[jetty-users] SSL breakage in 9.3.7.v20160115?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [List Home]

[jetty-users] SSL breakage in 9.3.7.v20160115?

From: David Kellum <dek94@xxxxxxxxxxxxx>
Date: Wed, 20 Jan 2016 12:11:08 -0800
Delivered-to: jetty-users@xxxxxxxxxxx
List-archive: <https://dev.eclipse.org/mailman/private/jetty-users>
List-help: <mailto:jetty-users-request@eclipse.org?subject=help>
List-subscribe: <https://dev.eclipse.org/mailman/listinfo/jetty-users>, <mailto:jetty-users-request@eclipse.org?subject=subscribe>
List-unsubscribe: <https://dev.eclipse.org/mailman/options/jetty-users>, <mailto:jetty-users-request@eclipse.org?subject=unsubscribe>

My integration tests started failing when I upgraded to 9.3.7.v20160115 from 9.3.6. SSL connections are failing. Turning debug logging on, the cause appears to be this:

javax.net.ssl.SSLHandshakeException: no cipher suites in common

My testing is using pretty generic (ruby) SSL access, default client settings.

Now some conjecture—looking through the available release notes:

https://github.com/eclipse/jetty.project/blob/jetty-9.3.x/VERSION.txt

485714 Update SSL configuration to mitigate SLOTH vulnerability

But the bugzilla issue sounds incomplete:

https://bugs.eclipse.org/bugs/show_bug.cgi?id=485714#c2

…and despite the claim that the change was reverted, this at least made it into the release:

https://github.com/eclipse/jetty.project/commit/0a1b0b2bc69ea7e7f5f44992f47a84f926cdeebb

Please advise? Thanks.

—David

Follow-Ups:
- Re: [jetty-users] SSL breakage in 9.3.7.v20160115?
  - From: Joakim Erdfelt

Prev by Date: Re: [jetty-users] no cookies?
Next by Date: Re: [jetty-users] SSL breakage in 9.3.7.v20160115?
Previous by thread: [jetty-users] jspwiki?
Next by thread: Re: [jetty-users] SSL breakage in 9.3.7.v20160115?
Index(es):
- Date
- Thread

Breadcrumbs