Skip to main content

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [List Home]
Re: [jetty-users] Jetty SNI - Where's ExtendedSslContextFactory?


On Mon, Aug 17, 2015 at 5:50 PM, Steve Sobol - Lobos Studios
<steve@xxxxxxxxxxxxxxxx> wrote:
> Thanks for the follow-up -- it's really not going at all. I just started a
> big new 40 hour/week contract on Thursday and I am working that contract AND
> trying to wrap up some smaller projects. I just have not had time to dive
> into this.
> What I'd like to do, instead of just filing a bug, is to dive in and debug
> the problem myself. I can download the latest snapshot and build everything
> from the command line using Maven, and I can import the projects into my IDE
> (IntelliJ IDEA Ultimate), but figuring out where (and how) to debug is
> tricky.

We are here to help :)

> I am not embedding Jetty on my production servers. Instead, I am
> running Jetty as a standalone web server using start.jar and XML
> configuration. I suspect that if I WAS embedding Jetty, it'd be easier to
> debug. :)

Do this:

1. Enable DEBUG logging for "org.eclipse.jetty.util.ssl". This will
print out SslContextFactory debugging.
For a standalone server, if you don't already have logging set up,
it's enough that you enable the "resources" module. You will have a
"resources" directory in your jetty_base, and it's enough that you
drop inside that directory a file called with
the following content:


2. From command line:

openssl s_client -connect host:443 -servername

This will connect to "host:443" (change as required), adding the SNI
of "".
You should get output back from openssl, and you should get Jetty
logging on server side.

This should be enough to see whether it's working.
With the keystore we use to test the SNI functionality, this works
fine with 9.3.2.

Let us know.

Simone Bordet
Developer advice, training, services and support
from the Jetty & CometD experts.

Back to the top