Skip to main content
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [List Home]
Re: [jetty-users] "early EOF" warning when https call from old application in 9.2.9.v2015022er
Thanks both. (And good to know Simone )

Jetty9 server: Bits of my start.ini (installed as windows service) are being ignored, like send server version, and now javax.net.debug=all. In prunmgr however adding -Djavax.net.debug=all made the logging very active indeed.

For every :443/../rest call this is repeated:


qtp999661724-87, fatal error: 10: General SSLEngine problem
javax.net.ssl.SSLHandshakeException: SSLv2Hello is disabled
qtp999661724-87, SEND TLSv1.2 ALERT:  fatal, description = unexpected_message
qtp999661724-87, WRITE: TLSv1.2 Alert, length = 2
qtp999661724-87, fatal: engine already closed.  Rethrowing javax.net.ssl.SSLHandshakeException: SSLv2Hello is disabled
HttpClient-332, called closeInbound()
HttpClient-332, fatal error: 80: Inbound closed before receiving peer's close_notify: possible truncation attack?
javax.net.ssl.SSLException: Inbound closed before receiving peer's close_notify: possible truncation attack?
HttpClient-332, SEND TLSv1.2 ALERT:  fatal, description = internal_error
HttpClient-332, WRITE: TLSv1.2 Alert, length = 2
[Raw write]: length = 7
0000: 15 03 03 00 02 02 50                               ......P
HttpClient-332, called closeInbound()
HttpClient-332, closeInboundInternal()
HttpClient-332, called closeInbound()
HttpClient-332, closeInboundInternal()
2017-02-01 17:30:30.515:WARN:oejc.HttpExchange:HttpClient-332: EXCEPTION adapter1@6787ac61=GET//domain:443/geoserver/rest#WAITING(0ms)->EXCEPTED(0ms)sent=0ms
org.eclipse.jetty.io.EofException: early EOF

Right now TLS 1.0, 1.1 and 1.2 are accepted, no SSL version.

Regards,
David

On Tue, Jan 31, 2017 at 7:51 PM, Simone Bordet <sbordet@xxxxxxxxxxx> wrote:
Hi,

On Tue, Jan 31, 2017 at 6:08 PM, David Persson <perssond9@xxxxxxxxx> wrote:
> It isn't clear to me where to enable javax.net.debug=all.

On the server that closes the connection, and on the client that
receives the connection closed.

> The server jetty9 does not have slf4jlog or javautillog defined, the level
> is at debug when I open prunmgr//ES//nameofservice, the stack trace from
> this server log is in the first email.
>
> I don't even know whether "GET//domain:443/geoserver/rest" means an http
> prefix or an https prefix but I suppose http since our Jetty9 says
> connection reset to those.

As I said, this is very unlikely.
The issue is probably something different.

> Will probably need to hire external help here but thanks for your time.

You can hire us :)
https://webtide.com/

--
Simone Bordet
----
http://cometd.org
http://webtide.com
Developer advice, training, services and support
from the Jetty & CometD experts.
_______________________________________________
jetty-users mailing list
jetty-users@xxxxxxxxxxx
To change your delivery options, retrieve your password, or unsubscribe from this list, visit
https://dev.eclipse.org/mailman/listinfo/jetty-users

Back to the top