Enable DEBUG logging on the named logger "org.eclipse.jetty.util.ssl.SslContextFactory" and look at the output it produces. Use the techniques for your configured server logging framework.
It's likely that you have a set of SSL/TLS Protocols and Ciphers that have different Includes/Excludes then you expect. Compare them with your your working instance. Keep in mind that Java itself introduces excludes, and Jetty has an include/exclude system as well (note: excludes win over includes in jetty). The debug output will tell you if a protocol or cipher is excluded, and all of the ways that specific entry was excluded. Of extra note that the keystore/truststore minimum requirements are constantly evolving on Java and the Web in general. What you used in the past might not be valid anymore (bitlength too low, use of deprecated certificate signing methods SHA1/MD5, etc) Joakim Erdfelt / [email protected] On Fri, Sep 8, 2017 at 12:33 PM, _klk_ <[email protected]> wrote: > We have been using Jetty for a long time, with no problem. Today our > service > started up and entered a weird state where it would serve requests just > fine > on the HTTP port, but fail everything on the HTTPS port (example below): > > bash-4.1# curl -vvv -k -i https://localhost:8181/foo > * About to connect() to localhost port 8181 (#0) > * Trying ::1... connected > * Connected to localhost (::1) port 8181 (#0) > * Initializing NSS with certpath: sql:/etc/pki/nssdb > * warning: ignoring value of ssl.verifyhost > * NSS error -5990 > * Closing connection #0 > * SSL connect error > curl: (35) SSL connect error > > Bringing up a new instance of the service (same Jetty version) did not > exhibit the same behavior. I took a thread dump > (https://gist.github.com/anonymous/5a92c14825381a219604cf8fbeca8abc). > Nothing jumps out at me, I only notice that all acceptors are blocked while > all selectors are runnable. I don't know enough about Jetty's internals to > know if that means anything. > > > > > -- > Sent from: http://jetty.4.x6.nabble.com/Jetty-User-f3247280.html > _______________________________________________ > jetty-users mailing list > [email protected] > To change your delivery options, retrieve your password, or unsubscribe > from this list, visit > https://dev.eclipse.org/mailman/listinfo/jetty-users >
_______________________________________________ jetty-users mailing list [email protected] To change your delivery options, retrieve your password, or unsubscribe from this list, visit https://dev.eclipse.org/mailman/listinfo/jetty-users
