Groups keyboard shortcuts have been updated
Dismiss
See shortcuts
Caused by: java.security.NoSuchAlgorithmException: ELY14008: WildFlyElytronClientDefaultSSLContextProvider could not obtain client default SSLContext
82 views
Skip to first unread message
Sayantan Ganguly
Apr 17, 2025, 1:07:06 PMApr 17
to WildFly
Hi All,
Getting the below exception in AWS setups.
It is working in On Prem deployments. What can be the probable cause?
2025-04-16 10:42:08.720 WARN [org.apache.activemq.artemis.core.server] AMQ222080: Error instantiating remoting acceptor org.apache.activemq.artemis.core.remoting.impl.netty.NettyAcceptorFactory: java.lang.IllegalStateException: Unable to create NettyAcceptor for 0.0.0.0:5455
at org.apache.activemq.artemis//org.apache.activemq.artemis.core.remoting.impl.netty.NettyAcceptor.loadSSLContext(NettyAcceptor.java:394)
at org.apache.activemq.artemis//org.apache.activemq.artemis.core.remoting.impl.netty.NettyAcceptor.<init>(NettyAcceptor.java:340)
at org.apache.activemq.artemis//org.apache.activemq.artemis.core.remoting.impl.netty.NettyAcceptorFactory.createAcceptor(NettyAcceptorFactory.java:43)
at org.apache.activemq.artemis//org.apache.activemq.artemis.core.remoting.server.impl.RemotingServiceImpl.createAcceptor(RemotingServiceImpl.java:271)
at org.apache.activemq.artemis//org.apache.activemq.artemis.core.remoting.server.impl.RemotingServiceImpl.start(RemotingServiceImpl.java:214)
at org.apache.activemq.artemis//org.apache.activemq.artemis.core.server.impl.ActiveMQServerImpl.initialisePart2(ActiveMQServerImpl.java:3292)
at org.apache.activemq.artemis//org.apache.activemq.artemis.core.server.impl.LiveOnlyActivation.run(LiveOnlyActivation.java:76)
at org.apache.activemq.artemis//org.apache.activemq.artemis.core.server.impl.ActiveMQServerImpl.internalStart(ActiveMQServerImpl.java:655)
at org.apache.activemq.artemis//org.apache.activemq.artemis.core.server.impl.ActiveMQServerImpl.start(ActiveMQServerImpl.java:568)
at org.apache.activemq.artemis//org.apache.activemq.artemis.jms.server.impl.JMSServerManagerImpl.start(JMSServerManagerImpl.java:374)
at org.wildfly.extension.messaging-activemq//org.wildfly.extension.messaging.activemq.jms.JMSService.doStart(JMSService.java:210)
at org.wildfly.extension.messaging-activemq//org.wildfly.extension.messaging.activemq.jms.JMSService.access$000(JMSService.java:65)
at org.wildfly.extension.messaging-activemq//org.wildfly.extension.messaging.activemq.jms.JMSService$1.run(JMSService.java:100)
at java.base/java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:515)
at java.base/java.util.concurrent.FutureTask.run(FutureTask.java:264)
at org.jbos...@2.4.0.Final//org.jboss.threads.ContextClassLoaderSavingRunnable.run(ContextClassLoaderSavingRunnable.java:35)
at org.jbos...@2.4.0.Final//org.jboss.threads.EnhancedQueueExecutor.safeRun(EnhancedQueueExecutor.java:1990)
at org.jbos...@2.4.0.Final//org.jboss.threads.EnhancedQueueExecutor$ThreadBody.doRunTask(EnhancedQueueExecutor.java:1486)
at org.jbos...@2.4.0.Final//org.jboss.threads.EnhancedQueueExecutor$ThreadBody.run(EnhancedQueueExecutor.java:1348)
at java.base/java.lang.Thread.run(Thread.java:829)
at org.jbos...@2.4.0.Final//org.jboss.threads.JBossThread.run(JBossThread.java:513)
Caused by: java.security.NoSuchAlgorithmException: ELY14008: WildFlyElytronClientDefaultSSLContextProvider could not obtain client default SSLContext
at org.wildfly.security.elytron-base//org.wildfly.security.auth.client.WildFlyElytronClientDefaultSSLContextProvider$ClientSSLContextProviderService.newInstance(WildFlyElytronClientDefaultSSLContextProvider.java:129)
at java.base/sun.security.jca.GetInstance.getInstance(GetInstance.java:236)
at java.base/sun.security.jca.GetInstance.getInstance(GetInstance.java:176)
at java.base/javax.net.ssl.SSLContext.getInstance(SSLContext.java:168)
at java.base/javax.net.ssl.SSLContext.getDefault(SSLContext.java:99)
at org.apache.activemq.artemis//org.abc.getSSLContext(CustomSSLContextFactory.java:23)
at org.apache.activemq.artemis//org.apache.activemq.artemis.core.remoting.impl.netty.NettyAcceptor.loadSSLContext(NettyAcceptor.java:391)
... 20 more
Thanks,
Sayantan
Alexander Belya (AlexSW)
Apr 20, 2025, 12:38:28 AMApr 20
to WildFly
Apparently, the default-ssl-context set in the elytron subsystem was not found in the configuration. You need to look at what is set in this parameter and whether this ssl-context is actually in the configuration.
