Your server has no handlers, none, completely empty.
Perhaps you missed the ...
server.setHandler(resourceHandler);
Better yet, use ...
HandlerList handlers = new HandlerList();
handlers.addHandler(resourceHandler);
handlers.addHandler(new DefaultHandler()); // always last
server.setHandler(handlers);
Also, add this before your server.start();
server.setDumpAfterStart(true);
server.start();
server.join();
That should produce the dump I mentioned in the prior email.
Joakim Erdfelt / joa...@webtide.com
On Wed, Mar 14, 2018 at 9:55 AM, Lou DeGenaro <lou.degen...@gmail.com>
wrote:
> Have you attempted to configure the SSL Cipher Suites on the Jetty server
> side?
>
> > NO. I'm using vanilla jetty as shipped. Is there something else I need
> to do?
>
> Code shown below.
>
> Thanks.
>
> Lou.
>
> private void server_main(String[] args) {
> try {
> // === jetty.xml ===
>
>
>
> // Setup Threadpool
>
>
> QueuedThreadPool threadPool = new QueuedThreadPool();
> threadPool.setMaxThreads(max_threads);
>
> // Server
>
>
> server = new Server(threadPool);
>
> // Scheduler
>
>
> server.addBean(new ScheduledExecutorScheduler());
>
> // === jetty-http.xml ===
>
>
> ServerConnector http = new ServerConnector(server, new
> HttpConnectionFactory());
> http.setPort(port_http);
> http.setIdleTimeout(idle_timeout);
> server.addConnector(http);
>
> // === jetty-https.xml ===
>
>
> // SSL Context Factory
>
>
> SslContextFactory sslContextFactory = new SslContextFactory();
>
> HttpConfiguration http_config = new HttpConfiguration();
> http_config.setSecureScheme("https");
> http_config.setSecurePort(port_https);
>
> HttpConfiguration https_config = new
> HttpConfiguration(http_config);
> https_config.addCustomizer(new SecureRequestCustomizer());
>
> ServerConnector https = new ServerConnector(server,
> new SslConnectionFactory(sslContextFactory,"http/1.1"),
> new HttpConnectionFactory(https_config));
>
> https.setPort(port_https);
> sslContextFactory.setKeyStorePath(keystore);
>
> sslContextFactory.setKeyStorePassword(keystore_password);
> sslContextFactory.setKeyManagerPassword(keymanager_password);
>
> server.setConnectors(new Connector[] { http });
> server.addConnector(https);
>
> //
> ResourceHandler resourceHandler = new ResourceHandler();
> resourceHandler.setDirectoriesListed(true);
> resourceHandler.setResourceBase(jetty_server_root);
>
> server.start();
> server.join();
> }
> catch(Exception e) {
> e.printStackTrace();
> }
> }
>
> On Wed, Mar 14, 2018 at 10:44 AM, Joakim Erdfelt <joa...@webtide.com>
> wrote:
>
>> Have you attempted to configure the SSL Cipher Suites on the Jetty server
>> side?
>>
>> If you enable the jetty startup dump you'll see the list of enabled
>> cipher suites and protocols that Jetty is running with (including the
>> reason why a specific available protocol or cipher suite is disabled).
>>
>> $ java -jar /path/to/my/jetty-home/start.jar
>> jetty.server.dumpAfterStart=true
>>
>> Example output:
>>
>> | += SslConnectionFactory@51c668e3{SSL->http/1.1} - STARTED
>> | | += SslContextFactory@19f040ba[provider=null,keyStore=file:///
>> mnt/c/code/jetty/distros/jetty-distribution-9.4.8.v20171121/
>> demo-base/etc/keystore,trustStore=file:///mnt/c/code/jetty/distros/jetty-
>> distribution-9.4.8.v20171121/demo-base/etc/keystore] trustAll=false
>> | | +- Protocol Selections
>> | | | +- Enabled (size=3)
>> | | | | +- TLSv1
>> | | | | +- TLSv1.1
>> | | | | +- TLSv1.2
>> | | | +- Disabled (size=2)
>> | | | +- SSLv2Hello - ConfigExcluded:'SSLv2Hello'
>> | | | +- SSLv3 - JreDisabled:java.security,
>> ConfigExcluded:'SSLv3'
>> | | +- Cipher Suite Selections
>> | | +- Enabled (size=29)
>> | | | +- TLS_DHE_DSS_WITH_AES_128_CBC_SHA256
>> | | | +- TLS_DHE_DSS_WITH_AES_128_GCM_SHA256
>> | | | +- TLS_DHE_DSS_WITH_AES_256_CBC_SHA256
