Thanks both. (And good to know Simone ) Jetty9 server: Bits of my start.ini (installed as windows service) are being ignored, like send server version, and now javax.net.debug=all. In prunmgr however adding -Djavax.net.debug=all made the logging very active indeed.
For every :443/../rest call this is repeated: qtp999661724-87, fatal error: 10: General SSLEngine problem javax.net.ssl.SSLHandshakeException: SSLv2Hello is disabled qtp999661724-87, SEND TLSv1.2 ALERT: fatal, description = unexpected_message qtp999661724-87, WRITE: TLSv1.2 Alert, length = 2 qtp999661724-87, fatal: engine already closed. Rethrowing javax.net.ssl.SSLHandshakeException: SSLv2Hello is disabled HttpClient-332, called closeInbound() HttpClient-332, fatal error: 80: Inbound closed before receiving peer's close_notify: possible truncation attack? javax.net.ssl.SSLException: Inbound closed before receiving peer's close_notify: possible truncation attack? HttpClient-332, SEND TLSv1.2 ALERT: fatal, description = internal_error HttpClient-332, WRITE: TLSv1.2 Alert, length = 2 [Raw write]: length = 7 0000: 15 03 03 00 02 02 50 ......P HttpClient-332, called closeInbound() HttpClient-332, closeInboundInternal() HttpClient-332, called closeInbound() HttpClient-332, closeInboundInternal() 2017-02-01 17:30:30.515:WARN:oejc.HttpExchange:HttpClient-332: EXCEPTION adapter1@6787ac61 =GET//domain:443/geoserver/rest#WAITING(0ms)->EXCEPTED(0ms)sent=0ms org.eclipse.jetty.io.EofException: early EOF Right now TLS 1.0, 1.1 and 1.2 are accepted, no SSL version. Regards, David On Tue, Jan 31, 2017 at 7:51 PM, Simone Bordet <[email protected]> wrote: > Hi, > > On Tue, Jan 31, 2017 at 6:08 PM, David Persson <[email protected]> > wrote: > > It isn't clear to me where to enable javax.net.debug=all. > > On the server that closes the connection, and on the client that > receives the connection closed. > > > The server jetty9 does not have slf4jlog or javautillog defined, the > level > > is at debug when I open prunmgr//ES//nameofservice, the stack trace from > > this server log is in the first email. > > > > I don't even know whether "GET//domain:443/geoserver/rest" means an http > > prefix or an https prefix but I suppose http since our Jetty9 says > > connection reset to those. > > As I said, this is very unlikely. > The issue is probably something different. > > > Will probably need to hire external help here but thanks for your time. > > You can hire us :) > https://webtide.com/ > > -- > Simone Bordet > ---- > http://cometd.org > http://webtide.com > Developer advice, training, services and support > from the Jetty & CometD experts. > _______________________________________________ > jetty-users mailing list > [email protected] > To change your delivery options, retrieve your password, or unsubscribe > from this list, visit > https://dev.eclipse.org/mailman/listinfo/jetty-users >
_______________________________________________ jetty-users mailing list [email protected] To change your delivery options, retrieve your password, or unsubscribe from this list, visit https://dev.eclipse.org/mailman/listinfo/jetty-users
