alf of Cantor, Scott
Sent: Tuesday, May 26, 2020 1:40 PM
To: JETTY user mailing list
Subject: Re: [jetty-users] Keystore Problems
On 5/26/20, 4:34 PM, "jetty-users-boun...@eclipse.org on behalf of David C
Fuhs" wrote:
> What I really want is quite simple: a series of command
On 5/26/20, 4:34 PM, "jetty-users-boun...@eclipse.org on behalf of David C
Fuhs" wrote:
> What I really want is quite simple: a series of commands that will take as
> input a private key, a new SSL certificate, and a
> series of intermediate/CA certificates and create a PKCS12 keystore that
>
Office
California State University, Chico
df...@csuchico.edu
530-898-4852
From: jetty-users-boun...@eclipse.org on
behalf of Simone Bordet
Sent: Tuesday, May 26, 2020 11:18 AM
To: JETTY user mailing list
Subject: Re: [jetty-users] Keystore Problems
Hi,
On Tue
Hi,
On Tue, May 26, 2020 at 8:07 PM David C Fuhs wrote:
>
> To generate the private key:
> openssl genrsa 4096 > new_host.key
>
> To combine the SSL certificate plus CA certificates into one file:
> cat ssl_cert interm_certs > combined_certs
> Results in a file with the SSL certificate first,
mation Security Office
California State University, Chico
df...@csuchico.edu
530-898-4852
From: jetty-users-boun...@eclipse.org on
behalf of Joakim Erdfelt
Sent: Tuesday, May 26, 2020 10:49 AM
To: JETTY user mailing list
Subject: Re: [jetty-users] Keystore Pr
How were new_host.key and combined_certs created?
Also, can you provide the complete stacktraces?
Joakim Erdfelt / joa...@webtide.com
On Tue, May 26, 2020 at 12:44 PM David C Fuhs wrote:
> Good morning all:
>
> Red Hat Enterprise Linux Server release 7.8 (Maipo)
>
fair enough, congrats at least :)
--
jesse mcconnell
jesse.mcconn...@gmail.com
On Wed, Mar 14, 2018 at 2:15 PM, Lou DeGenaro
wrote:
> Unfortunately no. I could only supply an IP address (which it seems is
> not allowed) and is only accessible internally anyway.
>
>
Unfortunately no. I could only supply an IP address (which it seems is not
allowed) and is only accessible internally anyway.
Lou.
On Wed, Mar 14, 2018 at 3:04 PM, Jesse McConnell
wrote:
> That is an interesting nugget Lou, any chance you can report results from
>
That is an interesting nugget Lou, any chance you can report results from
here: https://www.ssllabs.com/ssltest/ ?
--
jesse mcconnell
jesse.mcconn...@gmail.com
On Wed, Mar 14, 2018 at 1:53 PM, Lou DeGenaro
wrote:
> Looking here:
Looking here:
https://www.ibm.com/support/knowledgecenter/en/SSYKE2_8.0.0/com.ibm.java.security.component.80.doc/security-component/jsse2Docs/matchsslcontext_tls.html
I added -Dcom.ibm.jsse2.overrideDefaultTLS=true to the launch of my Jetty
server and much joy resulted.
Lou.
On Wed, Mar 14,
Am 14.03.2018 um 17:53 schrieb Silvio Bierman:
Those are ciphers for the SSL protocol instead of TLS. You do not want to use
those...
I'm not defending IBM here for their decision to follow the NIH-principle.
The ciphers are for TLS, the session where this trace came from was an
for the SSL protocol instead of TLS. You do not want to
>> use those...
>>
>>
>>
>> Sent from my Samsung Galaxy smartphone.
>>
>> Original message ----
>> From: Lothar Kimmeringer <j...@kimmeringer.de>
>> Date: 3/14/18
gt; To: jetty-users@eclipse.org
> Subject: Re: [jetty-users] keystore
>
> Hi,
>
> Am 14.03.2018 um 17:24 schrieb Joakim Erdfelt:
>
> > * The IBM JVM is not sane, look into its cipher suites and protocols.
> >
> > A quick comparison shows that it has half the cipher sui
Hi,
Am 14.03.2018 um 17:47 schrieb Joakim Erdfelt:
Conclusion: You have a cipher suite issue.
I don't have any issues (I just added my 2 cents to this thread). My point is
if we have a similar effect here than with JVMs on iSeries that the JVM
reports ciphers "SSL_-something" and jetty is
Those are ciphers for the SSL protocol instead of TLS. You do not want to use
those...
Sent from my Samsung Galaxy smartphone.
Original message From: Lothar Kimmeringer
<j...@kimmeringer.de> Date: 3/14/18 17:36 (GMT+01:00) To:
jetty-users@eclipse.org Subject: Re:
> Secure Connection Failed Error code: SSL_ERROR_NO_CYPHER_OVERLAP
The stated reason from Firefox for that error is that you lack the required
cipher suites for the updated TLS configuration present since FireFox 50.x
* https://support.mozilla.org/en-US/questions/1148536
*
Hi,
Am 14.03.2018 um 17:24 schrieb Joakim Erdfelt:
* The IBM JVM is not sane, look into its cipher suites and protocols.
A quick comparison shows that it has half the cipher suites that oracle jvm or
openjdk has.
Not necessarily. At least the JVM for i Series has more or less the same
Your server has no handlers, none, completely empty.
Perhaps you missed the ...
server.setHandler(resourceHandler);
Better yet, use ...
HandlerList handlers = new HandlerList();
handlers.addHandler(resourceHandler);
handlers.addHandler(new DefaultHandler()); // always last
Have you attempted to configure the SSL Cipher Suites on the Jetty server
side?
> NO. I'm using vanilla jetty as shipped. Is there something else I need
to do?
Code shown below.
Thanks.
Lou.
private void server_main(String[] args) {
try {
// === jetty.xml
===
Have you attempted to configure the SSL Cipher Suites on the Jetty server
side?
If you enable the jetty startup dump you'll see the list of enabled cipher
suites and protocols that Jetty is running with (including the reason why a
specific available protocol or cipher suite is disabled).
$ java
Still having (likely user error) issues with SSL. I generate my keystore
thus:
/share/jdk1.8/bin/keytool -genkey -noprompt -alias jetty -dname "CN=my.cn,
OU=my.ou, O=my.o, L=my.l, S=my.s, C=my.c" -keyalg RSA -keysize 2048 -sigalg
SHA256withRSA -validity 1 -keystore
Any jetty.keystore.password is not set anywhere? if it is set, is it set to
your password?
Try hard coding it in the XML to debug before playing with parameters.
cheers
On 11 March 2018 at 06:48, Lou DeGenaro wrote:
> yep.
>
> On Sat, Mar 10, 2018 at 12:59 PM, John
yep.
On Sat, Mar 10, 2018 at 12:59 PM, John English
wrote:
> On 10/03/2018 16:15, Lou DeGenaro wrote:
>
>> > default="my-password"/>
>> > default="my-password"/>
>>
>
> The keystore password and truststore password are really the same? Are you
> sure?
>
> --
> John
On 10/03/2018 16:15, Lou DeGenaro wrote:
default="my-password"/>
name="jetty.truststore.password" default="my-password"/>
The keystore password and truststore password are really the same? Are
you sure?
--
John English
___
jetty-users mailing list
24 matches
Mail list logo