[jetty-users] Issue with Establishing TLSv1.3

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [List Home]

[jetty-users] Issue with Establishing TLSv1.3 - Jetty-9.4.34

From: Eze Ikonne <ike.ikonne@xxxxxxxxxx>
Date: Tue, 2 Feb 2021 20:05:40 +0000
Accept-language: en-US
Arc-authentication-results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=aricent.com; dmarc=pass action=none header.from=aricent.com; dkim=pass header.d=aricent.com; arc=none
Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=4MPmGDUXH+Vkc3KEvxkiPXcZ3Z3xL4SHoMe5mBYz/fo=; b=l5CPVcw8SpMs8cs6aYiwyaG+2zk4f/RYCEWbD9XwJOCZobsDOPoNBVKZYTngH27KLuqgZtoN//rTsXcFfms18FPgbMaN+E7D8vPCdhgLCNIWSJbjqywAJrPxYSX7Ln8r1zflWGZ2rKXs+9leuF4Lr29N03L6SJU71qWPhbvm7KQ8vcXoNlxZmyY6vMzo/RiyWNIAOX5kAsRjdNORsmZeBg2nb0zwxraU26xDxJSGXO5V/Xi07QEYC6ctBOvmctDpVx4AeFz2S8IDjAjEWNIMmtYHSfcT3w/ZsCsGXqj/5nDIBts8aMoH+kh1Z/s99buDP9/7J8gR+a+6ms0X3cHVtQ==
Arc-seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=GbNBG0Ef5ATXGFxxKkfXZp/ywneXIOBY3FWPmOVKsnYO6nqsvGnUTLRPuoxDD956ftUGODO4GDoaq6gDcIMR/iTPzfhHhD4LcScK0LSnIzVviXUnJsrWNotWDZKhlsI/AdH2aTDzKl2v+4HqHa9r6fuIBO+2qCtQgFiWXqrpPw3lGi93rwz4JbBvfJNR267oSPdgt1yE7msGONQF+j79ex+LJ01+sWHsnRRWxldAAInjfjByd5pc2GZVDeJIiReYUzGog8O3U8DfohG0Ipcd3cXPSDX4u+E8YksNR9nxNg3Y7ntHimqwPqmpIUAWFhb32PZZRL+jPr+LPTkW0YoS2g==
Delivered-to: jetty-users@xxxxxxxxxxx
List-archive: <https://www.eclipse.org/mailman/private/jetty-users/>
List-help: <mailto:jetty-users-request@eclipse.org?subject=help>
List-subscribe: <https://www.eclipse.org/mailman/listinfo/jetty-users>, <mailto:jetty-users-request@eclipse.org?subject=subscribe>
List-unsubscribe: <https://www.eclipse.org/mailman/options/jetty-users>, <mailto:jetty-users-request@eclipse.org?subject=unsubscribe>
Thread-index: Adb5nUP/t6SqUm3TQ+S8p+9ATW1dEA==
Thread-topic: Issue with Establishing TLSv1.3 - Jetty-9.4.34

Hi all,

I need some clarifications regarding the proper names for TLSv1.3 cipher suites. So, in the previous versions of our embedded Jetty,

we had to prefix ciphersuites with “SSL_” otherwise the configured ciphersuites were not recognized by Jetty SSL context modules.

Now, we want to support TLSv1.3 and we are getting the following error messages. On the surface, it appears that Jetty doesn’t

allow the TLSv1.3 cipher suites prefixed with “SSL_”, please could some one help me out with clarification on how to specify TLSv1.3 cipher suites for Jetty. Please see below.

2021-02-02 14:22:08,771 [main] INFO ContextHandler - Started o.e.j.w.WebAppContext@471d9180{sspcmrest,/sspcmrest,file:///C:/Users/xxx/sandbox/xxxx6020-20201124-MAINT-BUILD110/apps/jetty/webservices/webapps/sspcmrest/,AVAILABLE}{C:\Users\xxxxx\sandbox\xxxx6020-20201124-MAINT-BUILD110\apps\jetty\webservices\webapps\sspcmrest}

2021-02-02 14:22:08,771 [main] INFO session - DefaultSessionIdManager workerName=node0

2021-02-02 14:22:08,771 [main] INFO session - No SessionScavenger set, using defaults

2021-02-02 14:22:08,771 [main] INFO session - node0 Scavenging every 600000ms

2021-02-02 14:22:08,865 [main] INFO SslContextFactory - x509=X509@979e5720(webserverkeycert,h=[xxxx.com, xxxx.com, xxxx.com, xxxx.com, xxxx.com, xxxx.com, xxxx.com],w=[]) for JettySslContextFactory@3d4b29ca[provider=null,keyStore=null,trustStore=null]

