Я пытаюсь запустить SSL со встроенным причалом последней версии (9.4.x) .Followed следующих шагов:Issue работает встроенный причал на SSL
создал jetty.xml с следующим содержанием:
<Get name="ThreadPool"> <Set name="minThreads" type="int"><Property name="jetty.threadPool.minThreads" deprecated="threads.min" default="10"/></Set> <Set name="maxThreads" type="int"><Property name="jetty.threadPool.maxThreads" deprecated="threads.max" default="200"/></Set> <Set name="idleTimeout" type="int"><Property name="jetty.threadPool.idleTimeout" deprecated="threads.timeout" default="60000"/></Set> <Set name="detailedDump">false</Set> </Get> <!-- =========================================================== --> <!-- Add shared Scheduler instance --> <!-- =========================================================== --> <Call name="addBean"> <Arg> <New class="org.eclipse.jetty.util.thread.ScheduledExecutorScheduler"/> </Arg> </Call> <New id="httpConfig" class="org.eclipse.jetty.server.HttpConfiguration"> <Set name="secureScheme"><Property name="jetty.httpConfig.secureScheme" default="https" /></Set> <Set name="securePort"><Property name="jetty.httpConfig.securePort" deprecated="jetty.secure.port" default="8443" />8447</Set> <Set name="outputBufferSize"><Property name="jetty.httpConfig.outputBufferSize" deprecated="jetty.output.buffer.size" default="32768" /></Set> <Set name="outputAggregationSize"><Property name="jetty.httpConfig.outputAggregationSize" deprecated="jetty.output.aggregation.size" default="8192" /></Set> <Set name="requestHeaderSize"><Property name="jetty.httpConfig.requestHeaderSize" deprecated="jetty.request.header.size" default="8192" /></Set> <Set name="responseHeaderSize"><Property name="jetty.httpConfig.responseHeaderSize" deprecated="jetty.response.header.size" default="8192" /></Set> <Set name="sendServerVersion"><Property name="jetty.httpConfig.sendServerVersion" deprecated="jetty.send.server.version" default="true" /></Set> <Set name="sendDateHeader"><Property name="jetty.httpConfig.sendDateHeader" deprecated="jetty.send.date.header" default="false" /></Set> <Set name="headerCacheSize"><Property name="jetty.httpConfig.headerCacheSize" default="512" /></Set> <Set name="delayDispatchUntilContent"><Property name="jetty.httpConfig.delayDispatchUntilContent" deprecated="jetty.delayDispatchUntilContent" default="true"/></Set> <Set name="maxErrorDispatches"><Property name="jetty.httpConfig.maxErrorDispatches" default="10"/></Set> <Set name="blockingTimeout"><Property name="jetty.httpConfig.blockingTimeout" default="-1"/></Set> <Set name="persistentConnectionsEnabled"><Property name="jetty.httpConfig.persistentConnectionsEnabled" default="true"/></Set> </New> <Set name="handler"> <New id="Handlers" class="org.eclipse.jetty.server.handler.HandlerCollection"> <Set name="handlers"> <Array type="org.eclipse.jetty.server.Handler"> <Item> <New id="Contexts" class="org.eclipse.jetty.server.handler.ContextHandlerCollection"/> </Item> <Item> <New id="DefaultHandler" class="org.eclipse.jetty.server.handler.DefaultHandler"/> </Item> </Array> </Set> </New> </Set> <!-- =========================================================== --> <!-- extra server options --> <!