Hi,
We're observing a random issue with some of our customers, after
doing an upgrade of the Jetty from 9.4.11 to 9.4.44. We're starting Jetty
programmatically in a Zulu JRE 8 runtime.
We're initializing the SSLContextFactory as follows
SslContextFactory<http://zensrc.labs.blr.novell.com/source/s?defs=SslContextFactory&project=Dev-20u4_zeus>
contextFactory<http://zensrc.labs.blr.novell.com/source/s?refs=contextFactory&project=Dev-20u4_zeus>
= new
SslContextFactory<http://zensrc.labs.blr.novell.com/source/s?defs=SslContextFactory&project=Dev-20u4_zeus>.Server<http://zensrc.labs.blr.novell.com/source/s?defs=Server&project=Dev-20u4_zeus>();
contextFactory<http://zensrc.labs.blr.novell.com/source/s?defs=contextFactory&project=Dev-20u4_zeus>.setKeyStorePath<http://zensrc.labs.blr.novell.com/source/s?defs=setKeyStorePath&project=Dev-20u4_zeus>(config<http://zensrc.labs.blr.novell.com/source/s?defs=config&project=Dev-20u4_zeus>.getKeyStorePath<http://zensrc.labs.blr.novell.com/source/s?defs=getKeyStorePath&project=Dev-20u4_zeus>());
contextFactory<http://zensrc.labs.blr.novell.com/source/s?defs=contextFactory&project=Dev-20u4_zeus>.setKeyStorePassword<http://zensrc.labs.blr.novell.com/source/s?defs=setKeyStorePassword&project=Dev-20u4_zeus>(config<http://zensrc.labs.blr.novell.com/source/s?defs=config&project=Dev-20u4_zeus>.getDecryptedPassword<http://zensrc.labs.blr.novell.com/source/s?defs=getDecryptedPassword&project=Dev-20u4_zeus>());
contextFactory<http://zensrc.labs.blr.novell.com/source/s?defs=contextFactory&project=Dev-20u4_zeus>.setTrustStorePath<http://zensrc.labs.blr.novell.com/source/s?defs=setTrustStorePath&project=Dev-20u4_zeus>(config<http://zensrc.labs.blr.novell.com/source/s?defs=config&project=Dev-20u4_zeus>.getKeyStorePath<http://zensrc.labs.blr.novell.com/source/s?defs=getKeyStorePath&project=Dev-20u4_zeus>());
contextFactory<http://zensrc.labs.blr.novell.com/source/s?defs=contextFactory&project=Dev-20u4_zeus>.setTrustStorePassword<http://zensrc.labs.blr.novell.com/source/s?defs=setTrustStorePassword&project=Dev-20u4_zeus>(config<http://zensrc.labs.blr.novell.com/source/s?defs=config&project=Dev-20u4_zeus>.getDecryptedPassword<http://zensrc.labs.blr.novell.com/source/s?defs=getDecryptedPassword&project=Dev-20u4_zeus>());
contextFactory<http://zensrc.labs.blr.novell.com/source/s?defs=contextFactory&project=Dev-20u4_zeus>.setExcludeCipherSuites<http://zensrc.labs.blr.novell.com/source/s?defs=setExcludeCipherSuites&project=Dev-20u4_zeus>(excCipherSuites<http://zensrc.labs.blr.novell.com/source/xref/Dev-20u4_zeus/zeus/zeus-jetty/src/main/java/com/novell/zenworks/zeus/jetty/JettyServer.java?r=4b4e51bb#excCipherSuites>);
contextFactory<http://zensrc.labs.blr.novell.com/source/s?defs=contextFactory&project=Dev-20u4_zeus>.addExcludeProtocols<http://zensrc.labs.blr.novell.com/source/s?defs=addExcludeProtocols&project=Dev-20u4_zeus>(excludedProtocols<http://zensrc.labs.blr.novell.com/source/s?defs=excludedProtocols&project=Dev-20u4_zeus>.toArray<http://zensrc.labs.blr.novell.com/source/s?defs=toArray&project=Dev-20u4_zeus>(new
String<http://zensrc.labs.blr.novell.com/source/s?defs=String&project=Dev-20u4_zeus>[0]));
What we're observing is that the SSL handshake is failing when the
server is accessed over FQDN. However the handshake goes through when accessed
over IP Address.
Enabled, Java SSL Logging and herewith attaching the trace of the
same.
