Я столкнулся с проблемой, что мой Jetty (9.4.7) не хочет запускаться из-за ошибки конфигурации после включения CipherSuites в jetty-ssl.xml.
Я просто получаю следующую ошибку конфигурации:
2018-09-13 16:10:02.896:WARN:oejx.XmlConfiguration:main: Config error at <Set name="IncludeCipherSuites">|/jetty-ssl.xml
2018-09-13 16:10:02.897:WARN:oejx.XmlConfiguration:main: Config error at <New class="org.eclipse.jetty.server.SslConnectionFactory"><Set name="IncludeCipherSuites">| <Array l
2018-09-13 16:10:02.897:WARN:oejx.XmlConfiguration:main:
java.security.PrivilegedActionException: org.eclipse.jetty.xml.XmlConfiguration$JettyXmlConfiguration$1: class org.eclipse.jetty.server.SslConnectionFactory.setIncludeCipherSuites(class [Ljava.lang.String;)
at java.security.AccessController.doPrivileged(Native Method)
at org.eclipse.jetty.xml.XmlConfiguration.main(XmlConfiguration.java:1507)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:498)
at org.eclipse.jetty.start.Main.invokeMain(Main.java:221)
at org.eclipse.jetty.start.Main.start(Main.java:506)
at org.eclipse.jetty.start.Main.main(Main.java:78)
Caused by:
org.eclipse.jetty.xml.XmlConfiguration$JettyXmlConfiguration$1: class org.eclipse.jetty.server.SslConnectionFactory.setIncludeCipherSuites(class [Ljava.lang.String;)
Я использовал следующий xml для включения Cipher Suites:
<?xml version="1.0"?>
<!DOCTYPE Configure PUBLIC "-//Jetty//Configure//EN" "configure_9_3.dtd">
<!-- ============================================================= -->
<!-- Base SSL configuration -->
<!-- This configuration needs to be used together with 1 or more -->
<!-- of jetty-https.xml or jetty-http2.xml -->
<!-- ============================================================= -->
<Configure id="Server" class="org.eclipse.jetty.server.Server">
<!-- =========================================================== -->
<!-- Add a SSL Connector with no protocol factories -->
<!-- =========================================================== -->
<Call name="addConnector">
<Arg>
<New id="sslConnector" class="org.eclipse.jetty.server.ServerConnector">
<Arg name="server"><Ref refid="Server" /></Arg>
<Arg name="acceptors" type="int"><Property name="jetty.ssl.acceptors" deprecated="ssl.acceptors" default="-1"/></Arg>
<Arg name="selectors" type="int"><Property name="jetty.ssl.selectors" deprecated="ssl.selectors" default="-1"/></Arg>
<Arg name="factories">
<Array type="org.eclipse.jetty.server.ConnectionFactory">
<!-- uncomment to support proxy protocol
<Item>
<New class="org.eclipse.jetty.server.ProxyConnectionFactory"/>
</Item>-->
</Array>
</Arg>
<Set name="host"><Property name="jetty.ssl.host" deprecated="jetty.host" /></Set>
<Set name="port"><Property name="jetty.ssl.port" deprecated="ssl.port" default="20743" /></Set>
<Set name="idleTimeout"><Property name="jetty.ssl.idleTimeout" deprecated="ssl.timeout" default="30000"/></Set>
<Set name="soLingerTime"><Property name="jetty.ssl.soLingerTime" deprecated="ssl.soLingerTime" default="-1"/></Set>
<Set name="acceptorPriorityDelta"><Property name="jetty.ssl.acceptorPriorityDelta" deprecated="ssl.acceptorPriorityDelta" default="0"/></Set>
<Set name="acceptQueueSize"><Property name="jetty.ssl.acceptQueueSize" deprecated="ssl.acceptQueueSize" default="0"/></Set>
<Get name="SelectorManager">
<Set name="connectTimeout"><Property name="jetty.ssl.connectTimeout" default="15000"/></Set>
<Set name="reservedThreads"><Property name="jetty.ssl.reservedThreads" default="-2"/></Set>
</Get>
<New class="org.eclipse.jetty.server.SslConnectionFactory">
<Set name="IncludeCipherSuites">
<Array type="java.lang.String">
<Item>ECDHE-ECDSA-CHACHA20-POLY1305</Item>
<Item>ECDHE-RSA-CHACHA20-POLY1305</Item>
<Item>ECDHE-ECDSA-AES128-GCM-SHA256</Item>
<Item>ECDHE-RSA-AES128-GCM-SHA256</Item>
<Item>ECDHE-ECDSA-AES256-GCM-SHA384</Item>
<Item>ECDHE-RSA-AES256-GCM-SHA384</Item>
<Item>DHE-RSA-AES128-GCM-SHA256</Item>
<Item>DHE-RSA-AES256-GCM-SHA384</Item>
<Item>ECDHE-ECDSA-AES128-SHA256</Item>
<Item>ECDHE-RSA-AES128-SHA256</Item>
<Item>ECDHE-ECDSA-AES128-SHA</Item>
<Item>ECDHE-RSA-AES256-SHA384</Item>
<Item>ECDHE-RSA-AES128-SHA</Item>
<Item>ECDHE-ECDSA-AES256-SHA384</Item>
<Item>ECDHE-ECDSA-AES256-SHA</Item>
<Item>ECDHE-RSA-AES256-SHA</Item>
<Item>DHE-RSA-AES128-SHA256</Item>
<Item>DHE-RSA-AES128-SHA</Item>
<Item>DHE-RSA-AES256-SHA256</Item>
<Item>DHE-RSA-AES256-SHA</Item>
<Item>ECDHE-ECDSA-DES-CBC3-SHA</Item>
<Item>ECDHE-RSA-DES-CBC3-SHA</Item>
<Item>EDH-RSA-DES-CBC3-SHA</Item>
<Item>AES128-GCM-SHA256</Item>
<Item>AES256-GCM-SHA384</Item>
<Item>AES128-SHA256</Item>
<Item>AES256-SHA256</Item>
<Item>AES128-SHA</Item>
<Item>AES256-SHA</Item>
<Item>DES-CBC3-SHA</Item>
</Array>
</Set>
</New>
</New>
</Arg>
</Call>
<!-- =========================================================== -->
<!-- Create a TLS specific HttpConfiguration based on the -->
<!-- common HttpConfiguration defined in jetty.xml -->
<!-- Add a SecureRequestCustomizer to extract certificate and -->
<!-- session information -->
<!-- =========================================================== -->
<New id="sslHttpConfig" class="org.eclipse.jetty.server.HttpConfiguration">
<Arg><Ref refid="httpConfig"/></Arg>
<Call name="addCustomizer">
<Arg>
<New class="org.eclipse.jetty.server.SecureRequestCustomizer">
<Arg name="sniHostCheck" type="boolean"><Property name="jetty.ssl.sniHostCheck" default="true"/></Arg>
<Arg name="stsMaxAgeSeconds" type="int"><Property name="jetty.ssl.stsMaxAgeSeconds" default="-1"/></Arg>
<Arg name="stsIncludeSubdomains" type="boolean"><Property name="jetty.ssl.stsIncludeSubdomains" default="false"/></Arg>
</New>
</Arg>
</Call>
</New>
</Configure>
Я также пробовал разные способы установки этого CipherSuites, но всегда он заканчивается одинаковым поведением.
Заранее благодарны за Вашу помощь.