Unable to configure https using CLI with attribute enabled-cipher-suites ------------------------------------------------------------------------ Key: WFLY-5608 URL: https://issues.jboss.org/browse/WFLY-5608 Project: WildFly Issue Type: Bug Components: Web (Undertow) Reporter: Martin Choma Assignee: Darran Lofthouse User is unable to configure https using enabled-cipher-suites attribute {code} [standalone@localhost:9990 /] /core-service=management/security-realm=FIPSRealm:add {"outcome" => "success"} [standalone@localhost:9990 /] /core-service=management/security-realm=FIPSRealm/server-identity=ssl:add(keystore-provider=PKCS11, keystore-password="NSS FIPS 140-2 Certificate DB") { "outcome" => "success", "response-headers" => { "operation-requires-reload" => true, "process-state" => "reload-required" } } [standalone@localhost:9990 /] /subsystem=undertow/server=default-server/https-listener=https:add(socket-binding=https, security-realm=FIPSRealm, enabled-cipher-suites="DHE", enabled-protocols="TLSv1") { "outcome" => "failed", "failure-description" => {"WFLYCTL0080: Failed services" => {"jboss.undertow.listener.https" => "org.jboss.msc.service.StartException in service jboss.undertow.listener.https: Failed to start service Caused by: java.lang.NullPointerException"}}, "rolled-back" => true, "response-headers" => {"process-state" => "reload-required"} } {code} {code} 14:52:20,753 ERROR [org.jboss.msc.service.fail] (MSC service thread 1-1) MSC000001: Failed to start service jboss.undertow.listener.https: org.jboss.msc.service.StartException in service jboss.undertow.listener.https: Failed to start service at org.jboss.msc.service.ServiceControllerImpl$StartTask.run(ServiceControllerImpl.java:1904) at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142) at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617) at java.lang.Thread.run(Thread.java:745) Caused by: java.lang.NullPointerException at org.wildfly.extension.undertow.HttpsListenerService.startListening(HttpsListenerService.java:120) at org.wildfly.extension.undertow.ListenerService.start(ListenerService.java:138) at org.jboss.msc.service.ServiceControllerImpl$StartTask.startService(ServiceControllerImpl.java:1948) at org.jboss.msc.service.ServiceControllerImpl$StartTask.run(ServiceControllerImpl.java:1881) ... 3 more 14:52:20,753 ERROR [org.jboss.as.controller.management-operation] (management-handler-thread - 2) WFLYCTL0013: Operation ("add") failed - address: ([ ("subsystem" => "undertow"), ("server" => "default-server"), ("https-listener" => "https") ]) - failure description: {"WFLYCTL0080: Failed services" => {"jboss.undertow.listener.https" => "org.jboss.msc.service.StartException in service jboss.undertow.listener.https: Failed to start service Caused by: java.lang.NullPointerException"}} {code} This works OK. It means reload is used between commands {code} /core-service=management/security-realm=FIPSRealm:add /core-service=management/security-realm=FIPSRealm/server-identity=ssl:add(keystore-provider=PKCS11, keystore-password="NSS FIPS 140-2 Certificate DB") reload /subsystem=undertow/server=default-server/https-listener=https:add(socket-binding=https, security-realm=FIPSRealm, enabled-cipher-suites="DHE", enabled-protocols="TLSv1") {code} Also same commands without enabled-cipher-suites works OK {code} /core-service=management/security-realm=FIPSRealm:add /core-service=management/security-realm=FIPSRealm/server-identity=ssl:add(keystore-provider=PKCS11, keystore-password="NSS FIPS 140-2 Certificate DB") /subsystem=undertow/server=default-server/https-listener=https:add(socket-binding=https, security-realm=FIPSRealm, enabled-protocols="TLSv1") {code}