What we see in the logs is
javax.net.ssl|SEVERE|08 1C|qtp1363141203-2076|2023-02-07
12:35:40.763 EST|TransportContext.java:340|Fatal (HANDSHAKE_FAILURE): no cipher
suites in common (
"throwable" : {
javax.net.ssl.SSLHandshakeException: no cipher suites in common
at sun.security.ssl.Alert.createSSLException(Alert.java:131)
at sun.security.ssl.Alert.createSSLException(Alert.java:117)
at
sun.security.ssl.TransportContext.fatal(TransportContext.java:335)
at
sun.security.ssl.TransportContext.fatal(TransportContext.java:291)
at
sun.security.ssl.TransportContext.fatal(TransportContext.java:282)
at
sun.security.ssl.ServerHello$T12ServerHelloProducer.chooseCipherSuite(ServerHello.java:461)
at
sun.security.ssl.ServerHello$T12ServerHelloProducer.produce(ServerHello.java:296)
at sun.security.ssl.SSLHandshake.produce(SSLHandshake.java:421)
at
sun.security.ssl.ClientHello$T12ClientHelloConsumer.consume(ClientHello.java:1020)
at
sun.security.ssl.ClientHello$ClientHelloConsumer.onClientHello(ClientHello.java:727)
at
sun.security.ssl.ClientHello$ClientHelloConsumer.consume(ClientHello.java:693)
at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:377)
at
sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:444)
at
sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:981)
at
sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:968)
at java.security.AccessController.doPrivileged(Native Method)
at
sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:915)
at
org.eclipse.jetty.io.ssl.SslConnection$DecryptedEndPoint.fill(SslConnection.java:654)
at
org.eclipse.jetty.server.HttpConnection.fillRequestBuffer(HttpConnection.java:350)
at
org.eclipse.jetty.server.HttpConnection.onFillable(HttpConnection.java:260)
at
org.eclipse.jetty.io.AbstractConnection$ReadCallback.succeeded(AbstractConnection.java:311)
at
org.eclipse.jetty.io.FillInterest.fillable(FillInterest.java:105)
at
org.eclipse.jetty.io.ssl.SslConnection$DecryptedEndPoint.onFillable(SslConnection.java:555)
at
org.eclipse.jetty.io.ssl.SslConnection.onFillable(SslConnection.java:410)
at
org.eclipse.jetty.io.ssl.SslConnection$2.succeeded(SslConnection.java:164)
at
org.eclipse.jetty.io.FillInterest.fillable(FillInterest.java:105)
at
org.eclipse.jetty.io.ChannelEndPoint$1.run(ChannelEndPoint.java:104)
at
org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.runTask(EatWhatYouKill.java:338)
at
org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.doProduce(EatWhatYouKill.java:315)
at
org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.tryProduce(EatWhatYouKill.java:173)
at
org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.run(EatWhatYouKill.java:131)
at
org.eclipse.jetty.util.thread.ReservedThreadExecutor$ReservedThread.run(ReservedThreadExecutor.java:409)
at
org.eclipse.jetty.util.thread.QueuedThreadPool.runJob(QueuedThreadPool.java:883)
at
org.eclipse.jetty.util.thread.QueuedThreadPool$Runner.run(QueuedThreadPool.java:1034)
at java.lang.Thread.run(Thread.java:750)}
The problem seems similar to the issue seen in the case of
https://github.com/eclipse/jetty.project/issues/7691 - However this was seen on
Java 11.
Also seems similar to the issue seen in
https://github.com/eclipse/jetty.project/issues/6099, but in this it is marked
as Fixed in 9.4.41 and we're on 9.4.44. We tried to follow the workaround of
setting sni required as true. But in our internal testing, after setting that,
handshake was failing both over IP and FQDN.
We're working to see if we can dump on server start and collect more
logs, but meanwhile if we can get any help here, it would be much appreciated.
What we're clear is that the Server Hello is not able to prove
possession and therefore the handshake is failing. How it is related to Jetty
version is what we're trying to figure out.