-- =========================================================== --> <Set name="stopAtShutdown"><Property name="jetty.server.stopAtShutdown" default="true"/></Set> <Set name="stopTimeout"><Property name="jetty.server.stopTimeout" default="5000"/></Set> <Set name="dumpAfterStart"><Property name="jetty.server.dumpAfterStart" deprecated="jetty.dump.start" default="false"/></Set> <Set name="dumpBeforeStop"><Property name="jetty.server.dumpBeforeStop" deprecated="jetty.dump.stop" default="false"/></Set> <New id="sslHttpConfig" class="org.eclipse.jetty.server.HttpConfiguration"> <Arg><Ref refid="httpConfig"/></Arg> <Call name="addCustomizer"> <Arg> <New class="org.eclipse.jetty.server.SecureRequestCustomizer"> <Arg name="sniHostCheck" type="boolean"><Property name="jetty.ssl.sniHostCheck" default="true"/></Arg> <Arg name="stsMaxAgeSeconds" type="int"><Property name="jetty.ssl.stsMaxAgeSeconds" default="-1"/></Arg> <Arg name="stsIncludeSubdomains" type="boolean"><Property name="jetty.ssl.stsIncludeSubdomains" default="false"/></Arg> </New> </Arg> </Call> </New> <New id="sslContextFactory" class="org.eclipse.jetty.util.ssl.SslContextFactory"> <Set name="KeyStorePath">trust.jks</Set> <Set name="KeyStorePassword">testpwd</Set> <Set name="KeyManagerPassword">testpwd</Set> <Set name="TrustStorePath">trust.jks</Set> <Set name="TrustStorePassword">testpwd</Set> <Set name="EndpointIdentificationAlgorithm"/> <Set name="keyStoreType">JKS</Set> <Set name="keyStoreProvider">SUN</Set> <Set name="trustStoreType">JKS</Set> <!-- <Set name="protocol">TLS</Set>--> <Set name="renegotiationAllowed">true</Set> <Set name="includeProtocols"> <Array type="java.lang.String"> <Item>SSLv2Hello</Item> <Item>SSLv3</Item> <Item>TLSv1</Item> <Item>TLSv1.1</Item> <Item>TLSv1.2</Item> </Array> </Set> <Set name="IncludeCipherSuites"> <Array type="java.lang.String"> <item>TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256</item> <item>TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256</item> <item>TLS_RSA_WITH_AES_128_CBC_SHA256</item> <item>TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256</item> <item>TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256</item> <item>TLS_DHE_RSA_WITH_AES_128_CBC_SHA256</item> <item>TLS_DHE_DSS_WITH_AES_128_CBC_SHA256</item> <item>TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA</item> <item>TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA</item> <item>TLS_RSA_WITH_AES_128_CBC_SHA</item> <item>TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA</item> <item>TLS_ECDH_RSA_WITH_AES_128_CBC_SHA</item> <item>TLS_DHE_RSA_WITH_AES_128_CBC_SHA</item> <item>TLS_DHE_DSS_WITH_AES_128_CBC_SHA</item> <item>TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256</item> <item>TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256</item> <item>TLS_RSA_WITH_AES_128_GCM_SHA256</item> <item>TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256</item> <item>TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256</item> <item>TLS_DHE_RSA_WITH_AES_128_GCM_SHA256</item> <item>TLS_DHE_DSS_WITH_AES_128_GCM_SHA256</item> <item>TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA</item> <item>TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA</item> <item>SSL_RSA_WITH_3DES_EDE_CBC_SHA</item> <item>TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA</item> <item>TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA</item> <item>SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA</item> <item>SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA</item> <item>TLS_EMPTY_RENEGOTIATION_INFO_SCSV</item> <item>TLS_DH_anon_WITH_AES_128_GCM_SHA256</item> <item>TLS_DH_anon_WITH_AES_128_CBC_SHA256</item> <item>TLS_ECDH_anon_WITH_AES_128_CBC_SHA</item> <item>TLS_DH_anon_WITH_AES_128_CBC_SHA</item> <item>TLS_ECDH_anon