Skip to main content

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [List Home]
Re: [jetty-users] Jetty : SSL not starting, unable to connect, redirection works

Jetty 9.2 is getting long in the tooth, you should upgrade to Jetty 9.3 or 9.4.

When you say "unable to connect" what are you using to test your connect?

And more importantly, what version of Java are you using?
Java 7 is expired and completely 100% unsuitable for using TLS/SSL on the modern web.
The release notes for the last public release of of Java 7 even says this.
Since you are wanting to use TLS/SSL, it is important, very important, that you stay up to date with the JVM you are using.
Read the release notes for the JVM you are wanting to use, if its expired, don't use it (many modern and up to date browsers will be unable to connect to it)
When you find a JVM that isn't expired, pay attention to when it will expire, and make sure you have a plan to upgrade your JVM before that expiration date.


Joakim Erdfelt / joakim@xxxxxxxxxxx

On Thu, Oct 5, 2017 at 4:23 AM, Weare Borg <kernelfreak@xxxxxxxxx> wrote:
I am trying to run our Spring-MVC based application in Jetty-9.2. I have configured the keystore, with the following commands, but I get unable to connect. The redirection from port-8080 to port-8443 works, but no content is served. Any ideas?

I keep getting unable to connect. What am I doing wrong? 

 I have also posted a question on Stackoverflow, in-case if anyone uses that. Link : https://stackoverflow.com/questions/46583696/jetty-ssl-not-starting-unable-to-connect-redirection-works

openssl genrsa -des3 -out jetty.key
openssl req -new -x509 -key jetty.key -out jetty.crt
keytool -keystore keystore -import -alias jetty -file jetty.crt -trustcacerts
openssl req -new -key jetty.key -out jetty.csr
openssl pkcs12 -inkey jetty.key -in jetty.crt -export -out jetty.pkcs12
keytool -importkeystore -srckeystore jetty.pkcs12 -srcstoretype PKCS12 -destkeystore keystore

<Configure id="sslContextFactory" class="org.eclipse.jetty.util.ssl.SslContextFactory">
  <Set name="KeyStorePath"><Property name="jetty.base" default="." />/<Property name="jetty.keystore" default="etc/keystore"/></Set>
  <Set name="KeyStorePassword"><Property name="jetty.keystore.password" default="OBF:1j8p1lf61mt71jn91w871w9j1jk91mpv1lcc1j6d"/></Set>
  <Set name="KeyManagerPassword"><Property name="jetty.keymanager.password" default="OBF:1j8p1lf61mt71jn91w871w9j1jk91mpv1lcc1j6d"/></Set>
  <Set name="TrustStorePath"><Property name="jetty.base" default="." />/<Property name="jetty.truststore" default="etc/keystore"/></Set>
  <Set name="TrustStorePassword"><Property name="jetty.truststore.password" default="OBF:1j8p1lf61mt71jn91w871w9j1jk91mpv1lcc1j6d"/></Set>
  <Set name="EndpointIdentificationAlgorithm"></Set>
  <Set name="NeedClientAuth"><Property name="jetty.ssl.needClientAuth" default="false"/></Set>
  <Set name="WantClientAuth"><Property name="jetty.ssl.wantClientAuth" default="false"/></Set>
  <Set name="ExcludeCipherSuites">
    <Array type="String">
      <Item>SSL_RSA_WITH_DES_CBC_SHA</Item>
      <Item>SSL_DHE_RSA_WITH_DES_CBC_SHA</Item>
      <Item>SSL_DHE_DSS_WITH_DES_CBC_SHA</Item>
      <Item>SSL_RSA_EXPORT_WITH_RC4_40_MD5</Item>
      <Item>SSL_RSA_EXPORT_WITH_DES40_CBC_SHA</Item>
      <Item>SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA</Item>
      <Item>SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA</Item>
    </Array>
  </Set>
15:33:19.682 [main] INFO  o.s.web.servlet.DispatcherServlet - FrameworkServlet 'appServlet': initialization completed in 1781 ms
2017-10-05 15:33:19.682:INFO:oejsh.ContextHandler:main: Started o.e.j.w.WebAppContext@6df97b55{/,file:/tmp/jetty-0.0.0.0-8080-ROOT.war-_-any-5927688960604772490.dir/webapp/,AVAILABLE}{/ROOT.war}
2017-10-05 15:33:19.692:INFO:oejs.ServerConnector:main: Started ServerConnector@1c0fe6c5{HTTP/1.1}{0.0.0.0:8080}
2017-10-05 15:33:19.692:INFO:oejs.Server:main: Started @18781ms

_______________________________________________
jetty-users mailing list
jetty-users@xxxxxxxxxxx
To change your delivery options, retrieve your password, or unsubscribe from this list, visit
https://dev.eclipse.org/mailman/listinfo/jetty-users


Back to the top