Thanks,
Srijith.
javax.net.ssl|FINE|07 F3|qtp1363141203-2035|2023-02-07 12:35:40.760
EST|ClientHello.java:689|Consuming ClientHello handshake message (
"ClientHello": {
"client version" : "TLSv1.2",
"random" : "4A 7B 44 66 DA F6 D4 00 60 62 09 96 D5 B8 BA F5 EE
51 B4 3B B1 E1 5A 58 8E B9 7A E6 3A D9 14 58",
"session id" : "18 CB 45 94 D3 BC 60 E5 08 A5 3E CF FA 68 F9 CA 96
91 20 38 0B 62 0B EF 1E EE 49 AA E3 2E ED C5",
"cipher suites" : "[UNKNOWN-CIPHER-SUITE(0x2A2A)(0x2A2A),
TLS_AES_128_GCM_SHA256(0x1301), TLS_AES_256_GCM_SHA384(0x1302),
TLS_CHACHA20_POLY1305_SHA256(0x1303),
TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256(0xC02B),
TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256(0xC02F),
TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384(0xC02C),
TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384(0xC030),
UNKNOWN-CIPHER-SUITE(0xCCA9)(0xCCA9), UNKNOWN-CIPHER-SUITE(0xCCA8)(0xCCA8),
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA(0xC013),
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA(0xC014),
TLS_RSA_WITH_AES_128_GCM_SHA256(0x009C),
TLS_RSA_WITH_AES_256_GCM_SHA384(0x009D), TLS_RSA_WITH_AES_128_CBC_SHA(0x002F),
TLS_RSA_WITH_AES_256_CBC_SHA(0x0035)]",
"compression methods" : "00",
"extensions" : [
"unknown extension (60,138)": {
},
"application_layer_protocol_negotiation (16)": {
[h2, http/1.1]
},
"key_share (51)": {
"client_shares": [
{
"named group": UNDEFINED-NAMED-GROUP(47802)
"key_exchange": {
0000: 00
}
},
{
"named group": x25519
"key_exchange": {
0000: 13 A1 84 46 AB BA 4E 5A 2E 47 BE B3 D9 6D E6 B4
...F..NZ.G...m..
0010: 70 57 2F 2C FC 48 E3 E4 C6 1C 52 A6 5A 8E B2 58
pW/,.H....R.Z..X
}
},
]
},
"server_name (0)": {
type=host_name (0), value=cotlv201.corp.toronto.ca
},
"status_request (5)": {
"certificate status type": ocsp
"OCSP status request": {
"responder_id": <empty>
"request extensions": {
<empty>
}
}
},
"extended_master_secret (23)": {
<empty>
},
"unknown extension (17,513)": {
0000: 00 03 02 68 32 ...h2
},
"ec_point_formats (11)": {
"formats": [uncompressed]
},
"signed_certificate_timestamp (18)": {
},
"supported_versions (43)": {
"versions": [TLS-42.42, TLSv1.3, TLSv1.2]
},
"supported_groups (10)": {
"versions": [UNDEFINED-NAMED-GROUP(47802), x25519, secp256r1, secp384r1]
},
"signature_algorithms (13)": {
"signature schemes": [ecdsa_secp256r1_sha256, rsa_pss_rsae_sha256,
rsa_pkcs1_sha256, ecdsa_secp384r1_sha384, rsa_pss_rsae_sha384,
rsa_pkcs1_sha384, rsa_pss_rsae_sha512, rsa_pkcs1_sha512, rsa_pkcs1_sha1]
},
"psk_key_exchange_modes (45)": {
"ke_modes": [psk_dhe_ke]
},
"unknown extension (27)": {
0000: 02 00 02 ...
},
"session_ticket (35)": {
},
"renegotiation_info (65,281)": {
"renegotiated connection": [<no renegotiated connection>]
},
"unknown extension (64,250)": {
0000: 00 .
},
"client_certificate_type (21)": {
0000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
0010: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
0020: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
0030: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
0040: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
0050: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
0060: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
0070: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
0080: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
0090: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00A0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00B0: 00 00 00 00 00 00 00 00 00 00 00 00 00 .............
