I thought 1.8 was pretty new. So now I tried this one from Oracle for running the Jetty server, which seems to be from Aug. 2016 - modern enuf?
java version "1.8.0_92" Java(TM) SE Runtime Environment (build 1.8.0_92-b14) Java HotSpot(TM) 64-Bit Server VM (build 25.92-b14, mixed mode And when I visit via https + port 8443 using Firefox 45.7.0: SSL_ERROR_NO_CYPHER_OVERLAP Chromium 55.0.2883.75: ERR_SSL_VERSION_OR_CIPHER_MISMATCH Again, I'm using Jetty out-of-the-box with just my certificate installed in the keystore and the keystore password config'd in start.ini. I will try your -Djavax.net.debug=all suggestion next... Lou. On Fri, Feb 24, 2017 at 11:02 AM, Simone Bordet <[email protected]> wrote: > Hi, > > On Fri, Feb 24, 2017 at 2:49 PM, Lou DeGenaro <[email protected]> > wrote: > > 2017-02-24 08:05:25.900:INFO:oejs.Server:main: jetty-9.4.2.v20170220 > > > > I created a folder for my webapp called "test" and put my "Hello World" > > index.html in it. http serves it just fine, thank you. https no so > much. > > > > Chromium says: ERR_SSL_VERSION_OR_CIPHER_MISMATCH > > FireFox says: SSL_ERROR_NO_CYPHER_OVERLAP > > > > I created the keystore like so: > > > > keytool -keystore keystore -import -alias jetty -file ducc.crt > > > > I edited the start.ini file with the keystore password for both > > jetty.keystore.password and jetty.truststore.password. > > > > I've made no other changes to the jetty that I downloaded. > > > > I'm a bit out of my comfort zone here, so it's likely that I'm doing > > something wrong. Please advise. > > You have no ciphers in common between the client and the server. > Browsers are quite aggressive at not using obsolete ciphers, and you > are using an old JVM on the server, or you have configured the server > in a way that it uses obsoleted ciphers. > > Use -Djavax.net.debug=all on the server to see that there are no > ciphers, but updating to the latest JVM and paying attention to TLS > configuration will solve your issue. > > -- > Simone Bordet > ---- > http://cometd.org > http://webtide.com > Developer advice, training, services and support > from the Jetty & CometD experts. > _______________________________________________ > jetty-users mailing list > [email protected] > To change your delivery options, retrieve your password, or unsubscribe > from this list, visit > https://dev.eclipse.org/mailman/listinfo/jetty-users >
_______________________________________________ jetty-users mailing list [email protected] To change your delivery options, retrieve your password, or unsubscribe from this list, visit https://dev.eclipse.org/mailman/listinfo/jetty-users
