[jboss-jira] [JBoss JIRA] (WFLY-5632) Unable to configure https using CLI with attribute enabled-cipher-suites
Stuart Douglas (JIRA)
issues at jboss.org
Wed Nov 4 20:41:00 EST 2015
Stuart Douglas created WFLY-5632:
------------------------------------
Summary: Unable to configure https using CLI with attribute enabled-cipher-suites
Key: WFLY-5632
URL: https://issues.jboss.org/browse/WFLY-5632
Project: WildFly
Issue Type: Bug
Components: Web (Undertow)
Reporter: Martin Choma
Assignee: Stuart Douglas
User is unable to configure https using enabled-cipher-suites attribute
{code}
[standalone at localhost:9990 /] /core-service=management/security-realm=FIPSRealm:add
{"outcome" => "success"}
[standalone at localhost:9990 /] /core-service=management/security-realm=FIPSRealm/server-identity=ssl:add(keystore-provider=PKCS11, keystore-password="NSS FIPS 140-2 Certificate DB")
{
"outcome" => "success",
"response-headers" => {
"operation-requires-reload" => true,
"process-state" => "reload-required"
}
}
[standalone at localhost:9990 /] /subsystem=undertow/server=default-server/https-listener=https:add(socket-binding=https, security-realm=FIPSRealm, enabled-cipher-suites="DHE", enabled-protocols="TLSv1")
{
"outcome" => "failed",
"failure-description" => {"WFLYCTL0080: Failed services" => {"jboss.undertow.listener.https" => "org.jboss.msc.service.StartException in service jboss.undertow.listener.https: Failed to start service
Caused by: java.lang.NullPointerException"}},
"rolled-back" => true,
"response-headers" => {"process-state" => "reload-required"}
}
{code}
{code}
14:52:20,753 ERROR [org.jboss.msc.service.fail] (MSC service thread 1-1) MSC000001: Failed to start service jboss.undertow.listener.https: org.jboss.msc.service.StartException in service jboss.undertow.listener.https: Failed to start service
at org.jboss.msc.service.ServiceControllerImpl$StartTask.run(ServiceControllerImpl.java:1904)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
at java.lang.Thread.run(Thread.java:745)
Caused by: java.lang.NullPointerException
at org.wildfly.extension.undertow.HttpsListenerService.startListening(HttpsListenerService.java:120)
at org.wildfly.extension.undertow.ListenerService.start(ListenerService.java:138)
at org.jboss.msc.service.ServiceControllerImpl$StartTask.startService(ServiceControllerImpl.java:1948)
at org.jboss.msc.service.ServiceControllerImpl$StartTask.run(ServiceControllerImpl.java:1881)
... 3 more
14:52:20,753 ERROR [org.jboss.as.controller.management-operation] (management-handler-thread - 2) WFLYCTL0013: Operation ("add") failed - address: ([
("subsystem" => "undertow"),
("server" => "default-server"),
("https-listener" => "https")
]) - failure description: {"WFLYCTL0080: Failed services" => {"jboss.undertow.listener.https" => "org.jboss.msc.service.StartException in service jboss.undertow.listener.https: Failed to start service
Caused by: java.lang.NullPointerException"}}
{code}
This works OK. It means reload is used between commands
{code}
/core-service=management/security-realm=FIPSRealm:add
/core-service=management/security-realm=FIPSRealm/server-identity=ssl:add(keystore-provider=PKCS11, keystore-password="NSS FIPS 140-2 Certificate DB")
reload
/subsystem=undertow/server=default-server/https-listener=https:add(socket-binding=https, security-realm=FIPSRealm, enabled-cipher-suites="DHE", enabled-protocols="TLSv1")
{code}
Also same commands without enabled-cipher-suites works OK
{code}
/core-service=management/security-realm=FIPSRealm:add
/core-service=management/security-realm=FIPSRealm/server-identity=ssl:add(keystore-provider=PKCS11, keystore-password="NSS FIPS 140-2 Certificate DB")
/subsystem=undertow/server=default-server/https-listener=https:add(socket-binding=https, security-realm=FIPSRealm, enabled-protocols="TLSv1")
{code}
--
This message was sent by Atlassian JIRA
(v6.4.11#64026)
More information about the jboss-jira
mailing list