}
]
}
)
javax.net.ssl|FINE|07 F3|qtp1363141203-2035|2023-02-07 12:35:40.761
EST|SSLExtensions.java:192|Consumed extension: supported_versions
javax.net.ssl|FINE|07 F3|qtp1363141203-2035|2023-02-07 12:35:40.761
EST|ClientHello.java:719|Negotiated protocol version: TLSv1.2
javax.net.ssl|ALL|07 F3|qtp1363141203-2035|2023-02-07 12:35:40.761
EST|ClientHello.java:849|Can't resume, the existing session is not rejoinable
javax.net.ssl|FINE|07 F3|qtp1363141203-2035|2023-02-07 12:35:40.761
EST|ServerNameExtension.java:310|server name indication (type=host_name (0),
value=cotlv201.corp.toronto.ca) is accepted
javax.net.ssl|FINE|07 F3|qtp1363141203-2035|2023-02-07 12:35:40.761
EST|SSLExtensions.java:192|Consumed extension: server_name
javax.net.ssl|FINE|07 F3|qtp1363141203-2035|2023-02-07 12:35:40.761
EST|SSLExtensions.java:173|Ignore unavailable extension: max_fragment_length
javax.net.ssl|ALL|08 1C|qtp1363141203-2076|2023-02-07 12:35:40.761
EST|SignatureScheme.java:403|Ignore disabled signature scheme: rsa_md5
javax.net.ssl|FINE|07 F3|qtp1363141203-2035|2023-02-07 12:35:40.761
EST|SSLExtensions.java:192|Consumed extension: status_request
javax.net.ssl|ALL|08 1C|qtp1363141203-2076|2023-02-07 12:35:40.761
EST|SSLSessionImpl.java:215|Session initialized:
Session(1675791340761|SSL_NULL_WITH_NULL_NULL)
javax.net.ssl|FINE|07 F3|qtp1363141203-2035|2023-02-07 12:35:40.761
EST|SSLExtensions.java:192|Consumed extension: supported_groups
javax.net.ssl|WARNING|08 1C|qtp1363141203-2076|2023-02-07 12:35:40.761
EST|SSLExtensions.java:215|Ignore impact of unsupported extension: server_name
javax.net.ssl|FINE|07 F3|qtp1363141203-2035|2023-02-07 12:35:40.761
EST|SSLExtensions.java:192|Consumed extension: ec_point_formats
javax.net.ssl|FINE|08 1C|qtp1363141203-2076|2023-02-07 12:35:40.761
EST|SSLExtensions.java:207|Ignore unavailable extension: max_fragment_length
javax.net.ssl|FINE|07 F3|qtp1363141203-2035|2023-02-07 12:35:40.761
EST|SSLExtensions.java:192|Consumed extension: signature_algorithms
javax.net.ssl|WARNING|08 1C|qtp1363141203-2076|2023-02-07 12:35:40.761
EST|SSLExtensions.java:215|Ignore impact of unsupported extension:
status_request
javax.net.ssl|FINE|07 F3|qtp1363141203-2035|2023-02-07 12:35:40.761
EST|SSLExtensions.java:173|Ignore unavailable extension:
signature_algorithms_cert
javax.net.ssl|WARNING|08 1C|qtp1363141203-2076|2023-02-07 12:35:40.761
EST|SSLExtensions.java:215|Ignore impact of unsupported extension:
supported_groups
javax.net.ssl|FINE|07 F3|qtp1363141203-2035|2023-02-07 12:35:40.761
EST|AlpnExtension.java:296|Ignore server unenabled extension:
application_layer_protocol_negotiation
javax.net.ssl|WARNING|08 1C|qtp1363141203-2076|2023-02-07 12:35:40.761
EST|SSLExtensions.java:215|Ignore impact of unsupported extension:
ec_point_formats
javax.net.ssl|FINE|07 F3|qtp1363141203-2035|2023-02-07 12:35:40.761
EST|SSLExtensions.java:192|Consumed extension:
application_layer_protocol_negotiation
javax.net.ssl|FINE|07 F3|qtp1363141203-2035|2023-02-07 12:35:40.761
EST|SSLExtensions.java:173|Ignore unavailable extension: status_request_v2
javax.net.ssl|FINE|07 F3|qtp1363141203-2035|2023-02-07 12:35:40.761
EST|SSLExtensions.java:192|Consumed extension: extended_master_secret
javax.net.ssl|FINE|08 1C|qtp1363141203-2076|2023-02-07 12:35:40.761
EST|SSLExtensions.java:224|Populated with extension: signature_algorithms
javax.net.ssl|FINE|07 F3|qtp1363141203-2035|2023-02-07 12:35:40.762
EST|SSLExtensions.java:192|Consumed extension: supported_versions
javax.net.ssl|FINE|08 1C|qtp1363141203-2076|2023-02-07 12:35:40.762
EST|SSLExtensions.java:207|Ignore unavailable extension:
signature_algorithms_cert
