3 Replies Latest reply on Jun 16, 2015 11:56 AM by Jason Spittel

    Switching from Wildfly 8 to Wildfly 9, error using jboss CLI to add enabled-cipher-suites

    Jason Spittel Newbie

      In Wildfly 8, we were able to add multiple entries to the 'enabled-cipher-suites' property of the https-listener element in the standalone-full.xml file.

       

      ( e.g.

      <subsystem xmlns="urn:jboss:domain:undertow:2.0">

                  <buffer-cache name="default"/>

                  <server name="default-server">

                      <http-listener name="default" socket-binding="http"/>

                      <https-listener socket-binding="https" security-realm="ApplicationRealm" enabled-cipher-suites="TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384"/>

      )

      Changing the property manually (with comma separators) in the standalone-full.xml file creates no problem, both those ciphers would be enabled. So it's not a problem with what Wildfly is expecting.

       

      It's when it's entered via jboss-cli during our install process. If we try and put in these values via jboss-cli using the exact same syntax that worked in Wildfly 8, we get this error:

       

      WFLYCTL0097: Wrong type for enabled-cipher-suites. Expected [EXPRESSION, STRING] but was LIST

       

      I've tried all manner of escaping, even using colons, but jboss-cli seems to keep mucking it up or rejecting it. Trying to separate the cipher suites by a space results in all the spaces being ignored and one massive string.

       

      This is what was used in Wildfly 8 which produced perfectly a perfectly valid standalone-full.xml

       

      /subsystem=undertow/server=default-server/https-listener=default-https:add(enabled-cipher-suites=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384\,TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384\,TLS_DHE_RSA_WITH_AES_256_GCM_SHA384\,TLS_RSA_WITH_3DES_EDE_CBC_SHA,security-realm=ApplicationRealm,socket-binding=https)

       

       

      What is the syntax now, in Wildfly 9?