Skip to main content

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [List Home]
Re: [jetty-users] Jetty HandshakeCompletedListener for SSL ServerConnector

To add to this, Java 7 is EOL / End of Life by Oracle, and the last public release of Java 7 (7u80) expired July 14, 2015.
You should strive to update your version of Java soon.
Especially since you using SSL/TLS on the client and/or server side, as the configuration you are using for SSL/TLS is most likely vulnerable right now.
In order to keep up to date with general SSL/TLS changes (things that the industry as a whole are making), you need to keep your Java up to date too.

We see many folks limping along on TLS/1.0 or even SSLv3, not wanting to upgrade their encryption layers, usually because "it just works" or "we have legacy this and that", this is a very short lived mindset. (hopefully this doesn't describe your situation)
Current TLS/1.2 implementations (including Java 8+) have many things that TLS/1.0 or SSLv3 need just disabled, with an option to reenable those features to allow TLS/1.0 and SSLv3 to work.

Note that the current working group for the upcoming TLS/1.3 seem to be taking a stricter stance on this, with many proposals mandating that anything that even supports TLS/1.3 has to remove/eliminate/ban the vulnerable bits for all TLS support levels.  Should this become a reality in TLS/1.3 (and it looks like it will), then all of the delays people have made to upgrade their TLS/SSL layers will suddenly become urgent and mandatory, as configuring back to TLS/1.0 or SSLv3 will not even be an option anymore.


Joakim Erdfelt / joakim@xxxxxxxxxxx

On Wed, Aug 10, 2016 at 9:45 AM, Simone Bordet <sbordet@xxxxxxxxxxx> wrote:
Hi,

On Wed, Aug 10, 2016 at 6:12 PM, Melvin Witte
<melvin.witte@xxxxxxxxxxxxxx> wrote:
> Hi,
>
> I want to setup an embedded Jetty Server for testing using https connections
> (not WebSockets). I am bound by project dependencies to use Java 7 and
> downloaded Jetty version 9.2.17.
>
> While testing, I want to send a callback Message to listeners every time a
> handshake is completed. I found the SslHandshakeListener for Jetty 9.3.x,
> but fail to find a similar Listener for 9.2. Therefore my question:
>
> Is there any existing handshake listener class I can use or an easy way to
> implement one, maybe with using the javax.net.ssl.HandshakeCompletedListener
> interface?

No.

Furthermore, javax.net.ssl.HandshakeCompletedListener only works with
SSLSocket, not SSLEngine.

We won't backport that functionality to 9.2.x unless it's sponsored.

You may want to do the backport yourself by looking at the 9.3 commits.

Thanks !

--
Simone Bordet
----
http://cometd.org
http://webtide.com
Developer advice, training, services and support
from the Jetty & CometD experts.
_______________________________________________
jetty-users mailing list
jetty-users@xxxxxxxxxxx
To change your delivery options, retrieve your password, or unsubscribe from this list, visit
https://dev.eclipse.org/mailman/listinfo/jetty-users


Back to the top