javax.net.ssl|FINE|07 F3|qtp1363141203-2035|2023-02-07 12:35:40.762
EST|SSLExtensions.java:192|Consumed extension: renegotiation_info
javax.net.ssl|WARNING|08 1C|qtp1363141203-2076|2023-02-07 12:35:40.762
EST|SSLExtensions.java:215|Ignore impact of unsupported extension:
application_layer_protocol_negotiation
javax.net.ssl|ALL|07 F3|qtp1363141203-2035|2023-02-07 12:35:40.762
EST|SignatureScheme.java:384|Ignore unsupported signature scheme: ed25519
javax.net.ssl|FINE|08 1C|qtp1363141203-2076|2023-02-07 12:35:40.762
EST|SSLExtensions.java:207|Ignore unavailable extension: status_request_v2
javax.net.ssl|ALL|07 F3|qtp1363141203-2035|2023-02-07 12:35:40.762
EST|SignatureScheme.java:384|Ignore unsupported signature scheme: ed448
javax.net.ssl|WARNING|08 1C|qtp1363141203-2076|2023-02-07 12:35:40.762
EST|SSLExtensions.java:215|Ignore impact of unsupported extension:
extended_master_secret
javax.net.ssl|WARNING|08 1C|qtp1363141203-2076|2023-02-07 12:35:40.762
EST|SSLExtensions.java:215|Ignore impact of unsupported extension:
supported_versions
javax.net.ssl|WARNING|08 1C|qtp1363141203-2076|2023-02-07 12:35:40.762
EST|SSLExtensions.java:215|Ignore impact of unsupported extension:
renegotiation_info
javax.net.ssl|ALL|08 1C|qtp1363141203-2076|2023-02-07 12:35:40.762
EST|X509Authentication.java:270|No X.509 cert selected for EC
javax.net.ssl|ALL|08 1C|qtp1363141203-2076|2023-02-07 12:35:40.762
EST|X509Authentication.java:270|No X.509 cert selected for EC
javax.net.ssl|ALL|07 F3|qtp1363141203-2035|2023-02-07 12:35:40.762
EST|SignatureScheme.java:403|Ignore disabled signature scheme: rsa_md5
javax.net.ssl|ALL|07 F3|qtp1363141203-2035|2023-02-07 12:35:40.762
EST|SSLSessionImpl.java:215|Session initialized:
Session(1675791340762|SSL_NULL_WITH_NULL_NULL)
javax.net.ssl|FINE|08 1C|qtp1363141203-2076|2023-02-07 12:35:40.762
EST|SunX509KeyManagerImpl.java:392|matching alias: tomcat
javax.net.ssl|WARNING|07 F3|qtp1363141203-2035|2023-02-07 12:35:40.762
EST|SSLExtensions.java:215|Ignore impact of unsupported extension: server_name
javax.net.ssl|FINE|07 F3|qtp1363141203-2035|2023-02-07 12:35:40.762
EST|SSLExtensions.java:207|Ignore unavailable extension: max_fragment_length
javax.net.ssl|ALL|08 1C|qtp1363141203-2076|2023-02-07 12:35:40.762
EST|X509Authentication.java:270|No X.509 cert selected for RSA
javax.net.ssl|WARNING|07 F3|qtp1363141203-2035|2023-02-07 12:35:40.762
EST|SSLExtensions.java:215|Ignore impact of unsupported extension:
status_request
javax.net.ssl|ALL|08 1C|qtp1363141203-2076|2023-02-07 12:35:40.762
EST|X509Authentication.java:270|No X.509 cert selected for RSASSA-PSS
javax.net.ssl|WARNING|07 F3|qtp1363141203-2035|2023-02-07 12:35:40.762
EST|SSLExtensions.java:215|Ignore impact of unsupported extension:
supported_groups
javax.net.ssl|WARNING|07 F3|qtp1363141203-2035|2023-02-07 12:35:40.763
EST|SSLExtensions.java:215|Ignore impact of unsupported extension:
ec_point_formats
javax.net.ssl|FINE|08 1C|qtp1363141203-2076|2023-02-07 12:35:40.762
EST|SunX509KeyManagerImpl.java:392|matching alias: tomcat
javax.net.ssl|ALL|08 1C|qtp1363141203-2076|2023-02-07 12:35:40.763
EST|X509Authentication.java:270|No X.509 cert selected for RSA
javax.net.ssl|ALL|08 1C|qtp1363141203-2076|2023-02-07 12:35:40.763
EST|X509Authentication.java:270|No X.509 cert selected for RSASSA-PSS
javax.net.ssl|FINE|07 F3|qtp1363141203-2035|2023-02-07 12:35:40.763
EST|SSLExtensions.java:224|Populated with extension: signature_algorithms
javax.net.ssl|FINE|07 F3|qtp1363141203-2035|2023-02-07 12:35:40.763
EST|SSLExtensions.java:207|Ignore unavailable extension:
signature_algorithms_cert
javax.net.ssl|WARNING|07 F3|qtp1363141203-2035|2023-02-07 12:35:40.763
