Incorrect log of TLS ciphersuites and protocols

Description

Steps in karaf 4.1.0 to reproduce the bug:

1. In file etc/org.ops4j.pax.logging.cfg, change the LOG level of log4j2.rootLogger.level from INFO to DEBUG

2. Unpack the attached zip file paxweb-conf.zip and copy the unpacked files to the folder etc.

Hier is the block which allows only TLS protocol TLSv1.2 and TLS cipher suite TLS_DHE_RSA_WITH_AES_128_CBC_SHA256.

1 2 3 4 5 6 7 8 9 org.ops4j.pax.web.ssl.protocols.included=TLSv1.2 #org.ops4j.pax.web.ssl.protocols.excluded= # No SHA1 (SHA), MD5 based ciphersuites here org.ops4j.pax.web.ssl.ciphersuites.included=TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 # If use jetty, the default is "^.*_(MD5|SHA|SHA1)$" #org.ops4j.pax.web.ssl.ciphersuites.excluded=

3. Start karaf

1 bin/karaf

4. Download the file ServletTest-0.0.1.jar which is attached in https://issues.apache.org/jira/browse/KARAF-4912.

5. Install feature http-whiteboard

1 karaf@root()> feature:install http-whiteboard

6. Install and start Servlet-0.0.1.jar

1 2 3 karaf@root()> install file:./ServletTest-0.0.1.jar Bundle ID: 101 karaf@root()> start 101

7. In log file data/log/karaf.log you will see log blocks as follows.

1 2 2017-02-28T22:10:59,538 | DEBUG | pipe-install file:./ServletTest-0.0.1.jar | SslContextFactory | 83 - org.eclipse.jetty.util - 9.3.15.v20161220 | Selected Protocols [TLSv1, TLSv1.1, TLSv1.2] of [SSLv2Hello, SSLv3, TLSv1, TLSv1.1, TLSv1.2] 2017-02-28T22:10:59,538 | DEBUG | pipe-install file:./ServletTest-0.0.1.jar | SslContextFactory | 83 - org.eclipse.jetty.util - 9.3.15.v20161220 | Selected Ciphers [TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384, ..., TLS_EMPTY_RENEGOTIATION_INFO_SCSV] of [TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384, ..., TLS_KRB5_EXPORT_WITH_DES_CBC_40_MD5]

The whole log file is attached.

Note that the configuration from Step 2 is processed correctly. Only the log block is incorrect.

Environment

Karaf 4.1.0

Status

Assignee

Unassigned

Reporter

Lijun Liao

Labels

None

Components

Fix versions

Affects versions

6.1.0
6.0.2

Priority

Major
Configure