XNIO000011: Task io.undertow.protocols.ssl.SslConduit$5$1@6a6e313e failed with an exception: java.lang.NullPointerException
Environment
- Red Hat JBoss Enterprise Application Platform (JBoss EAP)
- 7.x
- Java
- Azul JDK
- OpenJDK
- OracleJDK
Issue
- The following error is logged in the server.log file when connecting to the jboss-cli.sh or accessing the JBoss EAP management console.
XNIO000011: Task io.undertow.protocols.ssl.SslConduit$5$1@6a6e313e failed with an exception: java.lang.NullPointerException
at org.bouncycastle.crypto.signers.PSSSigner.generateSignature(Unknown Source)
at org.bouncycastle.jcajce.provider.asymmetric.rsa.PSSSignatureSpi.engineSign(Unknown Source)
at java.security.Signature$Delegate.engineSign(Signature.java:1382)
at java.security.Signature.sign(Signature.java:698)
at sun.security.ssl.ECDHServerKeyExchange$ECDHServerKeyExchangeMessage.<init>(ECDHServerKeyExchange.java:177)
at sun.security.ssl.ECDHServerKeyExchange$ECDHServerKeyExchangeProducer.produce(ECDHServerKeyExchange.java:495)
at sun.security.ssl.ClientHello$T12ClientHelloConsumer.consume(ClientHello.java:1020)
...
Resolution
Disable "RSASSA-PSS" in java.security file, by adding it to the "jdk.tls.disabledAlgorithms" property, similar to below:
jdk.tls.disabledAlgorithms=SSLv3, TLSv1, TLSv1.1, RC4, DES, MD5withRSA, \
DH keySize < 1024, EC keySize < 224, 3DES_EDE_CBC, anon, NULL, \
include jdk.disabled.namedCurves, RSASSA-PSS
Root Cause
This solution is part of Red Hat’s fast-track publication program, providing a huge library of solutions that Red Hat engineers have created while supporting our customers. To give you the knowledge you need the instant it becomes available, these articles may be presented in a raw and unedited form.
Comments