java - Chrome/Firefox and Jetty HTTPS -


i have application running on jetty 6 accessed on https. connecting ie 11 works not firefox 43 or google 40. ssl trace shows jetty , browser fail find common cipher:

   %% initialized:  [session-13, ssl_null_with_null_null]    %% invalidated:  [session-13, ssl_null_with_null_null]    783842035@qtp-1833323686-4, send tlsv1.2 alert:  fatal, description = handshake_failure    783842035@qtp-1833323686-4, write: tlsv1.2 alert, length = 2    [raw write]: length = 7    0000: 15 03 03 00 02 02 28                               ......(    783842035@qtp-1833323686-4, called closesocket()    783842035@qtp-1833323686-4, handling exception: javax.net.ssl.sslhandshakeexception: no cipher suites in common

however, when ie 11 used selected cipher tls_dhe_dss_with_aes_128_cbc_sha256:

    %% initialized:  [session-30, ssl_null_with_null_null]     %% negotiating:  [session-30, tls_dhe_dss_with_aes_128_cbc_sha256]     *** serverhello, tlsv1.2

since chrome warns rc4 ciphers when fails connect:

a secure connection cannot established because site uses >>unsupported protocol or cipher suite. caused when >>server needs rc4, no longer considered secure.

i have excluded rc4 in java.security adding following property

    jdk.tls.disabledalgorithms=rc4

but no avail, chrome , ff still fail connect. i've ran out of ideas. suggestions? tia.

jetty 6 long ago eol (end of life).

if stick jetty 6, know level of ssl/tls tweaking need not present in version of jetty.

you'll either have stick jvm level tweaks, or write custom sslselectchannelconnector (sorry, easier sslcontextfactory concepts introduced in jetty 7) implementation of own accomplish necessary includes , excludes of ciphers , protocols, along new tls ciphers ordering requirements pull off reliably.

jetty 9.3.7.v20160115 almost date recent , upcoming browser changes. next release, 9.3.8, have remaining tweaks necessary support recent browser changes, under java 8u72 (or newer).

also of note, since have ssl/tls enabled on jetty, have keep version of java date, if no other reason keep changes in ssl/tls on past few years.


Comments

Post a Comment

Popular posts from this blog

sublimetext3 - what keyboard shortcut is to comment/uncomment for this script tag in sublime -

Image
i have script tag in code, keyboard shortcut comment/uncomment script tag in sublime. after selecting script open , close tag. <script src="http://code.jquery.com/jquery-latest.min.js" type="text/javascript"> </script> i pressing ctrl + shift + / , getting this /*<script src="http://code.jquery.com/jquery-latest.min.js" type="text/javascript"> </script>*/ also pressed ctrl + / , got this // <script src="http://code.jquery.com/jquery-latest.min.js" type="text/javascript"> // </script> instead of <!-- <script src="http://code.jquery.com/jquery-latest.min.js" type="text/javascript"> </script> --> script open , close tag in 2 lines not in 1 line , not have spaces too. for mac,high light lines want comment. hold 'command , / ' commented. for windows: high line or select lines ,then hold ctrl + / if not work: ...
Read more

java - No use of nillable="0" in SOAP Webservice -

i have received xsd 3rd party supplier generated java based system; used create soap endpoint receive data transfers. xsd not make use of nillable attribute defined within w3c/xsd namespace, example: <xs:complextype name="customer"> <xs:sequence> <xs:element minoccurs="1" maxoccurs="1" name="id" type="xs:integer"/> <xs:element minoccurs="0" maxoccurs="1" name="titleid" type="xs:integer"/> <xs:element minoccurs="0" maxoccurs="1" name="firstname" type="xs:string"/> <xs:element minoccurs="0" maxoccurs="1" name="familyname" type="xs:string"/> <xs:element minoccurs="0" maxoccurs="1" name="previousname" type="xs:string"/> <xs:element minoccurs="0" maxoccurs="1" nam...
Read more

ubuntu - Laravel 5.2 quickstart guide gives Not Found Error -

edit: think problem due not setting apache properly, these 2 links helped me. solution: http://laravel.io/forum/06-11-2014-not-found-but-route-exists https://www.digitalocean.com/community/tutorials/how-to-set-up-apache-virtual-hosts-on-ubuntu-14-04-lts end edit i'm following laravel 5.2 quickstart guide. https://laravel.com/docs/5.2/quickstart i'm running ubuntu 14.04.2 the website runs initially, when click on add task button run 404 not found error. as per guide run following commands setup complete quickstart project. git clone https://github.com/laravel/quickstart-basic quickstart cd quickstart composer install php artisan migrate additionally run following commands because i'm on ubuntu server: sudo chown -r www-data.www-data quickstart sudo chmod -r 755 quickstart sudo chmod 777 quickstart/storage the routes.php file looks like: <?php use app\task; use illuminate\http\request; route::group(['middleware' => ['web']]...
Read more