You are using a rather old version of Jetty. Just to express how old (here's a list of things that have happened since the release of 9.2.0.v20140526):
- There's been over 900 commits in the 9.2.x branch alone - There have been 18 minor releases of jetty 9.2.x - Jetty 9.3.x was started - A major version update, Jetty 9.3.0 stable, was released - There have been over 3,200 commits to jetty 9.3.x - There have been 11 minor releases of jetty 9.3.x - Jetty 9.4.x was started - There have been over 4,000 commits to jetty 9.4.x - Jetty 9.4.0 has started with milestone (alpha quality) releases - Java 7 EOL (End of Life) was announced and officially entered EOL - Jetty 10.x has been started (for servlet 4.0) - Java 8 has addressed (according to its release notes) over 3 dozen SSL/TLS vulnerabilities - Java 8 has outright started to disable large swathes of SSL/TLS to address various vulnerabilities. What happens if you use one of the latest stable releases? Jetty 9.3.11.v20160721 or 9.2.18.v20160721 ? Also, since you are working with SSL/TLS, it is important (as in very important) that you stay up to date with your Java VM. Respect the Java expiration dates that every release has. Joakim Erdfelt / [email protected] On Wed, Aug 31, 2016 at 5:47 AM, Christian Arens <[email protected]> wrote: > Hello everbody, > > i have wirtten a simple embeddedJettyServer-Application. > Then i connected to them via client doing a Handshake. > The session established correctly. Then an alert (bad_certificate) is sent > to the server for testing. > I expected, that the server recv. the message and start to close the > session and invalidate it. > A second Handshake should show, that a session resumption is not possible. > Instead of this behavior, the session isn't invalidated and a session > resumption is possible. > > SSL-Log of FirstHandshake at recv. Alert: > qtp1531448569-22, READ: TLSv1.2 Alert, length = 48 > qtp1531448569-22, RECV TLSv1.2 ALERT: fatal, bad_certificate > qtp1531448569-22, fatal: engine already closed. Rethrowing > javax.net.ssl.SSLException: Received fatal alert: bad_certificate > qtp1531448569-22, fatal: engine already closed. Rethrowing > javax.net.ssl.SSLException: Received fatal alert: bad_certificate > > Is that a jetty-bug? > Iam using jetty 9.2.0.v20140526 > > > best regards > Christian > > > _______________________________________________ > jetty-users mailing list > [email protected] > To change your delivery options, retrieve your password, or unsubscribe > from this list, visit > https://dev.eclipse.org/mailman/listinfo/jetty-users >
_______________________________________________ jetty-users mailing list [email protected] To change your delivery options, retrieve your password, or unsubscribe from this list, visit https://dev.eclipse.org/mailman/listinfo/jetty-users
