This group is locked. No changes can be made to the group while it is locked.
Date
1 - 2 of 2
[Openflow] TLS cipher suite cannot support exception
Mohamed ElSerngawy
Hi Vamsikrishna,
keep in mind it is mutual communication, what openflow switch u use ? is it ovs bridge ?
BR
On Thu, Dec 14, 2017 at 8:51 AM, A Vamsikrishna <a.vamsikrishna@...> wrote:
Hi All,
I am working on OFJ to allow users to configure cipher-suites to use withSSLEngine. (https://git.opendaylight.org/gerrit/#/c/34942/). I am trying to test it by configuring the cipher suites supported bySunProvider 1.8, for e.g. TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384. ( http://docs.oracle.com/javase/8/docs/technotes/guides/ security/SunProviders.html ).However, I see an IllegalArgumentException exception indicating that thecipher suite is not supported.Can you please help me with this issue ?Here is the stacktrace -->2016-02-23 12:16:34,802 | WARN | entLoopGroup-9-2 | TcpChannelInitializer| 262 - org.opendaylight.openflowjava.openflow-protocol-impl - 0.8.0.SNAPSHOT | Failed to initialize channeljava.lang.IllegalArgumentException: Cannot support TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 with currently installed providers atsun.security.ssl.CipherSuiteList.<init>( CipherSuiteList.java:92)[:1.8. 0_60] atsun.security.ssl.SSLEngineImpl. setEnabledCipherSuites( SSLEngineImpl.java:2038)[:1.8. 0_60] atorg.opendaylight.openflowjava.protocol.impl.core. TcpChannelInitializer. initChannel( TcpChannelInitializer.java:91) [262:org.opendaylight. openflowjava.openflow- protocol-impl:0.8.0.SNAPSHOT] atorg.opendaylight.openflowjava.protocol.impl.core. TcpChannelInitializer. initChannel( TcpChannelInitializer.java:32) [262:org.opendaylight. openflowjava.openflow- protocol-impl:0.8.0.SNAPSHOT] atio.netty.channel.ChannelInitializer. channelRegistered( ChannelInitializer.java:68)[ 125:io.netty.transport:4.0.33. Final] atio.netty.channel.AbstractChannelHandlerContext. invokeChannelRegistered( AbstractChannelHandlerContext. java:143)[125:io.netty. transport:4.0.33.Final] atio.netty.channel.AbstractChannelHandlerContext. fireChannelRegistered( AbstractChannelHandlerContext. java:129)[125:io.netty. transport:4.0.33.Final] atio.netty.channel.DefaultChannelPipeline. fireChannelRegistered( DefaultChannelPipeline.java: 733)[125:io.netty.transport:4. 0.33.Final] atio.netty.channel.AbstractChannel$ AbstractUnsafe.register0( AbstractChannel.java:450)[125: io.netty.transport:4.0.33. Final] atio.netty.channel.AbstractChannel$ AbstractUnsafe.access$100( AbstractChannel.java:378)[125: io.netty.transport:4.0.33. Final] atio.netty.channel.AbstractChannel$ AbstractUnsafe$1.run( AbstractChannel.java:424)[125: io.netty.transport:4.0.33. Final] atio.netty.util.concurrent.SingleThreadEventExecutor. runAllTasks( SingleThreadEventExecutor. java:329)[124:io.netty.common: 4.0.33.Final] atio.netty.channel.nio.NioEventLoop.run(NioEventLoop. java:350)[125:io.netty. transport:4.0.33.Final] atio.netty.util.concurrent.SingleThreadEventExecutor$2. run(SingleThreadEventExecutor. java:112)[124:io.netty.common: 4.0.33.Final] atio.netty.util.concurrent.DefaultThreadFactory$ DefaultRunnableDecorator.run( DefaultThreadFactory.java:137) [124:io.netty.common:4.0.33. Final] at java.lang.Thread.run(Thread.java:745)[:1.8.0_60]
I have tried to update the JCE policy files to include jars that provide unlimitedcryptographic strength:http://www.oracle.com/technetwork/java/javase/ downloads/jce8-download- 2133166.html
But it did not work out even after my ODL restart (System:shutdown)
Any thoughts ?