>> | | | +- TLS_DHE_DSS_WITH_AES_256_GCM_SHA384
>> | | | +- TLS_DHE_RSA_WITH_AES_128_CBC_SHA256
>> | | | +- TLS_DHE_RSA_WITH_AES_128_GCM_SHA256
>> | | | +- TLS_DHE_RSA_WITH_AES_256_CBC_SHA256
>> | | | +- TLS_DHE_RSA_WITH_AES_256_GCM_SHA384
>> | | | +- TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256
>> | | | +- TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
>> | | | +- TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384
>> | | | +- TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
>> | | | +- TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
>> | | | +- TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
>> | | | +- TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
>> | | | +- TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
>> | | | +- TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256
>> | | | +- TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256
>> | | | +- TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384
>> | | | +- TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384
>> | | | +- TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256
>> | | | +- TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256
>> | | | +- TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384
>> | | | +- TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384
>> | | | +- TLS_EMPTY_RENEGOTIATION_INFO_SCSV
>> | | | +- TLS_RSA_WITH_AES_128_CBC_SHA256
>> | | | +- TLS_RSA_WITH_AES_128_GCM_SHA256
>> | | | +- TLS_RSA_WITH_AES_256_CBC_SHA256
>> | | | +- TLS_RSA_WITH_AES_256_GCM_SHA384
>> | | +- Disabled (size=53)
>> | | +- SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA -
>> JreDisabled:java.security, ConfigExcluded:'^.*_(MD5|SHA|SHA1)$'
>> | | +- SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA -
>> ConfigExcluded:'^.*_(MD5|SHA|SHA1)$'
>> | | +- SSL_DHE_DSS_WITH_DES_CBC_SHA -
>> JreDisabled:java.security, ConfigExcluded:'^.*_(MD5|SHA|SHA1)$'
>> | | +- SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA -
>> JreDisabled:java.security, ConfigExcluded:'^.*_(MD5|SHA|SHA1)$'
>> | | +- SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA -
>> ConfigExcluded:'^.*_(MD5|SHA|SHA1)$'
>> | | +- SSL_DHE_RSA_WITH_DES_CBC_SHA -
>> JreDisabled:java.security, ConfigExcluded:'^.*_(MD5|SHA|SHA1)$'
>> | | +- SSL_DH_anon_EXPORT_WITH_DES40_CBC_SHA -
>> JreDisabled:java.security, ConfigExcluded:'^.*_(MD5|SHA|SHA1)$'
>> | | +- SSL_DH_anon_WITH_3DES_EDE_CBC_SHA -
>> JreDisabled:java.security, ConfigExcluded:'^.*_(MD5|SHA|SHA1)$'
>> | | +- SSL_DH_anon_WITH_DES_CBC_SHA -
>> JreDisabled:java.security, ConfigExcluded:'^.*_(MD5|SHA|SHA1)$'
>> | | +- SSL_RSA_EXPORT_WITH_DES40_CBC_SHA -
>> JreDisabled:java.security, ConfigExcluded:'^.*_(MD5|SHA|SHA1)$'
>> | | +- SSL_RSA_WITH_3DES_EDE_CBC_SHA -
>> ConfigExcluded:'^.*_(MD5|SHA|SHA1)$'
>> | | +- SSL_RSA_WITH_DES_CBC_SHA -
>> JreDisabled:java.security, ConfigExcluded:'^.*_(MD5|SHA|SHA1)$'
>> | | +- SSL_RSA_WITH_NULL_MD5 -
>> JreDisabled:java.security, ConfigExcluded:'^.*_(MD5|SHA|SHA1)$'
>> | | +- SSL_RSA_WITH_NULL_SHA -
>> JreDisabled:java.security, ConfigExcluded:'^.*_(MD5|SHA|SHA1)$'
>> | | +- TLS_DHE_DSS_WITH_AES_128_CBC_SHA -
>> ConfigExcluded:'^.*_(MD5|SHA|SHA1)$'
>> | | +- TLS_DHE_DSS_WITH_AES_256_CBC_SHA -
>> ConfigExcluded:'^.*_(MD5|SHA|SHA1)$'
>> | | +- TLS_DHE_RSA_WITH_AES_128_CBC_SHA -
>> ConfigExcluded:'^.*_(MD5|SHA|SHA1)$'
>> | | +- TLS_DHE_RSA_WITH_AES_256_CBC_SHA -
>> ConfigExcluded:'^.*_(MD5|SHA|SHA1)$'
>> | | +- TLS_DH_anon_WITH_AES_128_CBC_SHA -
>> JreDisabled:java.security, ConfigExcluded:'^.*_(MD5|SHA|SHA1)$'
>> | | +- TLS_DH_anon_WITH_AES_128_CBC_SHA256 -
>> JreDisabled:java.security
>> | | +- TLS_DH_anon_WITH_AES_128_GCM_SHA256 -
>> JreDisabled:java.security
>> | | +- TLS_DH_anon_WITH_AES_256_CBC_SHA -
