You are using the Java 8 version of BouncyCastle.
org.bouncycastle.jsse.provider.ProvSSLEngine_8
For this to work, you'll need the Java 11+ runtime and Java 11 specific
BouncyCastle, as ALPN is built into Java by that point.
Java 8 doesn't have a stable ALPN layer, and each Security provider needs
custom work to allow ALPN to work (if at all. many providers do not
support ALPN on Java 8)
For Java 8, our support is OpenJDK and Conscrypt using Jetty 9.
For Java 11+, our support is whatever the JVM has, on any Jetty version.
Joakim Erdfelt / joa...@webtide.com
On Mon, Apr 11, 2022 at 9:29 PM Xia Bing <bing_xia...@hotmail.com> wrote:
> Hi,
>
> I try to use BouncyCastle as the provider by the following code:
>
> Security.addProvider(new BouncyCastleJsseProvider(true));
> sslContextFactory.setProvider("BCJSSE");
>
> And the following exception is raised when creating http2 session:
> java.lang.IllegalStateException: No ALPNProcessor for
> org.bouncycastle.jsse.provider.ProvSSLEngine_8@989a394
> at
> org.eclipse.jetty.alpn.client.ALPNClientConnectionFactory.newConnection(ALPNClientConnectionFactory.java:111)
> at
> org.eclipse.jetty.io.ssl.SslClientConnectionFactory.newConnection(SslClientConnectionFactory.java:136)
> at
> org.eclipse.jetty.http2.client.HTTP2Client.lambda$doStart$1(HTTP2Client.java:165)
> at
> org.eclipse.jetty.http2.client.HTTP2Client$ClientSelectorManager.newConnection(HTTP2Client.java:500)
> at
> org.eclipse.jetty.io.ManagedSelector.createEndPoint(ManagedSelector.java:386)
> at
> org.eclipse.jetty.io.ManagedSelector.access$2100(ManagedSelector.java:65)
> at
> org.eclipse.jetty.io.ManagedSelector$CreateEndPoint.run(ManagedSelector.java:1069)
> at
> java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1167)
> at
> java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:641)
> at java.base/java.lang.Thread.run(Thread.java:844)
>
> I think that some enhancement in Jetty should be done to support BouncyCastle,
> is this understanding right?
> Best Regards
> Bing
>
> ------------------------------
> *发件人:* jetty-users <jetty-users-boun...@eclipse.org> 代表 Simone Bordet <
> simone.bor...@gmail.com>
> *发送时间:* 2022年4月1日 18:05
> *收件人:* JETTY user mailing list <jetty-users@eclipse.org>
> *主题:* Re: [jetty-users] Does Jetty support the function of export keying
> material for TLS defined in RFC5705?
>
> Hi,
>
> On Fri, Apr 1, 2022 at 11:45 AM Xia Bing <bing_xia...@hotmail.com> wrote:
> >
> > Hi, Jetty team,
> >
> > Could anyone help to clarify the this question:
> > After setting up the HTTP2/TLS session by Jetty HTTP2 client, can upper
> application gets the exported keying material for TLS defined in RFC5705 by
> some APIs provided by Jetty?
> > Looking forward to the reply!
>
> This functionality should be provided by the TLS implementation, and
> Jetty can only forward what the TLS implementation provides.
> Unfortunately, I don't think the OpenJDK implementation provides EKM,
> see https://bugs.openjdk.java.net/browse/JDK-8201287.
> If you find otherwise about OpenJDK, let us know.
>
> If you find a way to use EKM with BouncyCastle, let us know how you did it.
>
> --
> Simone Bordet
> ---
> Finally, no matter how good the architecture and design are,
> to deliver bug-free software with optimal performance and reliability,
> the implementation technique must be flawless. Victoria Livschitz
> _______________________________________________
> jetty-users mailing list
> jetty-users@eclipse.org
> To unsubscribe from this list, visit
> https://www.eclipse.org/mailman/listinfo/jetty-users
> _______________________________________________
> jetty-users mailing list
> jetty-users@eclipse.org
> To unsubscribe from this list, visit
> https://www.eclipse.org/mailman/listinfo/jetty-users
>
_______________________________________________
jetty-users mailing list
jetty-users@eclipse.org
To unsubscribe from this list, visit
https://www.eclipse.org/mailman/listinfo/jetty-users
