Hi Dave, On 25/03/2010 21:47, David Fogel wrote: > Hi Bruno- > > So, I got Jetty working as the connector, and yes, it does seem to > work fine with our previously discussed HTTPS configuration. So that > can hold us for now, but we do eventually want to use the Simple > connector. > > Incidentally, based on recent postings to the simpleframework support > list, it appears that Niall (the author of Simple) plans to release a > bug-fix version in the next few days for some problem having to do > with a potential endless loop writing to a socket. So I wonder if > this could be part of the issue...
I think I've tracked down the problem to be a "Simple" bug: the output buffer used during the TLS handshake is too small to send a big list of CA certificates (since Simple always requests a client certificate, it sends the list of CAs it's willing to accept within the TLS CertificateRequest message: this list is longer with the default trust store bundled with the JRE and used when nothing is specified). More on this here: http://sourceforge.net/mailarchive/message.php?msg_name=4BACBFF1.7090108%40manchester.ac.uk Best wishes, Bruno. ------------------------------------------------------ http://restlet.tigris.org/ds/viewMessage.do?dsForumId=4447&dsMessageId=2465481