пятница, 18 апреля 2025 г. в 03:07:06 UTC+10, Sayantan Ganguly:
Sayantan Ganguly
Apr 22, 2025, 12:38:40 AMApr 22
to WildFly
This error simulates sometimes, and AMQ connector is connected and disconnected intemittently.
Thanks,
Sayantan
Sayantan Ganguly
Apr 22, 2025, 2:49:12 AMApr 22
to WildFly
This is the elytron subsystem configuration, Wildfly is 26.1.3
<subsystem xmlns="urn:wildfly:elytron:15.1" final-providers="combined-providers" disallowed-providers="OracleUcrypto" default-ssl-context="ClientSslContext">
<providers>
<aggregate-providers name="combined-providers">
<providers name="elytron"/>
<providers name="openssl"/>
</aggregate-providers>
<provider-loader name="elytron" module="org.wildfly.security.elytron"/>
<provider-loader name="openssl" module="org.wildfly.openssl"/>
</providers>
<audit-logging>
<file-audit-log name="local-audit" path="audit.log" relative-to="jboss.server.log.dir" format="JSON"/>
</audit-logging>
<security-domains>
<security-domain name="ManagementDomain" default-realm="ManagementRealm" permission-mapper="default-permission-mapper">
<realm name="ManagementRealm" role-decoder="groups-to-roles"/>
<realm name="local" role-mapper="super-user-mapper"/>
</security-domain>
<security-domain name="ApplicationDomain" default-realm="ApplicationRealm" permission-mapper="default-permission-mapper">
<realm name="ApplicationRealm" role-decoder="groups-to-roles"/>
<realm name="local"/>
</security-domain>
<security-domain name="ABCSecurityDomain" default-realm="ABCRealm" permission-mapper="default-permission-mapper">
<realm name="ABCRealm"/>
<realm name="ABCAPIRealm"/>
<realm name="IDPWebRealm"/>
<realm name="DBPasswordRealm"/>
</security-domain>
</security-domains>
<security-realms>
<identity-realm name="local" identity="$local"/>
<properties-realm name="ApplicationRealm">
<users-properties path="application-users.properties" relative-to="jboss.server.config.dir" digest-realm-name="ApplicationRealm"/>
<groups-properties path="application-roles.properties" relative-to="jboss.server.config.dir"/>
</properties-realm>
<properties-realm name="ManagementRealm">
<users-properties path="mgmt-users.properties" relative-to="jboss.server.config.dir" digest-realm-name="ManagementRealm"/>
<groups-properties path="mgmt-groups.properties" relative-to="jboss.server.config.dir"/>
</properties-realm>
<jaas-realm name="ABCRealm" entry="ABC" module=" com.xx.abc.as.shared " callback-handler="com.xx.abc.as.server.undertow.GenericCallbackHandler">
<file path="${jboss.server.config.dir}/jaas-login-modules.conf"/>
</jaas-realm>
<jaas-realm name="ABCAPIRealm" entry="ABC-api" module=" com.xx.abc.as.shared " callback-handler="com.xx.abc.as.server.undertow.GenericCallbackHandler">
<file path="${jboss.server.config.dir}/jaas-login-modules.conf"/>
</jaas-realm>
<jaas-realm name="IDPWebRealm" entry="ABC-idp-web" module=" com.xx.abc.as.shared " callback-handler="com.xx.abc.as.server.undertow.GenericCallbackHandler">
<file path="${jboss.server.config.dir}/jaas-login-modules.conf"/>
</jaas-realm>
<jaas-realm name="DBPasswordRealm" entry="EncryptDBPassword" module="com.xx.abc.as.shared" callback-handler="com.xx.abc.as.server.undertow.GenericCallbackHandler">
<file path="${jboss.server.config.dir}/jaas-login-modules.conf"/>
</jaas-realm>
</security-realms>
<mappers>
<simple-permission-mapper name="default-permission-mapper" mapping-mode="first">
<permission-mapping>
<principal name="anonymous"/>
<permission-set name="default-permissions"/>
</permission-mapping>
<permission-mapping match-all="true">
<permission-set name="login-permission"/>
<permission-set name="default-permissions"/>
</permission-mapping>
</simple-permission-mapper>
<custom-principal-transformer name="ABCRealmPrincipalRewriter" module="com.xx.abc.as.shared" class-name=" com.xx.abc.as.server.elytron.ABCRealmPrincipalTransformer"/>
