Hi list, I have two jettys running on one box with different ports. Both were 7.4.4 so far but do not share anything in common. One is for testing, one is for production. Today I thought I would update jetty. I used the testing jetty and upgrade to 7.6.10 at the afternoon.
It went fine and I wanted to wait a couple of days before I go with prod jetty. A couple of hours later I got a message from my monitoring tool that my non-ssl connector went down. I restartet and it went up ok. SSL worked btw. Checking my logfiles I saw a lot of these exceptions: 2013-04-11 18:19:49.267:WARN:oeji.nio:handle failed java.lang.RuntimeException: sun.security.pkcs11.wrapper.PKCS11Exception: CKR_DOMAIN_PARAMS_INVALID at sun.security.ssl.Handshaker.checkThrown(Handshaker.java:1029) at sun.security.ssl.SSLEngineImpl.checkTaskThrown(SSLEngineImpl.java:503) at sun.security.ssl.SSLEngineImpl.writeAppRecord(SSLEngineImpl.java:1128) at sun.security.ssl.SSLEngineImpl.wrap(SSLEngineImpl.java:1100) at javax.net.ssl.SSLEngine.wrap(SSLEngine.java:469) at org.eclipse.jetty.io.nio.SslConnection.wrap(SslConnection.java:460) at org.eclipse.jetty.io.nio.SslConnection.process(SslConnection.java:386) at org.eclipse.jetty.io.nio.SslConnection.access$900(SslConnection.java:48) at org.eclipse.jetty.io.nio.SslConnection$SslEndPoint.fill(SslConnection.java:678) at org.eclipse.jetty.http.HttpParser.fill(HttpParser.java:1040) at org.eclipse.jetty.http.HttpParser.parseNext(HttpParser.java:280) at org.eclipse.jetty.http.HttpParser.parseAvailable(HttpParser.java:235) at org.eclipse.jetty.server.AsyncHttpConnection.handle(AsyncHttpConnection.java:82) at org.eclipse.jetty.io.nio.SslConnection.handle(SslConnection.java:196) at org.eclipse.jetty.io.nio.SelectChannelEndPoint.handle(SelectChannelEndPoint.java:628) at org.eclipse.jetty.io.nio.SelectChannelEndPoint$1.run(SelectChannelEndPoint.java:52) at org.eclipse.jetty.util.thread.QueuedThreadPool.runJob(QueuedThreadPool.java:608) at org.eclipse.jetty.util.thread.QueuedThreadPool$3.run(QueuedThreadPool.java:543) at java.lang.Thread.run(Thread.java:636) I never had them before. I then disabled the testing jetty, but the exceptions kept going. As both jettys used the same keystore, I considered it might be problematic. So I went updating the prod jetty. Basically it was no problem and everything looks well, but the exceptions won't go away. I found a known issuen on openjdk and followed this instructions: http://shickys.blogspot.de/2012/11/addressing-openjdk-bug-with-ssl-on.html (basically editing the pck12 providers). But no luck. I checked this: keytool -list -keystore keystore -v just in any case. It appears CN= matches my domain and so I think it should be all well too. Now I am puzzled and don't know where to search for the error. Any ideas are highly appreciated. Thanks, Christian _______________________________________________ jetty-users mailing list [email protected] https://dev.eclipse.org/mailman/listinfo/jetty-users
