Oracle Java 8u92 expired on July 19, 2016 (see release notes) The expiration is specifically designed for the very fast moving SSL/TLS changes in configuration. Oracle recommends that you stay up to date with the JVM is you are using SSL/TLS from Java (either as a client, or a server).
Joakim Erdfelt / [email protected] On Fri, Feb 24, 2017 at 11:37 AM, Lou DeGenaro <[email protected]> wrote: > I thought 1.8 was pretty new. So now I tried this one from Oracle for > running the Jetty server, which seems to be from Aug. 2016 - modern enuf? > > java version "1.8.0_92" > Java(TM) SE Runtime Environment (build 1.8.0_92-b14) > Java HotSpot(TM) 64-Bit Server VM (build 25.92-b14, mixed mode > > And when I visit via https + port 8443 using > > Firefox 45.7.0: SSL_ERROR_NO_CYPHER_OVERLAP > Chromium 55.0.2883.75: ERR_SSL_VERSION_OR_CIPHER_MISMATCH > > Again, I'm using Jetty out-of-the-box with just my certificate installed > in the keystore and the keystore password config'd in start.ini. > > I will try your -Djavax.net.debug=all suggestion next... > > Lou. > > On Fri, Feb 24, 2017 at 11:02 AM, Simone Bordet <[email protected]> > wrote: > >> Hi, >> >> On Fri, Feb 24, 2017 at 2:49 PM, Lou DeGenaro <[email protected]> >> wrote: >> > 2017-02-24 08:05:25.900:INFO:oejs.Server:main: jetty-9.4.2.v20170220 >> > >> > I created a folder for my webapp called "test" and put my "Hello World" >> > index.html in it. http serves it just fine, thank you. https no so >> much. >> > >> > Chromium says: ERR_SSL_VERSION_OR_CIPHER_MISMATCH >> > FireFox says: SSL_ERROR_NO_CYPHER_OVERLAP >> > >> > I created the keystore like so: >> > >> > keytool -keystore keystore -import -alias jetty -file ducc.crt >> > >> > I edited the start.ini file with the keystore password for both >> > jetty.keystore.password and jetty.truststore.password. >> > >> > I've made no other changes to the jetty that I downloaded. >> > >> > I'm a bit out of my comfort zone here, so it's likely that I'm doing >> > something wrong. Please advise. >> >> You have no ciphers in common between the client and the server. >> Browsers are quite aggressive at not using obsolete ciphers, and you >> are using an old JVM on the server, or you have configured the server >> in a way that it uses obsoleted ciphers. >> >> Use -Djavax.net.debug=all on the server to see that there are no >> ciphers, but updating to the latest JVM and paying attention to TLS >> configuration will solve your issue. >> >> -- >> Simone Bordet >> ---- >> http://cometd.org >> http://webtide.com >> Developer advice, training, services and support >> from the Jetty & CometD experts. >> _______________________________________________ >> jetty-users mailing list >> [email protected] >> To change your delivery options, retrieve your password, or unsubscribe >> from this list, visit >> https://dev.eclipse.org/mailman/listinfo/jetty-users >> > > > _______________________________________________ > jetty-users mailing list > [email protected] > To change your delivery options, retrieve your password, or unsubscribe > from this list, visit > https://dev.eclipse.org/mailman/listinfo/jetty-users >
_______________________________________________ jetty-users mailing list [email protected] To change your delivery options, retrieve your password, or unsubscribe from this list, visit https://dev.eclipse.org/mailman/listinfo/jetty-users
