<div dir="ltr">Hello,<div><br></div><div>I&#39;m having an issue when configuring a HTTPS listener for Undertow via the JBOSS standalone.xml method.</div><div><br></div><div>(Wildfly 8.0.0.CR1).</div><div><br></div><div>I get the following ecception on startup:</div>
<div><div>2014-01-16 16:00:34,521 ERROR [org.jboss.msc.service.fail](MSC service thread 1-9) MSC000001: Failed to start service jboss.undertow.listener.https: org.jboss.msc.service.StartException in service jboss.undertow.listener.https: Failed to start service</div>
<div><span class="" style="white-space:pre">        </span>at org.jboss.msc.service.ServiceControllerImpl$StartTask.run(ServiceControllerImpl.java:1904)</div><div><span class="" style="white-space:pre">        </span>at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145)</div>
<div><span class="" style="white-space:pre">        </span>at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615)</div><div><span class="" style="white-space:pre">        </span>at java.lang.Thread.run(Thread.java:724)</div>
<div>Caused by: java.lang.ClassCastException: Not a sequence</div><div><span class="" style="white-space:pre">        </span>at org.xnio.SequenceOption.cast(SequenceOption.java:57)</div><div><span class="" style="white-space:pre">        </span>at org.xnio.SequenceOption.cast(SequenceOption.java:31)</div>
<div><span class="" style="white-space:pre">        </span>at org.xnio.OptionMap.get(OptionMap.java:64)</div><div><span class="" style="white-space:pre">        </span>at org.xnio.OptionMap$Builder.copy(OptionMap.java:510)</div><div><span class="" style="white-space:pre">        </span>at org.xnio.OptionMap$Builder.addAll(OptionMap.java:522)</div>
<div><span class="" style="white-space:pre">        </span>at org.wildfly.extension.undertow.HttpListenerService.createOpenListener(HttpListenerService.java:91)</div><div><span class="" style="white-space:pre">        </span>at org.wildfly.extension.undertow.ListenerService.start(ListenerService.java:122)</div>
<div><span class="" style="white-space:pre">        </span>at org.jboss.msc.service.ServiceControllerImpl$StartTask.startService(ServiceControllerImpl.java:1948)</div><div><span class="" style="white-space:pre">        </span>at org.jboss.msc.service.ServiceControllerImpl$StartTask.run(ServiceControllerImpl.java:1881)</div>
<div><span class="" style="white-space:pre">        </span>... 3 more</div></div><div><br></div><div>My JBOSS Undertow configuration looks like this:</div><div><div>&lt;subsystem xmlns=&quot;urn:jboss:domain:undertow:1.0&quot;&gt;</div>
<div>        <span class="" style="white-space:pre">        </span>&lt;!-- SAA: for reference, there is not currently a default web xml in which we can globally disable unwanted HTTP methods.</div><div><span class="" style="white-space:pre">                        </span>We have to expect the reverse proxy web server to restrict them.</div>
<div><span class="" style="white-space:pre">                        </span>Nevertheless, Any Web Application can specifically disable them until JBoss start to provide a mechanism in here</div><div><span class="" style="white-space:pre">                        </span>--&gt;        </div>
<div>            &lt;buffer-caches&gt;</div><div>                &lt;buffer-cache name=&quot;default&quot; buffer-size=&quot;1024&quot; buffers-per-region=&quot;1024&quot; max-regions=&quot;10&quot;/&gt;</div><div>            &lt;/buffer-caches&gt;</div>
<div>            &lt;server name=&quot;default-server&quot;&gt;</div><div>            <span class="" style="white-space:pre">        </span>&lt;!-- SAA: for reference, in ajp the Servlet/JSP Request URL is formed from the host and port of the client; browser or proxy.</div>
<div><span class="" style="white-space:pre">                                </span>Web applications trying to use these values expecting them to be the local server and port would then be mistaken.</div><div><span class="" style="white-space:pre">                                </span>As a workaround, we expect the reverse proxy web server to modify the Host Request Header to be equal to ths server&#39;s fully qualified host name and respective port, this will then mimmick the </div>
<div><span class="" style="white-space:pre">                                </span>incoming requests to the http and https connectors.</div><div><span class="" style="white-space:pre">                                </span>One example where this is crucial is REIMS Central Authentication Server as these details must match up against the domain advertised cas server url with highest priority </div>
<div><span class="" style="white-space:pre">                                </span>--&gt;</div><div>                &lt;ajp-listener name=&quot;ajp&quot; socket-binding=&quot;ajp&quot;/&gt;</div><div>                &lt;http-listener name=&quot;http&quot; socket-binding=&quot;http&quot;/&gt;</div>
<div>                &lt;https-listener name=&quot;https&quot; socket-binding=&quot;https&quot; security-realm=&quot;ApplicationRealm&quot; enabled-cipher-suites=&quot;TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,TLS_RSA_WITH_AES_128_CBC_SHA,TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA,TLS_ECDH_RSA_WITH_AES_128_CBC_SHA,TLS_DHE_RSA_WITH_AES_128_CBC_SHA,TLS_DHE_DSS_WITH_AES_128_CBC_SHA,TLS_ECDHE_ECDSA_WITH_RC4_128_SHA,TLS_ECDHE_RSA_WITH_RC4_128_SHA,SSL_RSA_WITH_RC4_128_SHA,TLS_ECDH_ECDSA_WITH_RC4_128_SHA,TLS_ECDH_RSA_WITH_RC4_128_SHA,TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA,TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA,SSL_RSA_WITH_3DES_EDE_CBC_SHA,TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA,TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA,SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA,SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA,TLS_EMPTY_RENEGOTIATION_INFO_SCSV&quot; /&gt;</div>
<div>                &lt;host name=&quot;default-host&quot; alias=&quot;localhost&quot;&gt;</div><div>                    &lt;location name=&quot;/&quot; handler=&quot;welcome-content&quot;/&gt;</div><div>                    &lt;access-log directory=&quot;${jboss.server.base.dir}/log&quot; prefix=&quot;localhost_access_log.&quot;/&gt;</div>
<div>                &lt;/host&gt;</div><div>            &lt;/server&gt;</div><div>            &lt;servlet-container name=&quot;default&quot; default-buffer-cache=&quot;default&quot; stack-trace-on-error=&quot;local-only&quot;&gt;</div>
<div>                &lt;jsp-config x-powered-by=&quot;false&quot;/&gt;</div><div>                &lt;persistent-sessions/&gt;</div><div>            &lt;/servlet-container&gt;</div><div>            &lt;handlers&gt;</div><div>
                &lt;file name=&quot;welcome-content&quot; path=&quot;${jboss.home.dir}/welcome-content&quot; directory-listing=&quot;true&quot;/&gt;</div><div>            &lt;/handlers&gt;</div><div>        &lt;/subsystem&gt;</div>
</div><div><br></div><div>By process of elimination, I&#39;ve found that removing the &quot;enabled-cipher-suites&quot; attribute makes the problem go away, so obviously this is the culprit.</div><div><br></div><div>The value I&#39;m using for this attribute has simply been copied from our jboss-web configuration, previously &quot;cipher-suite&quot;.</div>
<div><br></div><div>Am I using the attribute wrong, or is this a bug?</div><div><br></div><div>Any help greatly appreciated.</div><div><br></div><div>Cheers, Andy.</div></div>