2021-02-02 14:22:09,005 [main] INFO SslContextFactory - No Cipher Suite matching 'SSL_AES_256_GCM_SHA384' is supported

2021-02-02 14:22:09,005 [main] INFO SslContextFactory - No Cipher Suite matching 'SSL_CHACHA20_POLY1305_SHA256' is supported

2021-02-02 14:22:09,005 [main] INFO SslContextFactory - No Cipher Suite matching 'SSL_AES_128_GCM_SHA256' is supported

2021-02-02 14:22:09,005 [main] WARN SslContextFactory - No supported Cipher Suite from [TLS_AES_256_GCM_SHA384, TLS_CHACHA20_POLY1305_SHA256, TLS_AES_128_GCM_SHA256, SSL_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, SSL_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, SSL_ECDHE_RSA_WITH_AES_256_GCM_SHA384, SSL_RSA_WITH_AES_256_GCM_SHA384, SSL_ECDH_ECDSA_WITH_AES_256_GCM_SHA384, SSL_ECDH_RSA_WITH_AES_256_GCM_SHA384, SSL_DHE_RSA_WITH_AES_256_GCM_SHA384, SSL_DHE_DSS_WITH_AES_256_GCM_SHA384, SSL_ECDHE_RSA_WITH_AES_128_GCM_SHA256, SSL_RSA_WITH_AES_128_GCM_SHA256, SSL_ECDH_ECDSA_WITH_AES_128_GCM_SHA256, SSL_ECDH_RSA_WITH_AES_128_GCM_SHA256, SSL_DHE_RSA_WITH_AES_128_GCM_SHA256, SSL_DHE_DSS_WITH_AES_128_GCM_SHA256, SSL_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384, SSL_ECDHE_RSA_WITH_AES_256_CBC_SHA384, SSL_RSA_WITH_AES_256_CBC_SHA256, SSL_ECDH_ECDSA_WITH_AES_256_CBC_SHA384, SSL_ECDH_RSA_WITH_AES_256_CBC_SHA384, SSL_DHE_RSA_WITH_AES_256_CBC_SHA256, SSL_DHE_DSS_WITH_AES_256_CBC_SHA256, SSL_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, SSL_ECDHE_RSA_WITH_AES_256_CBC_SHA, SSL_RSA_WITH_AES_256_CBC_SHA, SSL_ECDH_ECDSA_WITH_AES_256_CBC_SHA, SSL_ECDH_RSA_WITH_AES_256_CBC_SHA, SSL_DHE_RSA_WITH_AES_256_CBC_SHA, SSL_DHE_DSS_WITH_AES_256_CBC_SHA, SSL_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256, SSL_ECDHE_RSA_WITH_AES_128_CBC_SHA256, SSL_RSA_WITH_AES_128_CBC_SHA256, SSL_ECDH_ECDSA_WITH_AES_128_CBC_SHA256, SSL_ECDH_RSA_WITH_AES_128_CBC_SHA256, SSL_DHE_RSA_WITH_AES_128_CBC_SHA256, SSL_DHE_DSS_WITH_AES_128_CBC_SHA256, SSL_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, SSL_ECDHE_RSA_WITH_AES_128_CBC_SHA, SSL_RSA_WITH_AES_128_CBC_SHA, SSL_ECDH_ECDSA_WITH_AES_128_CBC_SHA, SSL_ECDH_RSA_WITH_AES_128_CBC_SHA, SSL_DHE_RSA_WITH_AES_128_CBC_SHA, SSL_DHE_DSS_WITH_AES_128_CBC_SHA, TLS_EMPTY_RENEGOTIATION_INFO_SCSV, TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256, TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256, TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256]

2021-02-02 14:22:09,068 [main] INFO AbstractConnector - Started ServerConnector@40dd70fc{SSL, (ssl, http/1.1)}{0.0.0.0:8443}

2021-02-02 14:22:09,068 [main] INFO Server - Started @20296ms

=====================================================
Please refer to https://northamerica.altran.com/email-disclaimer
for important disclosures regarding this electronic communication.
=====================================================

Follow-Ups:
- Re: [jetty-users] Issue with Establishing TLSv1.3 - Jetty-9.4.34
  - From: Joakim Erdfelt

Prev by Date: Re: [jetty-users] File upload failing with InterruptedException in Jetty serer
Next by Date: Re: [jetty-users] Issue with Establishing TLSv1.3 - Jetty-9.4.34
Previous by thread: [jetty-users] File upload failing with InterruptedException in Jetty serer
Next by thread: Re: [jetty-users] Issue with Establishing TLSv1.3 - Jetty-9.4.34
Index(es):
- Date
- Thread

Breadcrumbs