_WITH_3DES_EDE_CBC_SHA</item> <item>SSL_DH_anon_WITH_3DES_EDE_CBC_SHA</item> <item>SSL_RSA_WITH_DES_CBC_SHA</item> <item>SSL_DHE_RSA_WITH_DES_CBC_SHA</item> <item>SSL_DHE_DSS_WITH_DES_CBC_SHA</item> <item>SSL_DH_anon_WITH_DES_CBC_SHA</item> <item>SSL_RSA_EXPORT_WITH_DES40_CBC_SHA</item> <item>SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA</item> <item>SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA</item> <item>SSL_DH_anon_EXPORT_WITH_DES40_CBC_SHA</item> <item>TLS_RSA_WITH_NULL_SHA256</item> <item>TLS_ECDHE_ECDSA_WITH_NULL_SHA</item> <item>TLS_ECDHE_RSA_WITH_NULL_SHA</item> <item>SSL_RSA_WITH_NULL_SHA</item> <item>TLS_ECDH_ECDSA_WITH_NULL_SHA</item> <item>TLS_ECDH_RSA_WITH_NULL_SHA</item> <item>TLS_ECDH_anon_WITH_NULL_SHA</item> <item>SSL_RSA_WITH_NULL_MD5</item> <item>TLS_KRB5_WITH_3DES_EDE_CBC_SHA</item> <item>TLS_KRB5_WITH_3DES_EDE_CBC_MD5</item> <item>TLS_KRB5_WITH_DES_CBC_SHA</item> <item>TLS_KRB5_WITH_DES_CBC_MD5</item> <item>TLS_KRB5_EXPORT_WITH_DES_CBC_40_SHA</item> <item>TLS_KRB5_EXPORT_WITH_DES_CBC_40_MD5</item> </Array> </Set> </New> <Call name="addConnector"> <Arg> <New id="sslConnector" class="org.eclipse.jetty.server.ServerConnector"> <Arg name="server"><Ref refid="Server" /></Arg> <Arg name="acceptors" type="int"><Property name="jetty.ssl.acceptors" deprecated="ssl.acceptors" default="-1"/></Arg> <Arg name="selectors" type="int"><Property name="jetty.ssl.selectors" deprecated="ssl.selectors" default="-1"/></Arg> <Arg name="factories"> <Array type="org.eclipse.jetty.server.ConnectionFactory"> <Item> <New class="org.eclipse.jetty.server.SslConnectionFactory"> <Arg name="next">http/1.1</Arg> <Arg name="sslContextFactory"> <Ref refid="sslContextFactory"/> </Arg> </New> </Item> </Array> </Arg> <Set name="host">192.168.10.129</Set> <Set name="port">8080</Set> <Set name="idleTimeout"><Property name="jetty.ssl.idleTimeout" deprecated="ssl.timeout" default="30000"/></Set> <Set name="soLingerTime"><Property name="jetty.ssl.soLingerTime" deprecated="ssl.soLingerTime" default="-1"/></Set> <Set name="acceptorPriorityDelta"><Property name="jetty.ssl.acceptorPriorityDelta" deprecated="ssl.acceptorPriorityDelta" default="0"/></Set> <Set name="acceptQueueSize"><Property name="jetty.ssl.acceptQueueSize" deprecated="ssl.acceptQueueSize" default="0"/></Set> </New> </Arg> </Call> </Configure>
создан сертификат с помощью следующих команд:
Keytool -genkey -alias причалу -keyalg R SA -keysize 1024 -validity 365 -keypass testpwd -keystore identity.jks -storepass testpwd
Keytool -export -alias молы -file root.cer -keystore identity.jks -storepass testpwd
Keytool -import -alias Пристань - файл root.cer -keystore trust.jks -storepass testpwd- создал причал бегун банку с использованием мол бегун Maven плагин
- работает пристани бегун со следующими commad: Java -Dsun.security.ssl.allowUnsafeRenegotiation = true -Djavax.net.debug = all -Djavax.net.debug = все: рукопожатие: verbose -jar jetty-runner.jar --config jetty.xml my.w ar
Сервер работает, как показано в файле журнала на указанном порту и в SSL, но при попытке открыть в браузере или любом http-клиенте происходит ошибка рукопожатия. javax.net.ssl.SSLHandshakeException: Удаленное соединение с узлом удаленного доступа во время рукопожатия. Вызвано: java.io.EOFException: SSL-протокол отключен неправильно.
Бревна вы захватили с '-Djavax.net.debug' покажет вам, что происходит. Общие причины: несовместимость списков шифров. (у вашей установки есть синтаксическая ошибка btw, ее '- ' не '
- ') –