>> JreDisabled:java.security, ConfigExcluded:'^.*_(MD5|SHA|SHA1)$'
>> | | +- TLS_DH_anon_WITH_AES_256_CBC_SHA256 -
>> JreDisabled:java.security
>> | | +- TLS_DH_anon_WITH_AES_256_GCM_SHA384 -
>> JreDisabled:java.security
>> | | +- TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA -
>> ConfigExcluded:'^.*_(MD5|SHA|SHA1)$'
>> | | +- TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA -
>> ConfigExcluded:'^.*_(MD5|SHA|SHA1)$'
>> | | +- TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA -
>> ConfigExcluded:'^.*_(MD5|SHA|SHA1)$'
>> | | +- TLS_ECDHE_ECDSA_WITH_NULL_SHA -
>> JreDisabled:java.security, ConfigExcluded:'^.*_(MD5|SHA|SHA1)$'
>> | | +- TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA -
>> ConfigExcluded:'^.*_(MD5|SHA|SHA1)$'
>> | | +- TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA -
>> ConfigExcluded:'^.*_(MD5|SHA|SHA1)$'
>> | | +- TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA -
>> ConfigExcluded:'^.*_(MD5|SHA|SHA1)$'
>> | | +- TLS_ECDHE_RSA_WITH_NULL_SHA -
>> JreDisabled:java.security, ConfigExcluded:'^.*_(MD5|SHA|SHA1)$'
>> | | +- TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA -
>> ConfigExcluded:'^.*_(MD5|SHA|SHA1)$'
>> | | +- TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA -
>> ConfigExcluded:'^.*_(MD5|SHA|SHA1)$'
>> | | +- TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA -
>> ConfigExcluded:'^.*_(MD5|SHA|SHA1)$'
>> | | +- TLS_ECDH_ECDSA_WITH_NULL_SHA -
>> JreDisabled:java.security, ConfigExcluded:'^.*_(MD5|SHA|SHA1)$'
>> | | +- TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA -
>> ConfigExcluded:'^.*_(MD5|SHA|SHA1)$'
>> | | +- TLS_ECDH_RSA_WITH_AES_128_CBC_SHA -
>> ConfigExcluded:'^.*_(MD5|SHA|SHA1)$'
>> | | +- TLS_ECDH_RSA_WITH_AES_256_CBC_SHA -
>> ConfigExcluded:'^.*_(MD5|SHA|SHA1)$'
>> | | +- TLS_ECDH_RSA_WITH_NULL_SHA -
>> JreDisabled:java.security, ConfigExcluded:'^.*_(MD5|SHA|SHA1)$'
>> | | +- TLS_ECDH_anon_WITH_3DES_EDE_CBC_SHA -
>> JreDisabled:java.security, ConfigExcluded:'^.*_(MD5|SHA|SHA1)$'
>> | | +- TLS_ECDH_anon_WITH_AES_128_CBC_SHA -
>> JreDisabled:java.security, ConfigExcluded:'^.*_(MD5|SHA|SHA1)$'
>> | | +- TLS_ECDH_anon_WITH_AES_256_CBC_SHA -
>> JreDisabled:java.security, ConfigExcluded:'^.*_(MD5|SHA|SHA1)$'
>> | | +- TLS_ECDH_anon_WITH_NULL_SHA -
>> JreDisabled:java.security, ConfigExcluded:'^.*_(MD5|SHA|SHA1)$'
>> | | +- TLS_KRB5_EXPORT_WITH_DES_CBC_40_MD5 -
>> JreDisabled:java.security, ConfigExcluded:'^.*_(MD5|SHA|SHA1)$'
>> | | +- TLS_KRB5_EXPORT_WITH_DES_CBC_40_SHA -
>> JreDisabled:java.security, ConfigExcluded:'^.*_(MD5|SHA|SHA1)$'
>> | | +- TLS_KRB5_WITH_3DES_EDE_CBC_MD5 -
>> JreDisabled:java.security, ConfigExcluded:'^.*_(MD5|SHA|SHA1)$'
>> | | +- TLS_KRB5_WITH_3DES_EDE_CBC_SHA -
>> JreDisabled:java.security, ConfigExcluded:'^.*_(MD5|SHA|SHA1)$'
>> | | +- TLS_KRB5_WITH_DES_CBC_MD5 -
>> JreDisabled:java.security, ConfigExcluded:'^.*_(MD5|SHA|SHA1)$'
>> | | +- TLS_KRB5_WITH_DES_CBC_SHA -
>> JreDisabled:java.security, ConfigExcluded:'^.*_(MD5|SHA|SHA1)$'
>> | | +- TLS_RSA_WITH_AES_128_CBC_SHA -
>> ConfigExcluded:'^.*_(MD5|SHA|SHA1)$'
>> | | +- TLS_RSA_WITH_AES_256_CBC_SHA -
>> ConfigExcluded:'^.*_(MD5|SHA|SHA1)$'
>> | | +- TLS_RSA_WITH_NULL_SHA256 -
>> JreDisabled:java.security
>>
>> Joakim Erdfelt / joa...@webtide.com
>>
>> On Wed, Mar 14, 2018 at 8:43 AM, Lou DeGenaro <lou.degen...@gmail.com>
>> wrote:
>>
>>> Still having (likely user error) issues with SSL. I generate my
>>> keystore thus:
>>>
>>> /share/jdk1.8/bin/keytool -genkey -noprompt -alias jetty -dname "CN=
>>> my.cn, OU=my.ou, O=my.o, L=my.l, S=my.s, C=my.c" -keyalg RSA -keysize
>>> 2048 -sigalg SHA256withRSA -validity 10000 -keystore
>>> /home/webserver/etc/keystore -storepass uE9RVnqAXAh -keypass uE9RVnqAXAh
>>>
>>> I run jetty 9.4.8 with java 1.8 and the keystore.
