[jboss-jira] [JBoss JIRA] (WFLY-5608) Unable to configure https using CLI with attribute enabled-cipher-suites

Stuart Douglas (JIRA) issues at jboss.org
Thu Oct 29 21:35:00 EDT 2015 

     [ https://issues.jboss.org/browse/WFLY-5608?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Stuart Douglas moved UNDERTOW-571 to WFLY-5608:
-----------------------------------------------

              Project: WildFly  (was: Undertow)
                  Key: WFLY-5608  (was: UNDERTOW-571)
          Component/s: Web (Undertow)
                           (was: Security)
    Affects Version/s:     (was: 1.3.1.Final)


> Unable to configure https using CLI with attribute enabled-cipher-suites
> ------------------------------------------------------------------------
>
>                 Key: WFLY-5608
>                 URL: https://issues.jboss.org/browse/WFLY-5608
>             Project: WildFly
>          Issue Type: Bug
>          Components: Web (Undertow)
>            Reporter: Martin Choma
>            Assignee: Darran Lofthouse
>
> User is unable to configure https using enabled-cipher-suites attribute
> {code}
> [standalone at localhost:9990 /] /core-service=management/security-realm=FIPSRealm:add
> {"outcome" => "success"}
> [standalone at localhost:9990 /] /core-service=management/security-realm=FIPSRealm/server-identity=ssl:add(keystore-provider=PKCS11, keystore-password="NSS FIPS 140-2 Certificate DB")
> {
>     "outcome" => "success",
>     "response-headers" => {
>         "operation-requires-reload" => true,
>         "process-state" => "reload-required"
>     }
> }
> [standalone at localhost:9990 /] /subsystem=undertow/server=default-server/https-listener=https:add(socket-binding=https, security-realm=FIPSRealm, enabled-cipher-suites="DHE", enabled-protocols="TLSv1")
> {
>     "outcome" => "failed",
>     "failure-description" => {"WFLYCTL0080: Failed services" => {"jboss.undertow.listener.https" => "org.jboss.msc.service.StartException in service jboss.undertow.listener.https: Failed to start service
>     Caused by: java.lang.NullPointerException"}},
>     "rolled-back" => true,
>     "response-headers" => {"process-state" => "reload-required"}
> }
> {code}
> {code}
> 14:52:20,753 ERROR [org.jboss.msc.service.fail] (MSC service thread 1-1) MSC000001: Failed to start service jboss.undertow.listener.https: org.jboss.msc.service.StartException in service jboss.undertow.listener.https: Failed to start service
> 	at org.jboss.msc.service.ServiceControllerImpl$StartTask.run(ServiceControllerImpl.java:1904)
> 	at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
> 	at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
> 	at java.lang.Thread.run(Thread.java:745)
> Caused by: java.lang.NullPointerException
> 	at org.wildfly.extension.undertow.HttpsListenerService.startListening(HttpsListenerService.java:120)
> 	at org.wildfly.extension.undertow.ListenerService.start(ListenerService.java:138)
> 	at org.jboss.msc.service.ServiceControllerImpl$StartTask.startService(ServiceControllerImpl.java:1948)
> 	at org.jboss.msc.service.ServiceControllerImpl$StartTask.run(ServiceControllerImpl.java:1881)
> 	... 3 more
> 14:52:20,753 ERROR [org.jboss.as.controller.management-operation] (management-handler-thread - 2) WFLYCTL0013: Operation ("add") failed - address: ([
>     ("subsystem" => "undertow"),
>     ("server" => "default-server"),
>     ("https-listener" => "https")
> ]) - failure description: {"WFLYCTL0080: Failed services" => {"jboss.undertow.listener.https" => "org.jboss.msc.service.StartException in service jboss.undertow.listener.https: Failed to start service
>     Caused by: java.lang.NullPointerException"}}
> {code}
> This works OK. It means reload is used between commands
> {code}
> /core-service=management/security-realm=FIPSRealm:add
> /core-service=management/security-realm=FIPSRealm/server-identity=ssl:add(keystore-provider=PKCS11, keystore-password="NSS FIPS 140-2 Certificate DB")
> reload
> /subsystem=undertow/server=default-server/https-listener=https:add(socket-binding=https, security-realm=FIPSRealm, enabled-cipher-suites="DHE", enabled-protocols="TLSv1")
> {code}
> Also same commands without enabled-cipher-suites works OK
> {code}
> /core-service=management/security-realm=FIPSRealm:add
> /core-service=management/security-realm=FIPSRealm/server-identity=ssl:add(keystore-provider=PKCS11, keystore-password="NSS FIPS 140-2 Certificate DB")
> /subsystem=undertow/server=default-server/https-listener=https:add(socket-binding=https, security-realm=FIPSRealm, enabled-protocols="TLSv1")
> {code}



--
This message was sent by Atlassian JIRA
(v6.4.11#64026)

More information about the jboss-jira mailing list