Home > database >  wildfly/jboss (WildFly Core 17.0.3.Final) handskake failure with a GM protocol named GMTLSv1
wildfly/jboss (WildFly Core 17.0.3.Final) handskake failure with a GM protocol named GMTLSv1

Time:10-11

i am facing a problem, i want to config a ssl with GMTSL protocol,i have success config ssl with TLSV1.2.

the wireshark shows like that

TLSV1.2

GMTLSV1

For Wildfly/Jboss can establish GMTLS ssl connection , i have done

  1. add some properties in standalone.xml
<tls>
    <key-stores>
        <key-store name="customKS">
            <credential-reference clear-text="password"/>
            <implementation type="PKCS12"/>
            <file path="sm2.localhost.both.pfx" relative-to="jboss.server.config.dir"/>
        </key-store>
    </key-stores>
    <key-managers>
        <key-manager name="customKM" key-store="customKS" provider-name="GMJCE" algorithm="SunX509">
            <credential-reference clear-text="passowrd"/>
        </key-manager>
    </key-managers>
    <server-ssl-context name="customSSC" key-manager="customKM" provider-name="GMJSSE" protocols="GMSSLv1.1" />
    </server-ssl-contexts>
</tls>

...

<https-listener name="https" socket-binding="https" ssl-context="customSSC" enable-http2="true"/>
  1. let wildfly source code support GMSSLV1.1 protocol

IN class SSLDefinitions ALLOWED_PROTOCOLS add string "GMSSLv1.1" line 231

private static final String[] ALLOWED_PROTOCOLS = { "SSLv2", "SSLv2Hello", "SSLv3", "TLSv1", "TLSv1.1", "TLSv1.2", "TLSv1.3" , "GMSSLv1.1" };

In enum class Protocol add a constant line 15

  SSLv2("SSLV2"),
  SSLv3("SSLV3"),
  TLSv1("TLSV1"),
  TLSv1_1("TLSV1.1"),
  TLSv1_2("TLSV1.2"),
  TLSv1_3("TLSV1.3"),
  GMSSLv1_1("GMSSLV1.1"),
  SSLv2Hello("SSLV2HELLO");

when i have finish above things, the server start normally. The http uri visited successfully,but the https uri can't arrive, i use wireshark to capture package it show handshake failure. i don't know what's wrrog have happened!

CodePudding user response:

i have solved this proplem.

This core proplem is handshake failure.

To build a ssl channel, we need a keystore and a GMSSL type of SSLContext. Then to handshake,but handshake failure,so the proplem is happen in cihpersuite.At WildFly Core 17.0.3.Final the defalut cihpersuite is for TLS1.3,but i need is GMTSL,so i need to add myself's chipersuite.

  1. add chipersuite in TLS13MechanismDatabase.properties
ECC_SM4_CBC_SM3 = ECC_SM4_CBC_SM3,ANY,ANY,AES128CCM8,AEAD,TLSv1.3,false,HIGH,false,128,128,13,05
  1. edit standalone.xml

add cihper-suite-names

<server-ssl-context name="customSSC" key-manager="customKM" provider-name="GMJSSE" protocols="GMSSLv1.1" cipher-suite-names="ECC_SM4_CBC_SM3"/>

run the server

wireshark show GMSSL handshake success

Page link:https//www.codepudding.com/database/572233.html

Prev:Why I need an SSL certificate and SXG certificate separately to enable Signed Exchange for my websit
Next:ExpressJS with MySQL - PROTOCOL_PACKETS_OUT_OF_ORDER
  • Related

About Us:  Contact Us      Terms of Service       Privacy Policy

Copyright © 2010-2023,Powered By CodePudding