This is the most current java I have access to: bash-4.1$ ./java -version java version "1.8.0_121" Java(TM) SE Runtime Environment (build 1.8.0_121-b13) Java HotSpot(TM) 64-Bit Server VM (build 25.121-b13, mixed mode)
No improvement. Lou. On Fri, Feb 24, 2017 at 1:51 PM, Joakim Erdfelt <[email protected]> wrote: > Oracle Java 8u92 expired on July 19, 2016 (see release notes) > > The expiration is specifically designed for the very fast moving SSL/TLS > changes in configuration. > Oracle recommends that you stay up to date with the JVM is you are using > SSL/TLS from Java (either as a client, or a server). > > > Joakim Erdfelt / [email protected] > > On Fri, Feb 24, 2017 at 11:37 AM, Lou DeGenaro <[email protected]> > wrote: > >> I thought 1.8 was pretty new. So now I tried this one from Oracle for >> running the Jetty server, which seems to be from Aug. 2016 - modern enuf? >> >> java version "1.8.0_92" >> Java(TM) SE Runtime Environment (build 1.8.0_92-b14) >> Java HotSpot(TM) 64-Bit Server VM (build 25.92-b14, mixed mode >> >> And when I visit via https + port 8443 using >> >> Firefox 45.7.0: SSL_ERROR_NO_CYPHER_OVERLAP >> Chromium 55.0.2883.75: ERR_SSL_VERSION_OR_CIPHER_MISMATCH >> >> Again, I'm using Jetty out-of-the-box with just my certificate installed >> in the keystore and the keystore password config'd in start.ini. >> >> I will try your -Djavax.net.debug=all suggestion next... >> >> Lou. >> >> On Fri, Feb 24, 2017 at 11:02 AM, Simone Bordet <[email protected]> >> wrote: >> >>> Hi, >>> >>> On Fri, Feb 24, 2017 at 2:49 PM, Lou DeGenaro <[email protected]> >>> wrote: >>> > 2017-02-24 08:05:25.900:INFO:oejs.Server:main: jetty-9.4.2.v20170220 >>> > >>> > I created a folder for my webapp called "test" and put my "Hello World" >>> > index.html in it. http serves it just fine, thank you. https no so >>> much. >>> > >>> > Chromium says: ERR_SSL_VERSION_OR_CIPHER_MISMATCH >>> > FireFox says: SSL_ERROR_NO_CYPHER_OVERLAP >>> > >>> > I created the keystore like so: >>> > >>> > keytool -keystore keystore -import -alias jetty -file ducc.crt >>> > >>> > I edited the start.ini file with the keystore password for both >>> > jetty.keystore.password and jetty.truststore.password. >>> > >>> > I've made no other changes to the jetty that I downloaded. >>> > >>> > I'm a bit out of my comfort zone here, so it's likely that I'm doing >>> > something wrong. Please advise. >>> >>> You have no ciphers in common between the client and the server. >>> Browsers are quite aggressive at not using obsolete ciphers, and you >>> are using an old JVM on the server, or you have configured the server >>> in a way that it uses obsoleted ciphers. >>> >>> Use -Djavax.net.debug=all on the server to see that there are no >>> ciphers, but updating to the latest JVM and paying attention to TLS >>> configuration will solve your issue. >>> >>> -- >>> Simone Bordet >>> ---- >>> http://cometd.org >>> http://webtide.com >>> Developer advice, training, services and support >>> from the Jetty & CometD experts. >>> _______________________________________________ >>> jetty-users mailing list >>> [email protected] >>> To change your delivery options, retrieve your password, or unsubscribe >>> from this list, visit >>> https://dev.eclipse.org/mailman/listinfo/jetty-users >>> >> >> >> _______________________________________________ >> jetty-users mailing list >> [email protected] >> To change your delivery options, retrieve your password, or unsubscribe >> from this list, visit >> https://dev.eclipse.org/mailman/listinfo/jetty-users >> > > > _______________________________________________ > jetty-users mailing list > [email protected] > To change your delivery options, retrieve your password, or unsubscribe > from this list, visit > https://dev.eclipse.org/mailman/listinfo/jetty-users >
_______________________________________________ jetty-users mailing list [email protected] To change your delivery options, retrieve your password, or unsubscribe from this list, visit https://dev.eclipse.org/mailman/listinfo/jetty-users
