Jetty IncludeCipherSuites

Jetty IncludeCipherSuites

我面临这个问题,我的码头 (9.4.7) 在码头-ssl.xml 中包含 CipherSuites 后由于配置错误不想启动。

我刚刚收到以下配置错误:

2018-09-13 16:10:02.896:WARN:oejx.XmlConfiguration:main: Config error at <Set name="IncludeCipherSuites">|/jetty-ssl.xml
2018-09-13 16:10:02.897:WARN:oejx.XmlConfiguration:main: Config error at <New class="org.eclipse.jetty.server.SslConnectionFactory"><Set name="IncludeCipherSuites">|            <Array l
2018-09-13 16:10:02.897:WARN:oejx.XmlConfiguration:main:
java.security.PrivilegedActionException: org.eclipse.jetty.xml.XmlConfiguration$JettyXmlConfiguration: class org.eclipse.jetty.server.SslConnectionFactory.setIncludeCipherSuites(class [Ljava.lang.String;)
        at java.security.AccessController.doPrivileged(Native Method)
        at org.eclipse.jetty.xml.XmlConfiguration.main(XmlConfiguration.java:1507)
        at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
        at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
        at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
        at java.lang.reflect.Method.invoke(Method.java:498)
        at org.eclipse.jetty.start.Main.invokeMain(Main.java:221)
        at org.eclipse.jetty.start.Main.start(Main.java:506)
        at org.eclipse.jetty.start.Main.main(Main.java:78)
Caused by:
org.eclipse.jetty.xml.XmlConfiguration$JettyXmlConfiguration: class org.eclipse.jetty.server.SslConnectionFactory.setIncludeCipherSuites(class [Ljava.lang.String;)

我使用了以下 xml 来包含密码套件:

<?xml version="1.0"?>
<!DOCTYPE Configure PUBLIC "-//Jetty//Configure//EN" "configure_9_3.dtd">

<!-- ============================================================= -->
<!-- Base SSL configuration                                        -->
<!-- This configuration needs to be used together with 1 or more   -->
<!-- of jetty-https.xml or jetty-http2.xml                         -->
<!-- ============================================================= -->
<Configure id="Server" class="org.eclipse.jetty.server.Server">

  <!-- =========================================================== -->
  <!-- Add a SSL Connector with no protocol factories              -->
  <!-- =========================================================== -->
  <Call  name="addConnector">
    <Arg>
      <New id="sslConnector" class="org.eclipse.jetty.server.ServerConnector">
        <Arg name="server"><Ref refid="Server" /></Arg>
        <Arg name="acceptors" type="int"><Property name="jetty.ssl.acceptors" deprecated="ssl.acceptors" default="-1"/></Arg>
        <Arg name="selectors" type="int"><Property name="jetty.ssl.selectors" deprecated="ssl.selectors" default="-1"/></Arg>
        <Arg name="factories">
          <Array type="org.eclipse.jetty.server.ConnectionFactory">
            <!-- uncomment to support proxy protocol
            <Item>
              <New class="org.eclipse.jetty.server.ProxyConnectionFactory"/>
            </Item>-->
          </Array>
        </Arg>

        <Set name="host"><Property name="jetty.ssl.host" deprecated="jetty.host" /></Set>
        <Set name="port"><Property name="jetty.ssl.port" deprecated="ssl.port" default="20743" /></Set>
        <Set name="idleTimeout"><Property name="jetty.ssl.idleTimeout" deprecated="ssl.timeout" default="30000"/></Set>
        <Set name="soLingerTime"><Property name="jetty.ssl.soLingerTime" deprecated="ssl.soLingerTime" default="-1"/></Set>
        <Set name="acceptorPriorityDelta"><Property name="jetty.ssl.acceptorPriorityDelta" deprecated="ssl.acceptorPriorityDelta" default="0"/></Set>
        <Set name="acceptQueueSize"><Property name="jetty.ssl.acceptQueueSize" deprecated="ssl.acceptQueueSize" default="0"/></Set>
        <Get name="SelectorManager">
          <Set name="connectTimeout"><Property name="jetty.ssl.connectTimeout" default="15000"/></Set>
          <Set name="reservedThreads"><Property name="jetty.ssl.reservedThreads" default="-2"/></Set>
        </Get>

