Jetty IncludeCipherSuites
Jetty IncludeCipherSuites
我面临这个问题,我的码头 (9.4.7) 在码头-ssl.xml 中包含 CipherSuites 后由于配置错误不想启动。
我刚刚收到以下配置错误:
2018-09-13 16:10:02.896:WARN:oejx.XmlConfiguration:main: Config error at <Set name="IncludeCipherSuites">|/jetty-ssl.xml
2018-09-13 16:10:02.897:WARN:oejx.XmlConfiguration:main: Config error at <New class="org.eclipse.jetty.server.SslConnectionFactory"><Set name="IncludeCipherSuites">| <Array l
2018-09-13 16:10:02.897:WARN:oejx.XmlConfiguration:main:
java.security.PrivilegedActionException: org.eclipse.jetty.xml.XmlConfiguration$JettyXmlConfiguration: class org.eclipse.jetty.server.SslConnectionFactory.setIncludeCipherSuites(class [Ljava.lang.String;)
at java.security.AccessController.doPrivileged(Native Method)
at org.eclipse.jetty.xml.XmlConfiguration.main(XmlConfiguration.java:1507)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:498)
at org.eclipse.jetty.start.Main.invokeMain(Main.java:221)
at org.eclipse.jetty.start.Main.start(Main.java:506)
at org.eclipse.jetty.start.Main.main(Main.java:78)
Caused by:
org.eclipse.jetty.xml.XmlConfiguration$JettyXmlConfiguration: class org.eclipse.jetty.server.SslConnectionFactory.setIncludeCipherSuites(class [Ljava.lang.String;)
我使用了以下 xml 来包含密码套件:
<?xml version="1.0"?>
<!DOCTYPE Configure PUBLIC "-//Jetty//Configure//EN" "configure_9_3.dtd">
<!-- ============================================================= -->
<!-- Base SSL configuration -->
<!-- This configuration needs to be used together with 1 or more -->
<!-- of jetty-https.xml or jetty-http2.xml -->
<!-- ============================================================= -->
<Configure id="Server" class="org.eclipse.jetty.server.Server">
<!-- =========================================================== -->
<!-- Add a SSL Connector with no protocol factories -->
<!-- =========================================================== -->
<Call name="addConnector">
<Arg>
<New id="sslConnector" class="org.eclipse.jetty.server.ServerConnector">
<Arg name="server"><Ref refid="Server" /></Arg>
<Arg name="acceptors" type="int"><Property name="jetty.ssl.acceptors" deprecated="ssl.acceptors" default="-1"/></Arg>
<Arg name="selectors" type="int"><Property name="jetty.ssl.selectors" deprecated="ssl.selectors" default="-1"/></Arg>
<Arg name="factories">
<Array type="org.eclipse.jetty.server.ConnectionFactory">
<!-- uncomment to support proxy protocol
<Item>
<New class="org.eclipse.jetty.server.ProxyConnectionFactory"/>
</Item>-->
</Array>
</Arg>
<Set name="host"><Property name="jetty.ssl.host" deprecated="jetty.host" /></Set>
<Set name="port"><Property name="jetty.ssl.port" deprecated="ssl.port" default="20743" /></Set>
<Set name="idleTimeout"><Property name="jetty.ssl.idleTimeout" deprecated="ssl.timeout" default="30000"/></Set>
<Set name="soLingerTime"><Property name="jetty.ssl.soLingerTime" deprecated="ssl.soLingerTime" default="-1"/></Set>
<Set name="acceptorPriorityDelta"><Property name="jetty.ssl.acceptorPriorityDelta" deprecated="ssl.acceptorPriorityDelta" default="0"/></Set>
<Set name="acceptQueueSize"><Property name="jetty.ssl.acceptQueueSize" deprecated="ssl.acceptQueueSize" default="0"/></Set>
<Get name="SelectorManager">
<Set name="connectTimeout"><Property name="jetty.ssl.connectTimeout" default="15000"/></Set>
<Set name="reservedThreads"><Property name="jetty.ssl.reservedThreads" default="-2"/></Set>
</Get>
<New class="org.eclipse.jetty.server.SslConnectionFactory">
<Set name="IncludeCipherSuites">
<Array type="java.lang.String">
<Item>ECDHE-ECDSA-CHACHA20-POLY1305</Item>
<Item>ECDHE-RSA-CHACHA20-POLY1305</Item>
<Item>ECDHE-ECDSA-AES128-GCM-SHA256</Item>
<Item>ECDHE-RSA-AES128-GCM-SHA256</Item>
<Item>ECDHE-ECDSA-AES256-GCM-SHA384</Item>
<Item>ECDHE-RSA-AES256-GCM-SHA384</Item>
<Item>DHE-RSA-AES128-GCM-SHA256</Item>
<Item>DHE-RSA-AES256-GCM-SHA384</Item>
<Item>ECDHE-ECDSA-AES128-SHA256</Item>
<Item>ECDHE-RSA-AES128-SHA256</Item>
<Item>ECDHE-ECDSA-AES128-SHA</Item>
<Item>ECDHE-RSA-AES256-SHA384</Item>
<Item>ECDHE-RSA-AES128-SHA</Item>
<Item>ECDHE-ECDSA-AES256-SHA384</Item>
<Item>ECDHE-ECDSA-AES256-SHA</Item>
<Item>ECDHE-RSA-AES256-SHA</Item>
