Your server has no handlers, none, completely empty. Perhaps you missed the ...
server.setHandler(resourceHandler); Better yet, use ... HandlerList handlers = new HandlerList(); handlers.addHandler(resourceHandler); handlers.addHandler(new DefaultHandler()); // always last server.setHandler(handlers); Also, add this before your server.start(); server.setDumpAfterStart(true); server.start(); server.join(); That should produce the dump I mentioned in the prior email. Joakim Erdfelt / joa...@webtide.com On Wed, Mar 14, 2018 at 9:55 AM, Lou DeGenaro <lou.degen...@gmail.com> wrote: > Have you attempted to configure the SSL Cipher Suites on the Jetty server > side? > > > NO. I'm using vanilla jetty as shipped. Is there something else I need > to do? > > Code shown below. > > Thanks. > > Lou. > > private void server_main(String[] args) { > try { > // === jetty.xml === > > > > // Setup Threadpool > > > QueuedThreadPool threadPool = new QueuedThreadPool(); > threadPool.setMaxThreads(max_threads); > > // Server > > > server = new Server(threadPool); > > // Scheduler > > > server.addBean(new ScheduledExecutorScheduler()); > > // === jetty-http.xml === > > > ServerConnector http = new ServerConnector(server, new > HttpConnectionFactory()); > http.setPort(port_http); > http.setIdleTimeout(idle_timeout); > server.addConnector(http); > > // === jetty-https.xml === > > > // SSL Context Factory > > > SslContextFactory sslContextFactory = new SslContextFactory(); > > HttpConfiguration http_config = new HttpConfiguration(); > http_config.setSecureScheme("https"); > http_config.setSecurePort(port_https); > > HttpConfiguration https_config = new > HttpConfiguration(http_config); > https_config.addCustomizer(new SecureRequestCustomizer()); > > ServerConnector https = new ServerConnector(server, > new SslConnectionFactory(sslContextFactory,"http/1.1"), > new HttpConnectionFactory(https_config)); > > https.setPort(port_https); > sslContextFactory.setKeyStorePath(keystore); > > sslContextFactory.setKeyStorePassword(keystore_password); > sslContextFactory.setKeyManagerPassword(keymanager_password); > > server.setConnectors(new Connector[] { http }); > server.addConnector(https); > > // > ResourceHandler resourceHandler = new ResourceHandler(); > resourceHandler.setDirectoriesListed(true); > resourceHandler.setResourceBase(jetty_server_root); > > server.start(); > server.join(); > } > catch(Exception e) { > e.printStackTrace(); > } > } > > On Wed, Mar 14, 2018 at 10:44 AM, Joakim Erdfelt <joa...@webtide.com> > wrote: > >> Have you attempted to configure the SSL Cipher Suites on the Jetty server >> side? >> >> If you enable the jetty startup dump you'll see the list of enabled >> cipher suites and protocols that Jetty is running with (including the >> reason why a specific available protocol or cipher suite is disabled). >> >> $ java -jar /path/to/my/jetty-home/start.jar >> jetty.server.dumpAfterStart=true >> >> Example output: >> >> | += SslConnectionFactory@51c668e3{SSL->http/1.1} - STARTED >> | | += SslContextFactory@19f040ba[provider=null,keyStore=file:/// >> mnt/c/code/jetty/distros/jetty-distribution-9.4.8.v20171121/ >> demo-base/etc/keystore,trustStore=file:///mnt/c/code/jetty/distros/jetty- >> distribution-9.4.8.v20171121/demo-base/etc/keystore] trustAll=false >> | | +- Protocol Selections >> | | | +- Enabled (size=3) >> | | | | +- TLSv1 >> | | | | +- TLSv1.1 >> | | | | +- TLSv1.2 >> | | | +- Disabled (size=2) >> | | | +- SSLv2Hello - ConfigExcluded:'SSLv2Hello' >> | | | +- SSLv3 - JreDisabled:java.security, >> ConfigExcluded:'SSLv3' >> | | +- Cipher Suite Selections >> | | +- Enabled (size=29) >> | | | +- TLS_DHE_DSS_WITH_AES_128_CBC_SHA256 >> | | | +- TLS_DHE_DSS_WITH_AES_128_GCM_SHA256 >> | | | +- TLS_DHE_DSS_WITH_AES_256_CBC_SHA256 >> | | | +- TLS_DHE_DSS_WITH_AES_256_GCM_SHA384 >> | | | +- TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 >> | | | +- TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 >> | | | +- TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 >> | | | +- TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 >> | | | +- TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 >> | | | +- TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 >> | | | +- TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 >> | | | +- TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 >> | | | +- TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 >> | | | +- TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 >> | | | +- TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 >> | | | +- TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 >> | | | +- TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256 >> | | | +- TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256 >> | | | +- TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384 >> | | | +- TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384 >> | | | +- TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256 >> | | | +- TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256 >> | | | +- TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384 >> | | | +- TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384 >> | | | +- TLS_EMPTY_RENEGOTIATION_INFO_SCSV >> | | | +- TLS_RSA_WITH_AES_128_CBC_SHA256 >> | | | +- TLS_RSA_WITH_AES_128_GCM_SHA256 >> | | | +- TLS_RSA_WITH_AES_256_CBC_SHA256 >> | | | +- TLS_RSA_WITH_AES_256_GCM_SHA384 >> | | +- Disabled (size=53) >> | | +- SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA - >> JreDisabled:java.security, ConfigExcluded:'^.*_(MD5|SHA|SHA1)$' >> | | +- SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA - >> ConfigExcluded:'^.*_(MD5|SHA|SHA1)$' >> | | +- SSL_DHE_DSS_WITH_DES_CBC_SHA - >> JreDisabled:java.security, ConfigExcluded:'^.*_(MD5|SHA|SHA1)$' >> | | +- SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA - >> JreDisabled:java.security, ConfigExcluded:'^.*_(MD5|SHA|SHA1)$' >> | | +- SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA - >> ConfigExcluded:'^.*_(MD5|SHA|SHA1)$' >> | | +- SSL_DHE_RSA_WITH_DES_CBC_SHA - >> JreDisabled:java.security, ConfigExcluded:'^.*_(MD5|SHA|SHA1)$' >> | | +- SSL_DH_anon_EXPORT_WITH_DES40_CBC_SHA - >> JreDisabled:java.security, ConfigExcluded:'^.*_(MD5|SHA|SHA1)$' >> | | +- SSL_DH_anon_WITH_3DES_EDE_CBC_SHA - >> JreDisabled:java.security, ConfigExcluded:'^.*_(MD5|SHA|SHA1)$' >> | | +- SSL_DH_anon_WITH_DES_CBC_SHA - >> JreDisabled:java.security, ConfigExcluded:'^.*_(MD5|SHA|SHA1)$' >> | | +- SSL_RSA_EXPORT_WITH_DES40_CBC_SHA - >> JreDisabled:java.security, ConfigExcluded:'^.*_(MD5|SHA|SHA1)$' >> | | +- SSL_RSA_WITH_3DES_EDE_CBC_SHA - >> ConfigExcluded:'^.*_(MD5|SHA|SHA1)$' >> | | +- SSL_RSA_WITH_DES_CBC_SHA - >> JreDisabled:java.security, ConfigExcluded:'^.*_(MD5|SHA|SHA1)$' >> | | +- SSL_RSA_WITH_NULL_MD5 - >> JreDisabled:java.security, ConfigExcluded:'^.*_(MD5|SHA|SHA1)$' >> | | +- SSL_RSA_WITH_NULL_SHA - >> JreDisabled:java.security, ConfigExcluded:'^.*_(MD5|SHA|SHA1)$' >> | | +- TLS_DHE_DSS_WITH_AES_128_CBC_SHA - >> ConfigExcluded:'^.*_(MD5|SHA|SHA1)$' >> | | +- TLS_DHE_DSS_WITH_AES_256_CBC_SHA - >> ConfigExcluded:'^.*_(MD5|SHA|SHA1)$' >> | | +- TLS_DHE_RSA_WITH_AES_128_CBC_SHA - >> ConfigExcluded:'^.*_(MD5|SHA|SHA1)$' >> | | +- TLS_DHE_RSA_WITH_AES_256_CBC_SHA - >> ConfigExcluded:'^.