>>>
>>> I visit https:/myhost:8443/ using Firefox 52.4.0 (64-bit) and my windows
>>> displays: Secure Connection Failed Error code: SSL_ERROR_NO_CYPHER_OVERLAP
>>>
>>> Thanks for your advise.
>>>
>>> Lou.
>>>
>>> On Mon, Mar 12, 2018 at 2:03 AM, Greg Wilkins <gr...@webtide.com> wrote:
>>>
>>>> Any jetty.keystore.password is not set anywhere? if it is set, is it
>>>> set to your password?
>>>> Try hard coding it in the XML to debug before playing with parameters.
>>>>
>>>> cheers
>>>>
>>>>
>>>> On 11 March 2018 at 06:48, Lou DeGenaro <lou.degen...@gmail.com> wrote:
>>>>
>>>>> yep.
>>>>>
>>>>> On Sat, Mar 10, 2018 at 12:59 PM, John English <john.fore...@gmail.com
>>>>> > wrote:
>>>>>
>>>>>> On 10/03/2018 16:15, Lou DeGenaro wrote:
>>>>>>
>>>>>>> <Set name="KeyStorePassword"><Property
>>>>>>> name="jetty.keystore.password" default="my-password"/></Set>
>>>>>>> <Set name="TrustStorePassword"><Property
>>>>>>> name="jetty.truststore.password" default="my-password"/></Set>
>>>>>>>
>>>>>>
>>>>>> The keystore password and truststore password are really the same?
>>>>>> Are you sure?
>>>>>>
>>>>>> --
>>>>>> John English
>>>>>> _______________________________________________
>>>>>> jetty-users mailing list
>>>>>> jetty-users@eclipse.org
>>>>>> To change your delivery options, retrieve your password, or
>>>>>> unsubscribe from this list, visit
>>>>>> https://dev.eclipse.org/mailman/listinfo/jetty-users
>>>>>>
>>>>>
>>>>>
>>>>> _______________________________________________
>>>>> jetty-users mailing list
>>>>> jetty-users@eclipse.org
>>>>> To change your delivery options, retrieve your password, or
>>>>> unsubscribe from this list, visit
>>>>> https://dev.eclipse.org/mailman/listinfo/jetty-users
>>>>>
>>>>
>>>>
>>>>
>>>> --
>>>> Greg Wilkins <gr...@webtide.com> CTO http://webtide.com
>>>>
>>>> _______________________________________________
>>>> jetty-users mailing list
>>>> jetty-users@eclipse.org
>>>> To change your delivery options, retrieve your password, or unsubscribe
>>>> from this list, visit
>>>> https://dev.eclipse.org/mailman/listinfo/jetty-users
>>>>
>>>
>>>
>>> _______________________________________________
>>> jetty-users mailing list
>>> jetty-users@eclipse.org
>>> To change your delivery options, retrieve your password, or unsubscribe
>>> from this list, visit
>>> https://dev.eclipse.org/mailman/listinfo/jetty-users
>>>
>>
>>
>> _______________________________________________
>> jetty-users mailing list
>> jetty-users@eclipse.org
>> To change your delivery options, retrieve your password, or unsubscribe
>> from this list, visit
>> https://dev.eclipse.org/mailman/listinfo/jetty-users
>>
>
>
> _______________________________________________
> jetty-users mailing list
> jetty-users@eclipse.org
> To change your delivery options, retrieve your password, or unsubscribe
> from this list, visit
> https://dev.eclipse.org/mailman/listinfo/jetty-users
>
_______________________________________________
jetty-users mailing list
jetty-users@eclipse.org
To change your delivery options, retrieve your password, or unsubscribe from
this list, visit
https://dev.eclipse.org/mailman/listinfo/jetty-users