<constant-realm-mapper name="local" realm-name="local"/>
<custom-realm-mapper name="ABCRealmMapper" module="com.xx.abc.as.shared" class-name="com.xx.abc.as.server.elytron.ABCRealmMapper"/>
<simple-role-decoder name="groups-to-roles" attribute="groups"/>
<constant-role-mapper name="super-user-mapper">
<role name="SuperUser"/>
</constant-role-mapper>
</mappers>
<permission-sets>
<permission-set name="login-permission">
<permission class-name="org.wildfly.security.auth.permission.LoginPermission"/>
</permission-set>
<permission-set name="default-permissions">
<permission class-name="org.wildfly.extension.batch.jberet.deployment.Batcxxermission" module="org.wildfly.extension.batch.jberet" target-name="*"/>
<permission class-name="org.wildfly.transaction.client.RemoteTransactionPermission" module="org.wildfly.transaction.client"/>
<permission class-name="org.jboss.ejb.client.RemoteEJBPermission" module="org.jboss.ejb-client"/>
</permission-set>
</permission-sets>
<http>
<http-authentication-factory name="management-http-authentication" security-domain="ManagementDomain" http-server-mechanism-factory="global">
<mechanism-configuration>
<mechanism mechanism-name="DIGEST">
<mechanism-realm realm-name="ManagementRealm"/>
</mechanism>
</mechanism-configuration>
</http-authentication-factory>
<http-authentication-factory name="application-http-authentication" security-domain="ApplicationDomain" http-server-mechanism-factory="global">
<mechanism-configuration>
<mechanism mechanism-name="BASIC">
<mechanism-realm realm-name="ApplicationRealm"/>
</mechanism>
</mechanism-configuration>
</http-authentication-factory>
<http-authentication-factory name="ABC-custom-http-authentication" security-domain="ABCSecurityDomain" http-server-mechanism-factory="ABC-custom-auth-factory">
<mechanism-configuration>
<mechanism mechanism-name="ABC_WEB_AUTH" pre-realm-principal-transformer="ABCRealmPrincipalRewriter" post-realm-principal-transformer="ABCRealmPrincipalRewriter" realm-mapper="ABCRealmMapper"/>
</mechanism-configuration>
</http-authentication-factory>
<http-authentication-factory name="ABC-basic-http-authentication" security-domain="ABCSecurityDomain" http-server-mechanism-factory="global">
<mechanism-configuration>
<mechanism mechanism-name="BASIC">
<mechanism-realm realm-name="ABCRealm"/>
</mechanism>
</mechanism-configuration>
</http-authentication-factory>
<provider-http-server-mechanism-factory name="global"/>
<service-loader-http-server-mechanism-factory name="ABC-custom-auth-factory" module="com.xx.ov.ABC.as.shared"/>
</http>
<sasl>
<sasl-authentication-factory name="management-sasl-authentication" sasl-server-factory="configured" security-domain="ManagementDomain">
<mechanism-configuration>
<mechanism mechanism-name="JBOSS-LOCAL-USER" realm-mapper="local"/>
<mechanism mechanism-name="DIGEST-MD5">
<mechanism-realm realm-name="ManagementRealm"/>
</mechanism>
</mechanism-configuration>
</sasl-authentication-factory>
<sasl-authentication-factory name="application-sasl-authentication" sasl-server-factory="configured" security-domain="ApplicationDomain">
<mechanism-configuration>
<mechanism mechanism-name="JBOSS-LOCAL-USER" realm-mapper="local"/>
<mechanism mechanism-name="DIGEST-MD5">
<mechanism-realm realm-name="ApplicationRealm"/>
</mechanism>
</mechanism-configuration>
</sasl-authentication-factory>
<sasl-authentication-factory name="ABC-sasl-authentication" sasl-server-factory="configured" security-domain="ABCSecurityDomain">
<mechanism-configuration>
<mechanism mechanism-name="PLAIN"/>
</mechanism-configuration>
</sasl-authentication-factory>
<configurable-sasl-server-factory name="configured" sasl-server-factory="elytron">
<properties>
