search

SilleBille / pki

Dogtag PKI Issues should be reported to the Dogtag PKI Pagure Issues site
https://pagure.io/dogtagpki/issues
GNU General Public License v2.0
1 stars 1 forks source link

Port to TLS 1.3 / Java 11 #487

Closed SilleBille closed 4 years ago

SilleBille commented 4 years ago

This issue was migrated from Pagure Issue #3088.Originally filed by tjaalton on 2019-01-17

Recent changes to JSS to support Java 11 allow (a patched) Dogtag to build with Java 11, but there are issues when doing a pkispawn where the instance doesn't actually get SSL set up properly, failing pkispawn.

WARNING: The JSSE TLS 1.3 implementation does not support authentication after the initial handshake and is therefore incompatible with optional client authentication SEVERE: Failed to initialize component [Connector[org.dogtagpki.tomcat.Http11NioProtocol-8443]] Caused by: java.lang.IllegalArgumentException: Alias name [sslserver] does not identify a key entry

SilleBille commented 4 years ago

Posted by tjaalton on 2019-01-17:

Forcing TLS 1.2 in SSLHostConfig didn't seem to work either.