="CiperSuites">TLS_DHE_DSS_WITH_AES_256_CBC_SHA</property>
       <property name="Protocols">SSLv2Hello,SSLv3,TLSv1</property>
       </attribute>
      


      but when I run SSLFailuresSocketsUnitTestCase, I get the following error on my server:

      18:46:56,954 WARN [ServiceController] Problem starting service jboss:service=invoker,socketType=SSLSocketFactory,type=jrmp,wantsClientAuth=true
      java.lang.IllegalArgumentException: Cannot support TLS_DHE_DSS_WITH_AES_256_CBC_SHA with currently installed providers
       at com.sun.net.ssl.internal.ssl.CipherSuiteList.<init>(DashoA12275)
       at com.sun.net.ssl.internal.ssl.SSLServerSocketImpl.setEnabledCipherSuites(DashoA12275)
       at org.jboss.security.ssl.DomainServerSocketFactory.createServerSocket(DomainServerSocketFactory.java:158)
       at org.jboss.security.ssl.DomainServerSocketFactory.createServerSocket(DomainServerSocketFactory.java:121)
       at org.jboss.security.ssl.RMISSLServerSocketFactory.createServerSocket(RMISSLServerSocketFactory.java:105)
       at sun.rmi.transport.tcp.TCPEndpoint.newServerSocket(TCPEndpoint.java:615)
      


      It seems that this cipher is not installed by default according to http://ebox.mcs.csuhayward.edu/tools/documentation/java1.4/guide/security/jsse/JSSERefGuide.html#SunJSSE

      I tried using a different cipher, but this caused the test to timeout, so I'm assuming this is not negotiable.

      Is there any other way around this or do we need to require that this cipher be enabled to run the testsuite successfully?