Hello everbody,
i have wirtten a simple embeddedJettyServer-Application.
Then i connected to them via client doing a Handshake.
The session established correctly. Then an alert (bad_certificate) is sent to the server for testing.
I expected, that the server recv. the message and start to close the session and invalidate it.
A second Handshake should show, that a session resumption is not possible.
Instead of this behavior, the session isn't invalidated and a session resumption is possible.
SSL-Log of FirstHandshake at recv. Alert:
qtp1531448569-22, READ: TLSv1.2 Alert, length = 48
qtp1531448569-22, RECV TLSv1.2 ALERT: fatal, bad_certificate
qtp1531448569-22, fatal: engine already closed. Rethrowing javax.net.ssl.SSLException: Received fatal alert: bad_certificate
qtp1531448569-22, fatal: engine already closed. Rethrowing javax.net.ssl.SSLException: Received fatal alert: bad_certificate
qtp1531448569-22, RECV TLSv1.2 ALERT: fatal, bad_certificate
qtp1531448569-22, fatal: engine already closed. Rethrowing javax.net.ssl.SSLException: Received fatal alert: bad_certificate
qtp1531448569-22, fatal: engine already closed. Rethrowing javax.net.ssl.SSLException: Received fatal alert: bad_certificate
Is that a jetty-bug?
Iam using jetty 9.2.0.v20140526
best regards
Christian
_______________________________________________ jetty-users mailing list [email protected] To change your delivery options, retrieve your password, or unsubscribe from this list, visit https://dev.eclipse.org/mailman/listinfo/jetty-users
