Separating ciphers with two spaces results in unspecified behaviour

[bmarwell]

Describe the bug

Create an SSL configuration.
Specify ciphers like so (note there is a double space between SOME of the ciphers):

  <ssl id="my_tls_settings"
    securityLevel="CUSTOM"
    enabledCiphers="SSL_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 SSL_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 SSL_ECDHE_RSA_WITH_AES_256_GCM_SHA384 SSL_DHE_RSA_WITH_AES_256_GCM_SHA384 SSL_DHE_DSS_WITH_AES_256_GCM_SHA384 SSL_ECDHE_RSA_WITH_AES_128_GCM_SHA256 
 SSL_DHE_RSA_WITH_AES_128_GCM_SHA256 SSL_DHE_DSS_WITH_AES_128_GCM_SHA256"
    sslProtocol="TLSv1.2"
   />

Starting liberty, it will not be able to make any TLS connection

Steps to Reproduce

Use the configuration from above.
Please note that there are TWO consecutive spaces between some of the ciphers.

Expected behavior

Two consecutive spaces are ignored/treated as one separator char.

OR

print a warning

OR

do not start and throw an error if <config onError="fail" /> is set.

I prefer the first solution.

Diagnostic information:

• OpenLiberty until at least 20.0.0.12
• Java Version: any
• server.xml configuration (WITHOUT sensitive information like passwords)
  see above
• If it would be useful, upload the messages.log file found in $WLP_OUTPUT_DIR/messages.log
  No useful messages given.
  If you enable ssl tracing, you can see that a cipher TLS_NULL_NULL_NULL is chosen. Obviously, we get an exception that no common cipher was found / could be chosen.

Additional context

IBM case TS005074992

Reply was

My recommendation is not to use double spaces
…
Thank you very much for informing us though, very helpful.

[una-tapa]

Hello, @bmarwell . We are wondering if you could wait for the Liberty release that has the fix (It is likely to be in 21.0.0.4) or if you would like test fix for the release you are on. If so, please let us know the fixpack level. You can also reply back in the case TS005074992 as it will be easy to keep track of.
Thank you.

[bmarwell]

Hi @una-tapa!
We already closed the case because we will now take care of spaces, so the fix in 21.0.0.4 is sufficient for us.
If we happen to insert superfluous spaces again, this fix will make sure Liberty will still start and work correctly.

Thanks!

[una-tapa]

Thank you for the closure approval for the support case!

When the code is in the build, this git issue should be closed with targeting fixpack.
This is going to help other customers too. Appreciate it.

[bmarwell]

Yes, that is the idea. We could have just "fixed" our processes, but by reporting we are making sure we and others do not fall into the same trap (again).
I really appreciate the open source and community thinking here as well! 👍🏻

[acdemyers]

Work completed