        <New class="org.eclipse.jetty.server.SslConnectionFactory">
            <Set name="IncludeCipherSuites">
            <Array type="java.lang.String">
            <Item>ECDHE-ECDSA-CHACHA20-POLY1305</Item>
            <Item>ECDHE-RSA-CHACHA20-POLY1305</Item>
            <Item>ECDHE-ECDSA-AES128-GCM-SHA256</Item>
            <Item>ECDHE-RSA-AES128-GCM-SHA256</Item>
            <Item>ECDHE-ECDSA-AES256-GCM-SHA384</Item>
            <Item>ECDHE-RSA-AES256-GCM-SHA384</Item>
            <Item>DHE-RSA-AES128-GCM-SHA256</Item>
            <Item>DHE-RSA-AES256-GCM-SHA384</Item>
            <Item>ECDHE-ECDSA-AES128-SHA256</Item>
            <Item>ECDHE-RSA-AES128-SHA256</Item>
     <Item>ECDHE-ECDSA-AES128-SHA</Item>
            <Item>ECDHE-RSA-AES256-SHA384</Item>
            <Item>ECDHE-RSA-AES128-SHA</Item>
     <Item>ECDHE-ECDSA-AES256-SHA384</Item>
            <Item>ECDHE-ECDSA-AES256-SHA</Item>
     <Item>ECDHE-RSA-AES256-SHA</Item>
            <Item>DHE-RSA-AES128-SHA256</Item>
            <Item>DHE-RSA-AES128-SHA</Item>
            <Item>DHE-RSA-AES256-SHA256</Item>
            <Item>DHE-RSA-AES256-SHA</Item>
            <Item>ECDHE-ECDSA-DES-CBC3-SHA</Item>
            <Item>ECDHE-RSA-DES-CBC3-SHA</Item>
            <Item>EDH-RSA-DES-CBC3-SHA</Item>
            <Item>AES128-GCM-SHA256</Item>
            <Item>AES256-GCM-SHA384</Item>
            <Item>AES128-SHA256</Item>
            <Item>AES256-SHA256</Item>
            <Item>AES128-SHA</Item>
            <Item>AES256-SHA</Item>
            <Item>DES-CBC3-SHA</Item>
            </Array>
            </Set>
        </New>


      </New>
    </Arg>
  </Call>

  <!-- =========================================================== -->
  <!-- Create a TLS specific HttpConfiguration based on the        -->
  <!-- common HttpConfiguration defined in jetty.xml               -->
  <!-- Add a SecureRequestCustomizer to extract certificate and    -->
  <!-- session information                                         -->
  <!-- =========================================================== -->
  <New id="sslHttpConfig" class="org.eclipse.jetty.server.HttpConfiguration">
    <Arg><Ref refid="httpConfig"/></Arg>
    <Call name="addCustomizer">
      <Arg>
        <New class="org.eclipse.jetty.server.SecureRequestCustomizer">
          <Arg name="sniHostCheck" type="boolean"><Property name="jetty.ssl.sniHostCheck" default="true"/></Arg>
          <Arg name="stsMaxAgeSeconds" type="int"><Property name="jetty.ssl.stsMaxAgeSeconds" default="-1"/></Arg>
          <Arg name="stsIncludeSubdomains" type="boolean"><Property name="jetty.ssl.stsIncludeSubdomains" default="false"/></Arg>
        </New>
      </Arg>
    </Call>
  </New>

</Configure>

我也尝试过不同的方法来设置这个 CipherSuites,但它总是以相同的行为结束。 提前感谢您的帮助。

使用了错误的class。

必须使用 <New class="org.eclipse.jetty.util.ssl.SslContextFactory">

问题已解决。 谢谢!