<property name="wildfly.sasl.local-user.default-user" value="$local"/>
<property name="wildfly.sasl.local-user.challenge-path" value="${jboss.server.temp.dir}/auth"/>
</properties>
</configurable-sasl-server-factory>
<mechanism-provider-filtering-sasl-server-factory name="elytron" sasl-server-factory="global">
<filters>
<filter provider-name="WildFlyElytron"/>
</filters>
</mechanism-provider-filtering-sasl-server-factory>
<provider-sasl-server-factory name="global"/>
</sasl>
<tls>
<key-stores>
<key-store name="remoting-server-key-store">
<credential-reference clear-text="abc"/>
<implementation type="${javax.net.ssl.keyStoreType}"/>
<file path="${javax.net.ssl.keyStore}"/>
</key-store>
<key-store name="remoting-server-trust-store">
<credential-reference clear-text="abc"/>
<implementation type="${javax.net.ssl.trustStoreType}"/>
<file path="${javax.net.ssl.trustStore}"/>
</key-store>
</key-stores>
<key-managers>
<key-manager name="remoting-key-manager" key-store="remoting-server-key-store">
<credential-reference clear-text="abc"/>
</key-manager>
</key-managers>
<trust-managers>
<trust-manager name="remoting-trust-manager" key-store="remoting-server-trust-store"/>
</trust-managers>
<server-ssl-contexts>
<server-ssl-context name="RemoteSslContext" cipher-suite-filter="TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,TLS_DHE_RSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_DHE_RSA_WITH_AES_128_GCM_SHA256" cipher-suite-names="TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_128_GCM_SHA256" protocols="TLSv1.2" want-client-auth="true" key-manager="remoting-key-manager" trust-manager="remoting-trust-manager"/>
</server-ssl-contexts>
<client-ssl-contexts>
<client-ssl-context name="ClientSslContext" cipher-suite-filter="TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,TLS_DHE_RSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_DHE_RSA_WITH_AES_128_GCM_SHA256" cipher-suite-names="TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_128_GCM_SHA256" protocols="TLSv1.2" key-manager="remoting-key-manager" trust-manager="remoting-trust-manager"/>
</client-ssl-contexts>
<providers>
<aggregate-providers name="combined-providers">
<providers name="elytron"/>
<providers name="openssl"/>
</aggregate-providers>
<provider-loader name="elytron" module="org.wildfly.security.elytron"/>
<provider-loader name="openssl" module="org.wildfly.openssl"/>
</providers>
<audit-logging>
<file-audit-log name="local-audit" path="audit.log" relative-to="jboss.server.log.dir" format="JSON"/>
</audit-logging>
<security-domains>
<security-domain name="ManagementDomain" default-realm="ManagementRealm" permission-mapper="default-permission-mapper">
<realm name="ManagementRealm" role-decoder="groups-to-roles"/>
<realm name="local" role-mapper="super-user-mapper"/>
</security-domain>
<security-domain name="ApplicationDomain" default-realm="ApplicationRealm" permission-mapper="default-permission-mapper">
<realm name="ApplicationRealm" role-decoder="groups-to-roles"/>
<realm name="local"/>
</security-domain>
<security-domain name="ABCSecurityDomain" default-realm="ABCRealm" permission-mapper="default-permission-mapper">
<realm name="ABCRealm"/>
<realm name="ABCAPIRealm"/>
<realm name="IDPWebRealm"/>
<realm name="DBPasswordRealm"/>
</security-domain>
</security-domains>
<security-realms>
<identity-realm name="local" identity="$local"/>
<properties-realm name="ApplicationRealm">
<users-properties path="application-users.properties" relative-to="jboss.server.config.dir" digest-realm-name="ApplicationRealm"/>
<groups-properties path="application-roles.properties" relative-to="jboss.server.config.dir"/>
</properties-realm>
<properties-realm name="ManagementRealm">
