XNIO000011: Task io.undertow.protocols.ssl.SslConduit$5$1@6a6e313e failed with an exception: java.lang.NullPointerException

Solution Verified - Updated -

Environment

  • Red Hat JBoss Enterprise Application Platform (JBoss EAP)
    • 7.x
  • Java
    • Azul JDK
    • OpenJDK
    • OracleJDK

Issue

  • The following error is logged in the server.log file when connecting to the jboss-cli.sh or accessing the JBoss EAP management console.
XNIO000011: Task io.undertow.protocols.ssl.SslConduit$5$1@6a6e313e failed with an exception: java.lang.NullPointerException
    at org.bouncycastle.crypto.signers.PSSSigner.generateSignature(Unknown Source)
    at org.bouncycastle.jcajce.provider.asymmetric.rsa.PSSSignatureSpi.engineSign(Unknown Source)
    at java.security.Signature$Delegate.engineSign(Signature.java:1382)
    at java.security.Signature.sign(Signature.java:698)
    at sun.security.ssl.ECDHServerKeyExchange$ECDHServerKeyExchangeMessage.<init>(ECDHServerKeyExchange.java:177)
    at sun.security.ssl.ECDHServerKeyExchange$ECDHServerKeyExchangeProducer.produce(ECDHServerKeyExchange.java:495)
    at sun.security.ssl.ClientHello$T12ClientHelloConsumer.consume(ClientHello.java:1020)
    ...

Resolution

Disable "RSASSA-PSS" in java.security file, by adding it to the "jdk.tls.disabledAlgorithms" property, similar to below:

jdk.tls.disabledAlgorithms=SSLv3, TLSv1, TLSv1.1, RC4, DES, MD5withRSA, \
DH keySize < 1024, EC keySize < 224, 3DES_EDE_CBC, anon, NULL, \
include jdk.disabled.namedCurves, RSASSA-PSS

Root Cause

JDK-8253562

This solution is part of Red Hat’s fast-track publication program, providing a huge library of solutions that Red Hat engineers have created while supporting our customers. To give you the knowledge you need the instant it becomes available, these articles may be presented in a raw and unedited form.