Hi,
I've got a HSM with a certificate and private key that I pass as
a KeyStore to an SslContextFactory:
<!-- ============================================================= -->
<!-- Configure a TLS (SSL) Context Factory -->
<!-- ============================================================= -->
<!-- -->
<New id="testksSslContextFactory"
class="org.eclipse.jetty.util.ssl.SslContextFactory$Server">
<Set name="keyStore"><Call class="mypackage.CryptoTools"
name="getKeyStore">
<Arg>testks</Arg>
</Call></Set>
<Set name="CertAlias">testhsmcert</Set>
[...]
</New>
The passed KeyStore is a PKCS11-keystore (in this particular case an
OpenSC-based one but another one shows the same behavior).
When starting the server using Java 8, everything works and I can
establish a TLS-connection where the server uses the HSM's certificate.
When starting the server using Java 11, the browser gets an
SSL_ERROR_INTERNAL_ERROR_ALERT and Wireshark shows that the server
is sending a ServerHello and a Certificate TLS packet. After that
the server sends a TLS alert with code 80 (internal error).
The server logs shows no error message (incl. jetty debug enabled), so
I'm not sure what's happening here.
Are there any known issues with PKCS11-keystores, Java 11 and Jetty?
Thanks and cheers, Lothar
_______________________________________________
jetty-users mailing list
jetty-users@eclipse.org
To unsubscribe from this list, visit
https://www.eclipse.org/mailman/listinfo/jetty-users
