Skip to main content

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [List Home]
Re: [jetty-users] Jetty 9.3-RC0 problem with SSL

Ah, this sounds familiar.

Try starting jetty with -Dorg.eclipse.jetty.LEVEL=DEBUG

https://bugs.eclipse.org/bugs/show_bug.cgi?id=430951#c39

and see if you get an error regarding cipher suites like I did

https://bugs.eclipse.org/bugs/show_bug.cgi?id=430951#c42

If you do, I think I know how to fix the problem.

Thomas wrote:
I have an Problem when i try to setup an jetty-9.3 with https.
I put all the config into one xml but there is an problem.
Can anyone give me some hints ?

Gruß Thomas

2015-05-14T00:41:15.700 INFO Started
ServerConnector@15b204a1{HTTP/1.1,[http/1.1, h2c, h2c-17, h2c-16,
h2c-15, h2c-14]}{0.0.0.0:80}
2015-05-14T00:41:15.732 INFO x509={jetty.mortbay.org=jetty} for
ExtendedSslContextFactory@47542153(file:///D:/workspace/JETTY-9.3/etc/keystore,file:///D:/workspace/JETTY-9.3/etc/keystore)
2015-05-14T00:41:15.747 INFO Started ServerConnector@4445629{SSL,[ssl,
http/1.1]}{0.0.0.0:443}
2015-05-14T00:41:15.747 INFO Started @1315ms
2015-05-14T00:41:18.685 WARN Illegal character 0x0 in state=START for
buffer
HeapByteBuffer@32bdf1a3[p=1,l=17408,c=17408,r=17407]={\x00<<<\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00...\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00>>>}
2015-05-14T00:41:18.696 WARN bad HTTP parsed: 400 Illegal character 0x0
for HttpChannelOverHttp@669a06e0{r=0,c=false,a=IDLE,uri=-}

<?xml version="1.0"?>
<!DOCTYPE Configure PUBLIC "-//Jetty//Configure//EN"
"http://www.eclipse.org/jetty/configure_9_3.dtd">
<Configure id="Server" class="org.eclipse.jetty.server.Server">
 <!-- uncomment to change type of threadpool <Arg name="threadpool"><New
id="threadpool"
class="org.eclipse.jetty.util.thread.QueuedThreadPool"/></Arg> -->
 <Get name="ThreadPool">
  <Set name="minThreads" type="int">10</Set>
  <Set name="maxThreads" type="int">200</Set>
  <Set name="idleTimeout" type="int">60000</Set>
  <Set name="detailedDump">false</Set>
 </Get>
 <Call name="addBean"><Arg><New
class="org.eclipse.jetty.util.thread.ScheduledExecutorScheduler"/></Arg></Call>
 <New id="httpConfig" class="org.eclipse.jetty.server.HttpConfiguration">
  <Set name="secureScheme"             >https</Set>
  <Set name="securePort"               >8443</Set>
  <Set name="outputBufferSize"         >32768</Set>
  <Set name="outputAggregationSize"    >8192</Set>
  <Set name="requestHeaderSize"        >8192</Set>
  <Set name="responseHeaderSize"       >8192</Set>
  <Set name="sendServerVersion"        >true</Set>
  <Set name="sendDateHeader"           >false</Set>
  <Set name="headerCacheSize"          >512</Set>
  <Set name="delayDispatchUntilContent">true</Set>
  <!-- Uncomment to enable handling of X-Forwarded- style headers <Call
name="addCustomizer"><Arg><New
class="org.eclipse.jetty.server.ForwardedRequestCustomizer"/></Arg></Call>
-->
 </New>
 <Set name="handler">
  <New id="Handlers"
class="org.eclipse.jetty.server.handler.HandlerCollection">
   <Set name="handlers">
    <Array type="org.eclipse.jetty.server.Handler">
     <Item><New id="Contexts"
class="org.eclipse.jetty.server.handler.ContextHandlerCollection"/></Item>
     <Item><New id="DefaultHandler"
class="org.eclipse.jetty.server.handler.DefaultHandler"/></Item>
    
     <Item>
         <New id="DebugHandler"
class="org.eclipse.jetty.server.handler.DebugHandler">
      <Set name="outputStream">
        <New class="org.eclipse.jetty.util.RolloverFileOutputStream">
          <Arg type="String"><Property name="jetty.debuglog.dir"
deprecated="jetty.logs" default="./logs"/>/yyyy_mm_dd.debug.log</Arg>
          <Arg type="boolean">true</Arg>
          <Arg type="int">90</Arg>
          <Arg>
            <Call class="java.util.TimeZone"
name="getTimeZone"><Arg>GMT</Arg></Call>
          </Arg>
        </New>
      </Set>
    </New>
     </Item>
    
    
    
    </Array>
   </Set>
  </New>
 </Set>
 <Set name="stopAtShutdown">true</Set>
 <Set name="stopTimeout">5000</Set>
 <Set name="dumpAfterStart">false</Set>
 <Set name="dumpBeforeStop">false</Set>
 
 <New id="sslHttpConfig" class="org.eclipse.jetty.server.HttpConfiguration">
    <Arg><Ref refid="httpConfig"/></Arg>
    <Call name="addCustomizer"><Arg><New
class="org.eclipse.jetty.server.SecureRequestCustomizer"><Arg
type="boolean">true</Arg></New></Arg></Call>
 </New>

