Hi, I noticed that Jetty 9.3.8.v20160314no longer supports TLS1.0/1.1 protocol. It only supports TLS1.2. I tested Jetty 9.3.7.v20160115 and 9.2.15.v20160210, both versions do support TLS1.0/1.1. So is this intentional or a bug? If it is intentional, how can I re-enable the TLS1.0/1.1 support? To verify this, just unzip 9.3.8.v20160314, cd to demo-base and run java -jar ../start.jar
Then use OpenSSL s_client to connect to it: openssl s_client -connect <your ip>:8443 -tls1 (or -tls1_1) You will get this: CONNECTED(00000003) 140064527169352:error:1409E0E5:SSL routines:SSL3_WRITE_BYTES:ssl handshake failure:s3_pkt.c:598: --- no peer certificate available --- No client certificate CA names sent --- SSL handshake has read 0 bytes and written 0 bytes --- New, (NONE), Cipher is (NONE) Secure Renegotiation IS NOT supported Compression: NONE Expansion: NONE SSL-Session: Protocol : TLSv1 Cipher : 0000 Session-ID: Session-ID-ctx: Master-Key: Key-Arg : None Krb5 Principal: None PSK identity: None PSK identity hint: None Start Time: 1460029515 Timeout : 7200 (sec) Verify return code: 0 (ok) --- However, if you run the same steps using 9.3.7/9.2.15, you will get this No client certificate CA names sent --- SSL handshake has read 1112 bytes and written 481 bytes --- New, TLSv1/SSLv3, Cipher is AES256-SHA Server public key is 2048 bit Secure Renegotiation IS supported Compression: NONE Expansion: NONE SSL-Session: Protocol : TLSv1 Cipher : AES256-SHA Session-ID: 5706478BAAA6CA7E1EA2E6621ED5BC112FDC600E1AF542CB402147DF50538B5D Session-ID-ctx: Master-Key: 68E655136B89BF66D0877019362BF3BC554032CC9CB97FC12253223E9AB4F63D5D3E05235C27C06AC549D3D120F5E133 Key-Arg : None Krb5 Principal: None PSK identity: None PSK identity hint: None Start Time: 1460029323 Timeout : 7200 (sec) Verify return code: 10 (certificate has expired) --- I have tried to add the following command line to Java -Xbootclasspath/p:/usr/jetty-9.3.8/lib/alpn-boot-8.1.7.v20160121.jar But it does not make any difference. Thanks, Joey
_______________________________________________ jetty-users mailing list [email protected] To change your delivery options, retrieve your password, or unsubscribe from this list, visit https://dev.eclipse.org/mailman/listinfo/jetty-users
