3 Replies Latest reply on Jun 16, 2015 11:56 AM by Jason Spittel

    Switching from Wildfly 8 to Wildfly 9, error using jboss CLI to add enabled-cipher-suites

    Jason Spittel Newbie

      In Wildfly 8, we were able to add multiple entries to the 'enabled-cipher-suites' property of the https-listener element in the standalone-full.xml file.


      ( e.g.

      <subsystem xmlns="urn:jboss:domain:undertow:2.0">

                  <buffer-cache name="default"/>

                  <server name="default-server">

                      <http-listener name="default" socket-binding="http"/>

                      <https-listener socket-binding="https" security-realm="ApplicationRealm" enabled-cipher-suites="TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384"/>


      Changing the property manually (with comma separators) in the standalone-full.xml file creates no problem, both those ciphers would be enabled. So it's not a problem with what Wildfly is expecting.


      It's when it's entered via jboss-cli during our install process. If we try and put in these values via jboss-cli using the exact same syntax that worked in Wildfly 8, we get this error:


      WFLYCTL0097: Wrong type for enabled-cipher-suites. Expected [EXPRESSION, STRING] but was LIST


      I've tried all manner of escaping, even using colons, but jboss-cli seems to keep mucking it up or rejecting it. Trying to separate the cipher suites by a space results in all the spaces being ignored and one massive string.


      This is what was used in Wildfly 8 which produced perfectly a perfectly valid standalone-full.xml





      What is the syntax now, in Wildfly 9?