To add to this, Java 7 is EOL / End of Life by Oracle, and the last public release of Java 7 (7u80) expired July 14, 2015 <http://www.oracle.com/technetwork/java/javase/7u80-relnotes-2494162.html>. You should strive to update your version of Java soon. Especially since you using SSL/TLS on the client and/or server side, as the configuration you are using for SSL/TLS is most likely vulnerable right now. In order to keep up to date with general SSL/TLS changes (things that the industry as a whole are making), you need to keep your Java up to date too.
We see many folks limping along on TLS/1.0 or even SSLv3, not wanting to upgrade their encryption layers, usually because "it just works" or "we have legacy this and that", this is a very short lived mindset. (hopefully this doesn't describe your situation) Current TLS/1.2 implementations (including Java 8+) have many things that TLS/1.0 or SSLv3 need just disabled, with an option to reenable those features to allow TLS/1.0 and SSLv3 to work. Note that the current working group for the upcoming TLS/1.3 seem to be taking a stricter stance on this, with many proposals mandating that anything that even supports TLS/1.3 has to remove/eliminate/ban the vulnerable bits for all TLS support levels. Should this become a reality in TLS/1.3 (and it looks like it will), then all of the delays people have made to upgrade their TLS/SSL layers will suddenly become urgent and mandatory, as configuring back to TLS/1.0 or SSLv3 will not even be an option anymore. Joakim Erdfelt / [email protected] On Wed, Aug 10, 2016 at 9:45 AM, Simone Bordet <[email protected]> wrote: > Hi, > > On Wed, Aug 10, 2016 at 6:12 PM, Melvin Witte > <[email protected]> wrote: > > Hi, > > > > I want to setup an embedded Jetty Server for testing using https > connections > > (not WebSockets). I am bound by project dependencies to use Java 7 and > > downloaded Jetty version 9.2.17. > > > > While testing, I want to send a callback Message to listeners every time > a > > handshake is completed. I found the SslHandshakeListener for Jetty 9.3.x, > > but fail to find a similar Listener for 9.2. Therefore my question: > > > > Is there any existing handshake listener class I can use or an easy way > to > > implement one, maybe with using the javax.net.ssl. > HandshakeCompletedListener > > interface? > > No. > > Furthermore, javax.net.ssl.HandshakeCompletedListener only works with > SSLSocket, not SSLEngine. > > We won't backport that functionality to 9.2.x unless it's sponsored. > > You may want to do the backport yourself by looking at the 9.3 commits. > > Thanks ! > > -- > Simone Bordet > ---- > http://cometd.org > http://webtide.com > Developer advice, training, services and support > from the Jetty & CometD experts. > _______________________________________________ > jetty-users mailing list > [email protected] > To change your delivery options, retrieve your password, or unsubscribe > from this list, visit > https://dev.eclipse.org/mailman/listinfo/jetty-users >
_______________________________________________ jetty-users mailing list [email protected] To change your delivery options, retrieve your password, or unsubscribe from this list, visit https://dev.eclipse.org/mailman/listinfo/jetty-users