  <New id="httpConFac" 
class="org.eclipse.jetty.server.HttpConnectionFactory"><Arg
name="config"><Ref refid="httpConfig"    /></Arg></New>
  <New id="httpsConFac"
class="org.eclipse.jetty.server.HttpConnectionFactory"><Arg
name="config"><Ref refid="sslHttpConfig" /></Arg></New>
  <New id="proxyConFac"
class="org.eclipse.jetty.server.ProxyConnectionFactory"/>
  <New id="http2ConFac"
class="org.eclipse.jetty.http2.server.HTTP2ServerConnectionFactory">
   <Arg name="config"><Ref refid="sslHttpConfig"/></Arg>
   <Set name="maxConcurrentStreams"   >1024</Set>
   <Set name="initialStreamSendWindow">65535</Set>
  </New>
 
   <Call name="addConnector" id="port.00080">
    <Arg>
      <New id="httpConnector"
class="org.eclipse.jetty.server.ServerConnector">
        <Arg name="server"><Ref refid="Server" /></Arg>
        <Arg name="acceptors" type="int">-1</Arg>
        <Arg name="selectors" type="int">-1</Arg>
        <Arg name="factories">
          <Array type="org.eclipse.jetty.server.ConnectionFactory">
            <!-- uncomment to support proxy protocol <Item><Ref
refid="proxyConFac"/></Item> -->
            <Item><Ref refid="httpConFac"/></Item>
          </Array>
        </Arg>
        <Set name="host"                 >0.0.0.0</Set>
        <Set name="port"                 >80</Set>
        <Set name="idleTimeout"          >30000</Set>
        <Set name="soLingerTime"         >-1</Set>
        <Set name="acceptorPriorityDelta">0</Set>
        <Set name="acceptQueueSize"      >0</Set>
        <Call name="addConnectionFactory">
         <Arg>
           <New
class="org.eclipse.jetty.http2.server.HTTP2CServerConnectionFactory">
             <Arg name="config"><Ref refid="httpConfig"/></Arg>
             <Set name="maxConcurrentStreams"   >1024</Set>
             <Set name="initialStreamSendWindow">65535</Set>
           </New>
         </Arg>
       </Call>
      </New>
    </Arg>
  </Call>

 <Call  name="addConnector" id="port.00443">
  <Arg>
    <New id="sslConnector" class="org.eclipse.jetty.server.ServerConnector">
      <Arg name="server"              ><Ref refid="Server" /></Arg>
      <Arg name="acceptors" type="int">-1</Arg>
      <Arg name="selectors" type="int">-1</Arg>
      <Arg name="factories">
       <Array type="org.eclipse.jetty.server.ConnectionFactory">
         <!-- uncomment to support proxy protocol <Item><Ref
refid="proxyConFac"/></Item> -->
         <Item>
          <New class="org.eclipse.jetty.server.SslConnectionFactory">
           <Arg name="sslContextFactory"> 
            <New id="sslContextFactory"
class="org.eclipse.jetty.util.ssl.ExtendedSslContextFactory">
             <Set name="useCipherSuitesOrder">true</Set>
             <Set name="KeyStorePath"        >./etc/keystore</Set>
             <Set name="KeyStorePassword"   
OBF:1vny1zlo1x8e1vnw1vn61x8g1zlu1vn4</Set>
             <Set name="KeyManagerPassword" 
OBF:1u2u1wml1z7s1z7a1wnl1u2g</Set>
             <Set name="TrustStorePath"      >./etc/keystore</Set>
             <Set name="TrustStorePassword" 
OBF:1vny1zlo1x8e1vnw1vn61x8g1zlu1vn4</Set>
             <Set name="EndpointIdentificationAlgorithm"></Set>
             <Set name="NeedClientAuth"      >false</Set>
             <Set name="WantClientAuth"      >false</Set>
             <Set name="ExcludeCipherSuites" >
              <Array type="String">
               <Item>SSL_RSA_WITH_DES_CBC_SHA</Item>
               <Item>SSL_DHE_RSA_WITH_DES_CBC_SHA</Item>
               <Item>SSL_DHE_DSS_WITH_DES_CBC_SHA</Item>
               <Item>SSL_RSA_EXPORT_WITH_RC4_40_MD5</Item>
               <Item>SSL_RSA_EXPORT_WITH_DES40_CBC_SHA</Item>
               <Item>SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA</Item>
               <Item>SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA</Item>
              </Array>
             </Set>
            </New>
           </Arg>
           <Arg name="next">http/1.1</Arg>
          </New>
         </Item>
         <Item><Ref refid="httpsConFac"/></Item>
         <Item><Ref refid="http2ConFac"/></Item>
       </Array>
      </Arg>
      <Set name="host">0.0.0.0</Set>
      <Set name="port">443</Set>
      <Set name="idleTimeout">30000</Set>
      <Set name="soLingerTime">-1</Set>
      <Set name="acceptorPriorityDelta">0</Set>
      <Set name="acceptQueueSize">0</Set>
    </New>
  </Arg>
 </Call>
</Configure>
_______________________________________________
jetty-users mailing list
jetty-users@xxxxxxxxxxx
To change your delivery options, retrieve your password, or unsubscribe from this list, visit
https://dev.eclipse.org/mailman/listinfo/jetty-users

--
Lobos Studios - Website and Mobile App Design & Development; IT Support; Computer Maintenance
Toll Free  877.919.4WEB - Apple Valley 760.684.8859 - Los Angeles 310.945.2410 - Cleveland 216.242.4010
www.LobosStudios.com * www.facebook.com/LobosStudios * @LobosStudios


Back to the top