Hi all,
I need some clarifications regarding the proper names for TLSv1.3 cipher
suites. So, in the previous versions of our embedded Jetty,
we had to prefix ciphersuites with "SSL_" otherwise the configured ciphersuites
were not recognized by Jetty SSL context modules.
Now, we want to support TLSv1.3 and we are getting the following error
messages. On the surface, it appears that Jetty doesn't
allow the TLSv1.3 cipher suites prefixed with "SSL_", please could some one
help me out with clarification on how to specify TLSv1.3 cipher suites for
Jetty. Please see below.
2021-02-02 14:22:08,771 [main] INFO ContextHandler - Started
o.e.j.w.WebAppContext@471d9180{sspcmrest,/sspcmrest,file:///C:/Users/xxx/sandbox/xxxx6020-20201124-MAINT-BUILD110/apps/jetty/webservices/webapps/sspcmrest/,AVAILABLE}{C:\Users\xxxxx\sandbox\xxxx6020-20201124-MAINT-BUILD110\apps\jetty\webservices\webapps\sspcmrest}
2021-02-02 14:22:08,771 [main] INFO session - DefaultSessionIdManager
workerName=node0
2021-02-02 14:22:08,771 [main] INFO session - No SessionScavenger set, using
defaults
2021-02-02 14:22:08,771 [main] INFO session - node0 Scavenging every 600000ms
2021-02-02 14:22:08,865 [main] INFO SslContextFactory -
x509=X509@979e5720(webserverkeycert,h=[xxxx.com, xxxx.com, xxxx.com, xxxx.com,
xxxx.com, xxxx.com, xxxx.com],w=[]) for
JettySslContextFactory@3d4b29ca[provider=null,keyStore=null,trustStore=null]
2021-02-02 14:22:09,005 [main] INFO SslContextFactory - No Cipher Suite
matching 'SSL_AES_256_GCM_SHA384' is supported
2021-02-02 14:22:09,005 [main] INFO SslContextFactory - No Cipher Suite
matching 'SSL_CHACHA20_POLY1305_SHA256' is supported
2021-02-02 14:22:09,005 [main] INFO SslContextFactory - No Cipher Suite
matching 'SSL_AES_128_GCM_SHA256' is supported
2021-02-02 14:22:09,005 [main] WARN SslContextFactory - No supported Cipher
Suite from [TLS_AES_256_GCM_SHA384, TLS_CHACHA20_POLY1305_SHA256,
TLS_AES_128_GCM_SHA256, SSL_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
SSL_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, SSL_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
SSL_RSA_WITH_AES_256_GCM_SHA384, SSL_ECDH_ECDSA_WITH_AES_256_GCM_SHA384,
SSL_ECDH_RSA_WITH_AES_256_GCM_SHA384, SSL_DHE_RSA_WITH_AES_256_GCM_SHA384,
SSL_DHE_DSS_WITH_AES_256_GCM_SHA384, SSL_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
SSL_RSA_WITH_AES_128_GCM_SHA256, SSL_ECDH_ECDSA_WITH_AES_128_GCM_SHA256,
SSL_ECDH_RSA_WITH_AES_128_GCM_SHA256, SSL_DHE_RSA_WITH_AES_128_GCM_SHA256,
SSL_DHE_DSS_WITH_AES_128_GCM_SHA256, SSL_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384,
SSL_ECDHE_RSA_WITH_AES_256_CBC_SHA384, SSL_RSA_WITH_AES_256_CBC_SHA256,
SSL_ECDH_ECDSA_WITH_AES_256_CBC_SHA384, SSL_ECDH_RSA_WITH_AES_256_CBC_SHA384,
SSL_DHE_RSA_WITH_AES_256_CBC_SHA256, SSL_DHE_DSS_WITH_AES_256_CBC_SHA256,
SSL_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, SSL_ECDHE_RSA_WITH_AES_256_CBC_SHA,
SSL_RSA_WITH_AES_256_CBC_SHA, SSL_ECDH_ECDSA_WITH_AES_256_CBC_SHA,
SSL_ECDH_RSA_WITH_AES_256_CBC_SHA, SSL_DHE_RSA_WITH_AES_256_CBC_SHA,
SSL_DHE_DSS_WITH_AES_256_CBC_SHA, SSL_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256,
SSL_ECDHE_RSA_WITH_AES_128_CBC_SHA256, SSL_RSA_WITH_AES_128_CBC_SHA256,
SSL_ECDH_ECDSA_WITH_AES_128_CBC_SHA256, SSL_ECDH_RSA_WITH_AES_128_CBC_SHA256,
SSL_DHE_RSA_WITH_AES_128_CBC_SHA256, SSL_DHE_DSS_WITH_AES_128_CBC_SHA256,
SSL_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, SSL_ECDHE_RSA_WITH_AES_128_CBC_SHA,
SSL_RSA_WITH_AES_128_CBC_SHA, SSL_ECDH_ECDSA_WITH_AES_128_CBC_SHA,
SSL_ECDH_RSA_WITH_AES_128_CBC_SHA, SSL_DHE_RSA_WITH_AES_128_CBC_SHA,
SSL_DHE_DSS_WITH_AES_128_CBC_SHA, TLS_EMPTY_RENEGOTIATION_INFO_SCSV,
TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256,
TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256,
TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256]
2021-02-02 14:22:09,068 [main] INFO AbstractConnector - Started
ServerConnector@40dd70fc{SSL, (ssl, http/1.1)}{0.0.0.0:8443}
2021-02-02 14:22:09,068 [main] INFO Server - Started @20296ms
=====================================================
Please refer to https://northamerica.altran.com/email-disclaimer
for important disclosures regarding this electronic communication.
=====================================================
_______________________________________________
jetty-users mailing list
[email protected]
To unsubscribe from this list, visit
https://www.eclipse.org/mailman/listinfo/jetty-users
