Issue with Wildfly 26 with Java Corretto JDK 11 configured with the latest BC FIPS libraries on Windows 11. #1682
Unanswered
ashadev2022
asked this question in
Q&A
Replies: 0 comments
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
-
Environment : Wildfly 26 with Java Corretto JDK 11 configured with the latest BC FIPS libraries on Windows 11.
I was trying to bring up an wildfly instance configured with Java11 with latest BC FIPS libraries - bc-fips-1.0.2.4.jar bctls-fips-1.0.18.jar . Java.security -
security.provider.2=org.bouncycastle.jsse.provider.BouncyCastleJsseProvider fips:BCFIPS
security.provider.3=SUN
securerandom.strongAlgorithms=DEFAULT:BCFIPS
keystore.type=BCFKS
ssl.KeyManagerFactory.algorithm=PKIX
ssl.TrustManagerFactory.algorithm=PKIX
JAVA_OPTS in standalone.conf.bat - -Djdk.tls.trustNameService=true -Djavax.net.ssl.trustStoreType=BCFKS -Djavax.net.ssl.trustStoreProvider=BCFIPS
bcfks Keystore created using keytool.
Standalone.xml file
cipher-suite-filter="TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,TLS_DHE_DSS_WITH_AES_256_GCM_SHA384,TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384,TLS_RSA_WITH_AES_256_GCM_SHA384,TLS_RSA_WITH_AES_256_CBC_SHA256" protocols="TLSv1.2"
When I try to start https://localhost:8443, getting the following error :
Caused by: org.bouncycastle.tls.TlsFatalAlert: handshake_failure(40)
at org.bouncycastle.tls.AbstractTlsServer.getSelectedCipherSuite(Unknown Source)
at org.bouncycastle.jsse.provider.ProvTlsServer.getSelectedCipherSuite(Unknown Source)
at org.bouncycastle.tls.TlsServerProtocol.sendServerHelloMessage(Unknown Source)
at org.bouncycastle.tls.TlsServerProtocol.handleHandshakeMessage(Unknown Source)
at org.bouncycastle.tls.TlsProtocol.processHandshakeQueue(Unknown Source)
at org.bouncycastle.tls.TlsProtocol.processRecord(Unknown Source)
at org.bouncycastle.tls.RecordStream.readFullRecord(Unknown Source)
at org.bouncycastle.tls.TlsProtocol.safeReadFullRecord(Unknown Source)
at org.bouncycastle.tls.TlsProtocol.offerInput(Unknown Source)
at org.bouncycastle.tls.TlsProtocol.offerInput(Unknown Source)
... 17 more
Any pointers to solve this issue would be helpful.
Thanks
--- DEBUG- SSL--(-Djavax.net.debug=ssl,handshake )
09:07:29,399 ERROR [stderr] (default I/O-2) Provider: SecureRandom.null algorithm from: BCFIPS_RNG
09:11:18,692 ERROR [stderr] (default I/O-1) Provider: SecureRandom.null algorithm from: BCFIPS_RNG
09:11:18,723 ERROR [stderr] (default I/O-1) Provider: Cipher.RSA/NONE/PKCS1Padding decryption algorithm from: BCFIPS
09:11:18,739 ERROR [stderr] (default I/O-1) Provider: Mac.HmacSHA256 algorithm from: BCFIPS
09:11:18,739 ERROR [stderr] (default I/O-1) Provider: Mac.HmacSHA256 algorithm from: BCFIPS
09:11:18,739 ERROR [stderr] (default I/O-1) Provider: Cipher.AES/CBC/NoPadding decryption algorithm from: BCFIPS
09:11:18,739 ERROR [stderr] (default I/O-1) Provider: Cipher.AES/CBC/NoPadding en
Beta Was this translation helpful? Give feedback.
All reactions