*_(MD5|SHA|SHA1)$' >> | | +- TLS_DH_anon_WITH_AES_128_CBC_SHA - >> JreDisabled:java.security, ConfigExcluded:'^.*_(MD5|SHA|SHA1)$' >> | | +- TLS_DH_anon_WITH_AES_128_CBC_SHA256 - >> JreDisabled:java.security >> | | +- TLS_DH_anon_WITH_AES_128_GCM_SHA256 - >> JreDisabled:java.security >> | | +- TLS_DH_anon_WITH_AES_256_CBC_SHA - >> JreDisabled:java.security, ConfigExcluded:'^.*_(MD5|SHA|SHA1)$' >> | | +- TLS_DH_anon_WITH_AES_256_CBC_SHA256 - >> JreDisabled:java.security >> | | +- TLS_DH_anon_WITH_AES_256_GCM_SHA384 - >> JreDisabled:java.security >> | | +- TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA - >> ConfigExcluded:'^.*_(MD5|SHA|SHA1)$' >> | | +- TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA - >> ConfigExcluded:'^.*_(MD5|SHA|SHA1)$' >> | | +- TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA - >> ConfigExcluded:'^.*_(MD5|SHA|SHA1)$' >> | | +- TLS_ECDHE_ECDSA_WITH_NULL_SHA - >> JreDisabled:java.security, ConfigExcluded:'^.*_(MD5|SHA|SHA1)$' >> | | +- TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA - >> ConfigExcluded:'^.*_(MD5|SHA|SHA1)$' >> | | +- TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA - >> ConfigExcluded:'^.*_(MD5|SHA|SHA1)$' >> | | +- TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA - >> ConfigExcluded:'^.*_(MD5|SHA|SHA1)$' >> | | +- TLS_ECDHE_RSA_WITH_NULL_SHA - >> JreDisabled:java.security, ConfigExcluded:'^.*_(MD5|SHA|SHA1)$' >> | | +- TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA - >> ConfigExcluded:'^.*_(MD5|SHA|SHA1)$' >> | | +- TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA - >> ConfigExcluded:'^.*_(MD5|SHA|SHA1)$' >> | | +- TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA - >> ConfigExcluded:'^.*_(MD5|SHA|SHA1)$' >> | | +- TLS_ECDH_ECDSA_WITH_NULL_SHA - >> JreDisabled:java.security, ConfigExcluded:'^.*_(MD5|SHA|SHA1)$' >> | | +- TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA - >> ConfigExcluded:'^.*_(MD5|SHA|SHA1)$' >> | | +- TLS_ECDH_RSA_WITH_AES_128_CBC_SHA - >> ConfigExcluded:'^.*_(MD5|SHA|SHA1)$' >> | | +- TLS_ECDH_RSA_WITH_AES_256_CBC_SHA - >> ConfigExcluded:'^.*_(MD5|SHA|SHA1)$' >> | | +- TLS_ECDH_RSA_WITH_NULL_SHA - >> JreDisabled:java.security, ConfigExcluded:'^.*_(MD5|SHA|SHA1)$' >> | | +- TLS_ECDH_anon_WITH_3DES_EDE_CBC_SHA - >> JreDisabled:java.security, ConfigExcluded:'^.*_(MD5|SHA|SHA1)$' >> | | +- TLS_ECDH_anon_WITH_AES_128_CBC_SHA - >> JreDisabled:java.security, ConfigExcluded:'^.*_(MD5|SHA|SHA1)$' >> | | +- TLS_ECDH_anon_WITH_AES_256_CBC_SHA - >> JreDisabled:java.security, ConfigExcluded:'^.*_(MD5|SHA|SHA1)$' >> | | +- TLS_ECDH_anon_WITH_NULL_SHA - >> JreDisabled:java.security, ConfigExcluded:'^.*_(MD5|SHA|SHA1)$' >> | | +- TLS_KRB5_EXPORT_WITH_DES_CBC_40_MD5 - >> JreDisabled:java.security, ConfigExcluded:'^.*_(MD5|SHA|SHA1)$' >> | | +- TLS_KRB5_EXPORT_WITH_DES_CBC_40_SHA - >> JreDisabled:java.security, ConfigExcluded:'^.*_(MD5|SHA|SHA1)$' >> | | +- TLS_KRB5_WITH_3DES_EDE_CBC_MD5 - >> JreDisabled:java.security, ConfigExcluded:'^.*_(MD5|SHA|SHA1)$' >> | | +- TLS_KRB5_WITH_3DES_EDE_CBC_SHA - >> JreDisabled:java.security, ConfigExcluded:'^.*_(MD5|SHA|SHA1)$' >> | | +- TLS_KRB5_WITH_DES_CBC_MD5 - >> JreDisabled:java.security, ConfigExcluded:'^.*_(MD5|SHA|SHA1)$' >> | | +- TLS_KRB5_WITH_DES_CBC_SHA - >> JreDisabled:java.security, ConfigExcluded:'^.*_(MD5|SHA|SHA1)$' >> | | +- TLS_RSA_WITH_AES_128_CBC_SHA - >> ConfigExcluded:'^.*_(MD5|SHA|SHA1)$' >> | | +- TLS_RSA_WITH_AES_256_CBC_SHA - >> ConfigExcluded:'^.*_(MD5|SHA|SHA1)$' >> | | +- TLS_RSA_WITH_NULL_SHA256 - >> JreDisabled:java.security >> >> Joakim Erdfelt / joa...