<users-properties path="mgmt-users.properties" relative-to="jboss.server.config.dir" digest-realm-name="ManagementRealm"/>
<groups-properties path="mgmt-groups.properties" relative-to="jboss.server.config.dir"/>
</properties-realm>
<jaas-realm name="ABCRealm" entry="ABC" module=" com.xx.abc.as.shared " callback-handler="com.xx.abc.as.server.undertow.GenericCallbackHandler">
<file path="${jboss.server.config.dir}/jaas-login-modules.conf"/>
</jaas-realm>
<jaas-realm name="ABCAPIRealm" entry="ABC-api" module=" com.xx.abc.as.shared " callback-handler="com.xx.abc.as.server.undertow.GenericCallbackHandler">
<file path="${jboss.server.config.dir}/jaas-login-modules.conf"/>
</jaas-realm>
<jaas-realm name="IDPWebRealm" entry="ABC-idp-web" module=" com.xx.abc.as.shared " callback-handler="com.xx.abc.as.server.undertow.GenericCallbackHandler">
<file path="${jboss.server.config.dir}/jaas-login-modules.conf"/>
</jaas-realm>
<jaas-realm name="DBPasswordRealm" entry="EncryptDBPassword" module="com.xx.abc.as.shared" callback-handler="com.xx.abc.as.server.undertow.GenericCallbackHandler">
<file path="${jboss.server.config.dir}/jaas-login-modules.conf"/>
</jaas-realm>
</security-realms>
<mappers>
<simple-permission-mapper name="default-permission-mapper" mapping-mode="first">
<permission-mapping>
<principal name="anonymous"/>
<permission-set name="default-permissions"/>
</permission-mapping>
<permission-mapping match-all="true">
<permission-set name="login-permission"/>
<permission-set name="default-permissions"/>
</permission-mapping>
</simple-permission-mapper>
<custom-principal-transformer name="ABCRealmPrincipalRewriter" module="com.xx.abc.as.shared" class-name=" com.xx.abc.as.server.elytron.ABCRealmPrincipalTransformer"/>
<constant-realm-mapper name="local" realm-name="local"/>
<custom-realm-mapper name="ABCRealmMapper" module="com.xx.abc.as.shared" class-name="com.xx.abc.as.server.elytron.ABCRealmMapper"/>
<simple-role-decoder name="groups-to-roles" attribute="groups"/>
<constant-role-mapper name="super-user-mapper">
<role name="SuperUser"/>
</constant-role-mapper>
</mappers>
<permission-sets>
<permission-set name="login-permission">
<permission class-name="org.wildfly.security.auth.permission.LoginPermission"/>
</permission-set>
<permission-set name="default-permissions">
<permission class-name="org.wildfly.extension.batch.jberet.deployment.Batcxxermission" module="org.wildfly.extension.batch.jberet" target-name="*"/>
<permission class-name="org.wildfly.transaction.client.RemoteTransactionPermission" module="org.wildfly.transaction.client"/>
<permission class-name="org.jboss.ejb.client.RemoteEJBPermission" module="org.jboss.ejb-client"/>
</permission-set>
</permission-sets>
<http>
<http-authentication-factory name="management-http-authentication" security-domain="ManagementDomain" http-server-mechanism-factory="global">
<mechanism-configuration>
<mechanism mechanism-name="DIGEST">
<mechanism-realm realm-name="ManagementRealm"/>
</mechanism>
</mechanism-configuration>
</http-authentication-factory>
<http-authentication-factory name="application-http-authentication" security-domain="ApplicationDomain" http-server-mechanism-factory="global">
<mechanism-configuration>
<mechanism mechanism-name="BASIC">
<mechanism-realm realm-name="ApplicationRealm"/>
</mechanism>
</mechanism-configuration>
</http-authentication-factory>
<http-authentication-factory name="ABC-custom-http-authentication" security-domain="ABCSecurityDomain" http-server-mechanism-factory="ABC-custom-auth-factory">
<mechanism-configuration>
<mechanism mechanism-name="ABC_WEB_AUTH" pre-realm-principal-transformer="ABCRealmPrincipalRewriter" post-realm-principal-transformer="ABCRealmPrincipalRewriter" realm-mapper="ABCRealmMapper"/>
</mechanism-configuration>
</http-authentication-factory>