Thanks,
Vamsi
_______________________________________________
openflowjava-dev mailing list
openflowjava-dev@lists.opendaylight.org
https://lists.opendaylight.org/mailman/listinfo/ openflowjava-dev
A Vamsikrishna
Hi All,
I am working on OFJ to allow users to configure cipher-suites to use with
SSLEngine. (https://git.opendaylight.org/gerrit/#/c/34942/).
I am trying to test it by configuring the cipher suites supported by
SunProvider 1.8, for e.g. TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384. (
http://docs.oracle.com/javase/8/docs/technotes/guides/security/SunProviders.html
).
However, I see an IllegalArgumentException exception indicating that the
cipher suite is not supported.
Can you please help me with this issue ?
Here is the stacktrace -->
2016-02-23 12:16:34,802 | WARN | entLoopGroup-9-2 | TcpChannelInitializer
| 262 - org.opendaylight.openflowjava.openflow-protocol-impl -
0.8.0.SNAPSHOT | Failed to initialize channel
java.lang.IllegalArgumentException: Cannot support
TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 with currently installed providers
at
sun.security.ssl.CipherSuiteList.<init>(CipherSuiteList.java:92)[:1.8.0_60]
at
sun.security.ssl.SSLEngineImpl.setEnabledCipherSuites(SSLEngineImpl.java:2038)[:1.8.0_60]
at
org.opendaylight.openflowjava.protocol.impl.core.TcpChannelInitializer.initChannel(TcpChannelInitializer.java:91)[262:org.opendaylight.openflowjava.openflow-protocol-impl:0.8.0.SNAPSHOT]
at
org.opendaylight.openflowjava.protocol.impl.core.TcpChannelInitializer.initChannel(TcpChannelInitializer.java:32)[262:org.opendaylight.openflowjava.openflow-protocol-impl:0.8.0.SNAPSHOT]
at
io.netty.channel.ChannelInitializer.channelRegistered(ChannelInitializer.java:68)[125:io.netty.transport:4.0.33.Final]
at
io.netty.channel.AbstractChannelHandlerContext.invokeChannelRegistered(AbstractChannelHandlerContext.java:143)[125:io.netty.transport:4.0.33.Final]
at
io.netty.channel.AbstractChannelHandlerContext.fireChannelRegistered(AbstractChannelHandlerContext.java:129)[125:io.netty.transport:4.0.33.Final]
at
io.netty.channel.DefaultChannelPipeline.fireChannelRegistered(DefaultChannelPipeline.java:733)[125:io.netty.transport:4.0.33.Final]
at
io.netty.channel.AbstractChannel$AbstractUnsafe.register0(AbstractChannel.java:450)[125:io.netty.transport:4.0.33.Final]
at
io.netty.channel.AbstractChannel$AbstractUnsafe.access$100(AbstractChannel.java:378)[125:io.netty.transport:4.0.33.Final]
at
io.netty.channel.AbstractChannel$AbstractUnsafe$1.run(AbstractChannel.java:424)[125:io.netty.transport:4.0.33.Final]
at
io.netty.util.concurrent.SingleThreadEventExecutor.runAllTasks(SingleThreadEventExecutor.java:329)[124:io.netty.common:4.0.33.Final]
at
io.netty.channel.nio.NioEventLoop.run(NioEventLoop.java:350)[125:io.netty.transport:4.0.33.Final]
at
io.netty.util.concurrent.SingleThreadEventExecutor$2.run(SingleThreadEventExecutor.java:112)[124:io.netty.common:4.0.33.Final]
at
io.netty.util.concurrent.DefaultThreadFactory$DefaultRunnableDecorator.run(DefaultThreadFactory.java:137)[124:io.netty.common:4.0.33.Final]
at java.lang.Thread.run(Thread.java:745)[:1.8.0_60]
I have tried to update the JCE policy files to include jars that provide unlimited
cryptographic strength:
http://www.oracle.com/technetwork/java/javase/downloads/jce8-download-2133166.html
But it did not work out even after my ODL restart (System:shutdown)
Any thoughts ?
Thanks,
Vamsi