@webtide.com >> >> On Wed, Mar 14, 2018 at 8:43 AM, Lou DeGenaro <lou.degen...@gmail.com> >> wrote: >> >>> Still having (likely user error) issues with SSL. I generate my >>> keystore thus: >>> >>> /share/jdk1.8/bin/keytool -genkey -noprompt -alias jetty -dname "CN= >>> my.cn, OU=my.ou, O=my.o, L=my.l, S=my.s, C=my.c" -keyalg RSA -keysize >>> 2048 -sigalg SHA256withRSA -validity 10000 -keystore >>> /home/webserver/etc/keystore -storepass uE9RVnqAXAh -keypass uE9RVnqAXAh >>> >>> I run jetty 9.4.8 with java 1.8 and the keystore. >>> >>> I visit https:/myhost:8443/ using Firefox 52.4.0 (64-bit) and my windows >>> displays: Secure Connection Failed Error code: SSL_ERROR_NO_CYPHER_OVERLAP >>> >>> Thanks for your advise. >>> >>> Lou. >>> >>> On Mon, Mar 12, 2018 at 2:03 AM, Greg Wilkins <gr...@webtide.com> wrote: >>> >>>> Any jetty.keystore.password is not set anywhere? if it is set, is it >>>> set to your password? >>>> Try hard coding it in the XML to debug before playing with parameters. >>>> >>>> cheers >>>> >>>> >>>> On 11 March 2018 at 06:48, Lou DeGenaro <lou.degen...@gmail.com> wrote: >>>> >>>>> yep. >>>>> >>>>> On Sat, Mar 10, 2018 at 12:59 PM, John English <john.fore...@gmail.com >>>>> > wrote: >>>>> >>>>>> On 10/03/2018 16:15, Lou DeGenaro wrote: >>>>>> >>>>>>> <Set name="KeyStorePassword"><Property >>>>>>> name="jetty.keystore.password" default="my-password"/></Set> >>>>>>> <Set name="TrustStorePassword"><Property >>>>>>> name="jetty.truststore.password" default="my-password"/></Set> >>>>>>> >>>>>> >>>>>> The keystore password and truststore password are really the same? >>>>>> Are you sure? >>>>>> >>>>>> -- >>>>>> John English >>>>>> _______________________________________________ >>>>>> jetty-users mailing list >>>>>> jetty-users@eclipse.org >>>>>> To change your delivery options, retrieve your password, or >>>>>> unsubscribe from this list, visit >>>>>> https://dev.eclipse.org/mailman/listinfo/jetty-users >>>>>> >>>>> >>>>> >>>>> _______________________________________________ >>>>> jetty-users mailing list >>>>> jetty-users@eclipse.org >>>>> To change your delivery options, retrieve your password, or >>>>> unsubscribe from this list, visit >>>>> https://dev.eclipse.org/mailman/listinfo/jetty-users >>>>> >>>> >>>> >>>> >>>> -- >>>> Greg Wilkins <gr...@webtide.com> CTO http://webtide.com >>>> >>>> _______________________________________________ >>>> jetty-users mailing list >>>> jetty-users@eclipse.org >>>> To change your delivery options, retrieve your password, or unsubscribe >>>> from this list, visit >>>> https://dev.eclipse.org/mailman/listinfo/jetty-users >>>> >>> >>> >>> _______________________________________________ >>> jetty-users mailing list >>> jetty-users@eclipse.org >>> To change your delivery options, retrieve your password, or unsubscribe >>> from this list, visit >>> https://dev.eclipse.org/mailman/listinfo/jetty-users >>> >> >> >> _______________________________________________ >> jetty-users mailing list >> jetty-users@eclipse.org >> To change your delivery options, retrieve your password, or unsubscribe >> from this list, visit >> https://dev.eclipse.org/mailman/listinfo/jetty-users >> > > > _______________________________________________ > jetty-users mailing list > jetty-users@eclipse.org > To change your delivery options, retrieve your password, or unsubscribe > from this list, visit > https://dev.eclipse.org/mailman/listinfo/jetty-users >
_______________________________________________ jetty-users mailing list jetty-users@eclipse.org To change your delivery options, retrieve your password, or unsubscribe from this list, visit https://dev.eclipse.org/mailman/listinfo/jetty-users