Skip to main content

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [List Home]
[jetty-users] Jetty 9.3.8 does not support TLS1.0/1.1

Hi,

I noticed that Jetty 9.3.8.v20160314 no longer supports TLS1.0/1.1 protocol. It only supports TLS1.2. I tested Jetty 9.3.7.v20160115 and 9.2.15.v20160210, both versions do support TLS1.0/1.1.

So is this intentional or a bug? If it is intentional, how can I re-enable the TLS1.0/1.1 support?

To verify this, just unzip 9.3.8.v20160314, cd to demo-base and run

java -jar ../start.jar


Then use OpenSSL s_client to connect to it:

openssl s_client -connect <your ip>:8443 -tls1 (or -tls1_1)

You will get this:

CONNECTED(00000003)
140064527169352:error:1409E0E5:SSL routines:SSL3_WRITE_BYTES:ssl handshake failure:s3_pkt.c:598:
---
no peer certificate available
---
No client certificate CA names sent
---
SSL handshake has read 0 bytes and written 0 bytes
---
New, (NONE), Cipher is (NONE)
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
SSL-Session:
    Protocol  : TLSv1
    Cipher    : 0000
    Session-ID:
    Session-ID-ctx:
    Master-Key:
    Key-Arg   : None
    Krb5 Principal: None
    PSK identity: None
    PSK identity hint: None
    Start Time: 1460029515
    Timeout   : 7200 (sec)
    Verify return code: 0 (ok)
---

However, if you run the same steps using 9.3.7/9.2.15, you will get this

No client certificate CA names sent
---
SSL handshake has read 1112 bytes and written 481 bytes
---
New, TLSv1/SSLv3, Cipher is AES256-SHA
Server public key is 2048 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
SSL-Session:
    Protocol  : TLSv1
    Cipher    : AES256-SHA
    Session-ID: 5706478BAAA6CA7E1EA2E6621ED5BC112FDC600E1AF542CB402147DF50538B5D
    Session-ID-ctx:
    Master-Key: 68E655136B89BF66D0877019362BF3BC554032CC9CB97FC12253223E9AB4F63D5D3E05235C27C06AC549D3D120F5E133
    Key-Arg   : None
    Krb5 Principal: None
    PSK identity: None
    PSK identity hint: None
    Start Time: 1460029323
    Timeout   : 7200 (sec)
    Verify return code: 10 (certificate has expired)
---


I have tried to add the following command line to Java

-Xbootclasspath/p:/usr/jetty-9.3.8/lib/alpn-boot-8.1.7.v20160121.jar

But it does not make any difference.

Thanks, Joey





Back to the top