<http-authentication-factory name="ABC-basic-http-authentication" security-domain="ABCSecurityDomain" http-server-mechanism-factory="global">
<mechanism-configuration>
<mechanism mechanism-name="BASIC">
<mechanism-realm realm-name="ABCRealm"/>
</mechanism>
</mechanism-configuration>
</http-authentication-factory>
<provider-http-server-mechanism-factory name="global"/>
<service-loader-http-server-mechanism-factory name="ABC-custom-auth-factory" module="com.xx.ov.ABC.as.shared"/>
</http>
<sasl>
<sasl-authentication-factory name="management-sasl-authentication" sasl-server-factory="configured" security-domain="ManagementDomain">
<mechanism-configuration>
<mechanism mechanism-name="JBOSS-LOCAL-USER" realm-mapper="local"/>
<mechanism mechanism-name="DIGEST-MD5">
<mechanism-realm realm-name="ManagementRealm"/>
</mechanism>
</mechanism-configuration>
</sasl-authentication-factory>
<sasl-authentication-factory name="application-sasl-authentication" sasl-server-factory="configured" security-domain="ApplicationDomain">
<mechanism-configuration>
<mechanism mechanism-name="JBOSS-LOCAL-USER" realm-mapper="local"/>
<mechanism mechanism-name="DIGEST-MD5">
<mechanism-realm realm-name="ApplicationRealm"/>
</mechanism>
</mechanism-configuration>
</sasl-authentication-factory>
<sasl-authentication-factory name="ABC-sasl-authentication" sasl-server-factory="configured" security-domain="ABCSecurityDomain">
<mechanism-configuration>
<mechanism mechanism-name="PLAIN"/>
</mechanism-configuration>
</sasl-authentication-factory>
<configurable-sasl-server-factory name="configured" sasl-server-factory="elytron">
<properties>
<property name="wildfly.sasl.local-user.default-user" value="$local"/>
<property name="wildfly.sasl.local-user.challenge-path" value="${jboss.server.temp.dir}/auth"/>
</properties>
</configurable-sasl-server-factory>
<mechanism-provider-filtering-sasl-server-factory name="elytron" sasl-server-factory="global">
<filters>
<filter provider-name="WildFlyElytron"/>
</filters>
</mechanism-provider-filtering-sasl-server-factory>
<provider-sasl-server-factory name="global"/>
</sasl>
<tls>
<key-stores>
<key-store name="remoting-server-key-store">
<credential-reference clear-text="abc"/>
<implementation type="${javax.net.ssl.keyStoreType}"/>
<file path="${javax.net.ssl.keyStore}"/>
</key-store>
<key-store name="remoting-server-trust-store">
<credential-reference clear-text="abc"/>
<implementation type="${javax.net.ssl.trustStoreType}"/>
<file path="${javax.net.ssl.trustStore}"/>
</key-store>
</key-stores>
<key-managers>
<key-manager name="remoting-key-manager" key-store="remoting-server-key-store">
<credential-reference clear-text="abc"/>
</key-manager>
</key-managers>
<trust-managers>
<trust-manager name="remoting-trust-manager" key-store="remoting-server-trust-store"/>
</trust-managers>
<server-ssl-contexts>
<server-ssl-context name="RemoteSslContext" cipher-suite-filter="TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,TLS_DHE_RSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_DHE_RSA_WITH_AES_128_GCM_SHA256" cipher-suite-names="TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_128_GCM_SHA256" protocols="TLSv1.2" want-client-auth="true" key-manager="remoting-key-manager" trust-manager="remoting-trust-manager"/>
</server-ssl-contexts>
<client-ssl-contexts>
<client-ssl-context name="ClientSslContext" cipher-suite-filter="TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,TLS_DHE_RSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_DHE_RSA_WITH_AES_128_GCM_SHA256" cipher-suite-names="TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_128_GCM_SHA256" protocols="TLSv1.2" key-manager="remoting-key-manager" trust-manager="remoting-trust-manager"/>
</client-ssl-contexts>
Reply all
Reply to author
Forward
0 new messages