EST|SSLExtensions.java:215|Ignore impact of unsupported extension:
application_layer_protocol_negotiation
javax.net.ssl|FINE|07 F3|qtp1363141203-2035|2023-02-07 12:35:40.763
EST|SSLExtensions.java:207|Ignore unavailable extension: status_request_v2
javax.net.ssl|WARNING|07 F3|qtp1363141203-2035|2023-02-07 12:35:40.763
EST|SSLExtensions.java:215|Ignore impact of unsupported extension:
extended_master_secret
javax.net.ssl|WARNING|07 F3|qtp1363141203-2035|2023-02-07 12:35:40.763
EST|SSLExtensions.java:215|Ignore impact of unsupported extension:
supported_versions
javax.net.ssl|SEVERE|08 1C|qtp1363141203-2076|2023-02-07 12:35:40.763
EST|TransportContext.java:340|Fatal (HANDSHAKE_FAILURE): no cipher suites in
common (
"throwable" : {
javax.net.ssl.SSLHandshakeException: no cipher suites in common
at sun.security.ssl.Alert.createSSLException(Alert.java:131)
at sun.security.ssl.Alert.createSSLException(Alert.java:117)
at sun.security.ssl.TransportContext.fatal(TransportContext.java:335)
at sun.security.ssl.TransportContext.fatal(TransportContext.java:291)
at sun.security.ssl.TransportContext.fatal(TransportContext.java:282)
at
sun.security.ssl.ServerHello$T12ServerHelloProducer.chooseCipherSuite(ServerHello.java:461)
at
sun.security.ssl.ServerHello$T12ServerHelloProducer.produce(ServerHello.java:296)
at sun.security.ssl.SSLHandshake.produce(SSLHandshake.java:421)
at
sun.security.ssl.ClientHello$T12ClientHelloConsumer.consume(ClientHello.java:1020)
at
sun.security.ssl.ClientHello$ClientHelloConsumer.onClientHello(ClientHello.java:727)
at
sun.security.ssl.ClientHello$ClientHelloConsumer.consume(ClientHello.java:693)
at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:377)
at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:444)
at
sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:981)
at
sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:968)
at java.security.AccessController.doPrivileged(Native Method)
at
sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:915)
at
org.eclipse.jetty.io.ssl.SslConnection$DecryptedEndPoint.fill(SslConnection.java:654)
at
org.eclipse.jetty.server.HttpConnection.fillRequestBuffer(HttpConnection.java:350)
at
org.eclipse.jetty.server.HttpConnection.onFillable(HttpConnection.java:260)
at
org.eclipse.jetty.io.AbstractConnection$ReadCallback.succeeded(AbstractConnection.java:311)
at org.eclipse.jetty.io.FillInterest.fillable(FillInterest.java:105)
at
org.eclipse.jetty.io.ssl.SslConnection$DecryptedEndPoint.onFillable(SslConnection.java:555)
at
org.eclipse.jetty.io.ssl.SslConnection.onFillable(SslConnection.java:410)
at
org.eclipse.jetty.io.ssl.SslConnection$2.succeeded(SslConnection.java:164)
at org.eclipse.jetty.io.FillInterest.fillable(FillInterest.java:105)
at org.eclipse.jetty.io.ChannelEndPoint$1.run(ChannelEndPoint.java:104)
at
org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.runTask(EatWhatYouKill.java:338)
at
org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.doProduce(EatWhatYouKill.java:315)
at
org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.tryProduce(EatWhatYouKill.java:173)
at
org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.run(EatWhatYouKill.java:131)
at
org.eclipse.jetty.util.thread.ReservedThreadExecutor$ReservedThread.run(ReservedThreadExecutor.java:409)
at
org.eclipse.jetty.util.thread.QueuedThreadPool.runJob(QueuedThreadPool.java:883)
at
org.eclipse.jetty.util.thread.QueuedThreadPool$Runner.run(QueuedThreadPool.java:1034)
at java.lang.Thread.run(Thread.java:750)}
)_______________________________________________
jetty-users mailing list
jetty-users@eclipse.org
To unsubscribe from this list, visit
https://www.eclipse.org/mailman/listinfo/jetty-users
