Gut reaction: you are running an older JRE/JDK with known SSL/TLS bugs. Be sure you have Java 1.6 update 30 (or newer), or Java 1.7 update 15 (or newer)
-- Joakim Erdfelt <[email protected]> webtide.com <http://www.webtide.com/> Developer advice, services and support from the Jetty & CometD experts eclipse.org/jetty - cometd.org On Thu, Apr 11, 2013 at 11:30 AM, Christian Grobmeier <[email protected]>wrote: > Hi list, > > I have two jettys running on one box with different ports. Both were > 7.4.4 so far but do not share anything in common. One is for testing, > one is for production. > Today I thought I would update jetty. I used the testing jetty and > upgrade to 7.6.10 at the afternoon. > > It went fine and I wanted to wait a couple of days before I go with prod > jetty. > > A couple of hours later I got a message from my monitoring tool that > my non-ssl connector went down. I restartet and it went up ok. SSL > worked btw. > > Checking my logfiles I saw a lot of these exceptions: > > 2013-04-11 18:19:49.267:WARN:oeji.nio:handle failed > java.lang.RuntimeException: > sun.security.pkcs11.wrapper.PKCS11Exception: CKR_DOMAIN_PARAMS_INVALID > at sun.security.ssl.Handshaker.checkThrown(Handshaker.java:1029) > at sun.security.ssl.SSLEngineImpl.checkTaskThrown(SSLEngineImpl.java:503) > at sun.security.ssl.SSLEngineImpl.writeAppRecord(SSLEngineImpl.java:1128) > at sun.security.ssl.SSLEngineImpl.wrap(SSLEngineImpl.java:1100) > at javax.net.ssl.SSLEngine.wrap(SSLEngine.java:469) > at org.eclipse.jetty.io.nio.SslConnection.wrap(SslConnection.java:460) > at org.eclipse.jetty.io.nio.SslConnection.process(SslConnection.java:386) > at org.eclipse.jetty.io.nio.SslConnection.access$900(SslConnection.java:48) > at > org.eclipse.jetty.io.nio.SslConnection$SslEndPoint.fill(SslConnection.java:678) > at org.eclipse.jetty.http.HttpParser.fill(HttpParser.java:1040) > at org.eclipse.jetty.http.HttpParser.parseNext(HttpParser.java:280) > at org.eclipse.jetty.http.HttpParser.parseAvailable(HttpParser.java:235) > at > org.eclipse.jetty.server.AsyncHttpConnection.handle(AsyncHttpConnection.java:82) > at org.eclipse.jetty.io.nio.SslConnection.handle(SslConnection.java:196) > at > org.eclipse.jetty.io.nio.SelectChannelEndPoint.handle(SelectChannelEndPoint.java:628) > at > org.eclipse.jetty.io.nio.SelectChannelEndPoint$1.run(SelectChannelEndPoint.java:52) > at > org.eclipse.jetty.util.thread.QueuedThreadPool.runJob(QueuedThreadPool.java:608) > at > org.eclipse.jetty.util.thread.QueuedThreadPool$3.run(QueuedThreadPool.java:543) > at java.lang.Thread.run(Thread.java:636) > > > I never had them before. I then disabled the testing jetty, but the > exceptions kept going. > As both jettys used the same keystore, I considered it might be > problematic. So I went updating the prod jetty. Basically it was no > problem and everything looks well, but the exceptions > won't go away. > > I found a known issuen on openjdk and followed this instructions: > http://shickys.blogspot.de/2012/11/addressing-openjdk-bug-with-ssl-on.html > (basically editing the pck12 providers). > But no luck. > > I checked this: > keytool -list -keystore keystore -v > just in any case. It appears CN= matches my domain and so I think it > should be all well too. > > Now I am puzzled and don't know where to search for the error. > > Any ideas are highly appreciated. > > Thanks, > Christian > _______________________________________________ > jetty-users mailing list > [email protected] > https://dev.eclipse.org/mailman/listinfo/jetty-users >
_______________________________________________ jetty-users mailing list [email protected] https://dev.eclipse.org/mailman/listinfo/jetty-users
