This group is locked. No changes can be made to the group while it is locked.
[Openflow] TLS cipher suite cannot support exception
A Vamsikrishna
Hi All,
I am working on OFJ to allow users to configure cipher-suites to use with
SSLEngine. (https://git.opendaylight.org/gerrit/#/c/34942/).
I am trying to test it by configuring the cipher suites supported by
SunProvider 1.8, for e.g. TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384. (
http://docs.oracle.com/javase/8/docs/technotes/guides/security/SunProviders.html
).
However, I see an IllegalArgumentException exception indicating that the
cipher suite is not supported.
Can you please help me with this issue ?
Here is the stacktrace -->
2016-02-23 12:16:34,802 | WARN | entLoopGroup-9-2 | TcpChannelInitializer
| 262 - org.opendaylight.openflowjava.openflow-protocol-impl -
0.8.0.SNAPSHOT | Failed to initialize channel
java.lang.IllegalArgumentException: Cannot support
TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 with currently installed providers
at
sun.security.ssl.CipherSuiteList.<init>(CipherSuiteList.java:92)[:1.8.0_60]
at
sun.security.ssl.SSLEngineImpl.setEnabledCipherSuites(SSLEngineImpl.java:2038)[:1.8.0_60]
at
org.opendaylight.openflowjava.protocol.impl.core.TcpChannelInitializer.initChannel(TcpChannelInitializer.java:91)[262:org.opendaylight.openflowjava.openflow-protocol-impl:0.8.0.SNAPSHOT]
at
org.opendaylight.openflowjava.protocol.impl.core.TcpChannelInitializer.initChannel(TcpChannelInitializer.java:32)[262:org.opendaylight.openflowjava.openflow-protocol-impl:0.8.0.SNAPSHOT]
at
io.netty.channel.ChannelInitializer.channelRegistered(ChannelInitializer.java:68)[125:io.netty.transport:4.0.33.Final]
at
io.netty.channel.AbstractChannelHandlerContext.invokeChannelRegistered(AbstractChannelHandlerContext.java:143)[125:io.netty.transport:4.0.33.Final]
at
io.netty.channel.AbstractChannelHandlerContext.fireChannelRegistered(AbstractChannelHandlerContext.java:129)[125:io.netty.transport:4.0.33.Final]
at
io.netty.channel.DefaultChannelPipeline.fireChannelRegistered(DefaultChannelPipeline.java:733)[125:io.netty.transport:4.0.33.Final]
at
io.netty.channel.AbstractChannel$AbstractUnsafe.register0(AbstractChannel.java:450)[125:io.netty.transport:4.0.33.Final]
at
io.netty.channel.AbstractChannel$AbstractUnsafe.access$100(AbstractChannel.java:378)[125:io.netty.transport:4.0.33.Final]
at
io.netty.channel.AbstractChannel$AbstractUnsafe$1.run(AbstractChannel.java:424)[125:io.netty.transport:4.0.33.Final]
at
io.netty.util.concurrent.SingleThreadEventExecutor.runAllTasks(SingleThreadEventExecutor.java:329)[124:io.netty.common:4.0.33.Final]
at
io.netty.channel.nio.NioEventLoop.run(NioEventLoop.java:350)[125:io.netty.transport:4.0.33.Final]
at
io.netty.util.concurrent.SingleThreadEventExecutor$2.run(SingleThreadEventExecutor.java:112)[124:io.netty.common:4.0.33.Final]
at
io.netty.util.concurrent.DefaultThreadFactory$DefaultRunnableDecorator.run(DefaultThreadFactory.java:137)[124:io.netty.common:4.0.33.Final]
at java.lang.Thread.run(Thread.java:745)[:1.8.0_60]
I have tried to update the JCE policy files to include jars that provide unlimited
cryptographic strength:
http://www.oracle.com/technetwork/java/javase/downloads/jce8-download-2133166.html
But it did not work out even after my ODL restart (System:shutdown)
Any thoughts ?
Thanks,
Vamsi