<Item>DHE-RSA-AES128-SHA256</Item>
<Item>DHE-RSA-AES128-SHA</Item>
<Item>DHE-RSA-AES256-SHA256</Item>
<Item>DHE-RSA-AES256-SHA</Item>
<Item>ECDHE-ECDSA-DES-CBC3-SHA</Item>
<Item>ECDHE-RSA-DES-CBC3-SHA</Item>
<Item>EDH-RSA-DES-CBC3-SHA</Item>
<Item>AES128-GCM-SHA256</Item>
<Item>AES256-GCM-SHA384</Item>
<Item>AES128-SHA256</Item>
<Item>AES256-SHA256</Item>
<Item>AES128-SHA</Item>
<Item>AES256-SHA</Item>
<Item>DES-CBC3-SHA</Item>
</Array>
</Set>
</New>
</New>
</Arg>
</Call>
<!-- =========================================================== -->
<!-- Create a TLS specific HttpConfiguration based on the -->
<!-- common HttpConfiguration defined in jetty.xml -->
<!-- Add a SecureRequestCustomizer to extract certificate and -->
<!-- session information -->
<!-- =========================================================== -->
<New id="sslHttpConfig" class="org.eclipse.jetty.server.HttpConfiguration">
<Arg><Ref refid="httpConfig"/></Arg>
<Call name="addCustomizer">
<Arg>
<New class="org.eclipse.jetty.server.SecureRequestCustomizer">
<Arg name="sniHostCheck" type="boolean"><Property name="jetty.ssl.sniHostCheck" default="true"/></Arg>
<Arg name="stsMaxAgeSeconds" type="int"><Property name="jetty.ssl.stsMaxAgeSeconds" default="-1"/></Arg>
<Arg name="stsIncludeSubdomains" type="boolean"><Property name="jetty.ssl.stsIncludeSubdomains" default="false"/></Arg>
</New>
</Arg>
</Call>
</New>
</Configure>
我也尝试过不同的方法来设置这个 CipherSuites,但它总是以相同的行为结束。
提前感谢您的帮助。
使用了错误的class。
必须使用 <New class="org.eclipse.jetty.util.ssl.SslContextFactory">
问题已解决。
谢谢!
我面临这个问题,我的码头 (9.4.7) 在码头-ssl.xml 中包含 CipherSuites 后由于配置错误不想启动。
我刚刚收到以下配置错误:
2018-09-13 16:10:02.896:WARN:oejx.XmlConfiguration:main: Config error at <Set name="IncludeCipherSuites">|/jetty-ssl.xml
2018-09-13 16:10:02.897:WARN:oejx.XmlConfiguration:main: Config error at <New class="org.eclipse.jetty.server.SslConnectionFactory"><Set name="IncludeCipherSuites">| <Array l
2018-09-13 16:10:02.897:WARN:oejx.XmlConfiguration:main:
java.security.PrivilegedActionException: org.eclipse.jetty.xml.XmlConfiguration$JettyXmlConfiguration: class org.eclipse.jetty.server.SslConnectionFactory.setIncludeCipherSuites(class [Ljava.lang.String;)
at java.security.AccessController.doPrivileged(Native Method)
at org.eclipse.jetty.xml.XmlConfiguration.main(XmlConfiguration.java:1507)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:498)
at org.eclipse.jetty.start.Main.invokeMain(Main.java:221)
at org.eclipse.jetty.start.Main.start(Main.java:506)
at org.eclipse.jetty.start.Main.main(Main.java:78)
Caused by:
org.eclipse.jetty.xml.XmlConfiguration$JettyXmlConfiguration: class org.eclipse.jetty.server.SslConnectionFactory.setIncludeCipherSuites(class [Ljava.lang.String;)
我使用了以下 xml 来包含密码套件:
<?xml version="1.0"?>
<!DOCTYPE Configure PUBLIC "-//Jetty//Configure//EN" "configure_9_3.dtd">
<!-- ============================================================= -->
<!-- Base SSL configuration -->
<!-- This configuration needs to be used together with 1 or more -->
<!-- of jetty-https.xml or jetty-http2.xml -->
<!-- ============================================================= -->
<Configure id="Server" class="org.eclipse.jetty.server.Server">
<!-- =========================================================== -->
<!-- Add a SSL Connector with no protocol factories -->
<!-- =========================================================== -->
<Call name="addConnector">
<Arg>
<New id="sslConnector" class="org.eclipse.jetty.server.ServerConnector">
<Arg name="server"><Ref refid="Server" /></Arg>
<Arg name="acceptors" type="int"><Property name="jetty.ssl.acceptors" deprecated="ssl.acceptors" default="-1"/></Arg>
<Arg name="selectors" type="int"><Property name="jetty.ssl.selectors" deprecated="ssl.selectors" default="-1"/></Arg>
<Arg name="factories">
<Array type="org.eclipse.jetty.server.ConnectionFactory">
<!-- uncomment to support proxy protocol
<Item>
<New class="org.eclipse.jetty.server.ProxyConnectionFactory"/>
</Item>-->
</Array>
</Arg>
<Set name="host"><Property name="jetty.ssl.host" deprecated="jetty.host" /></Set>
<Set name="port"><Property name="jetty.ssl.port" deprecated="ssl.port" default="20743" /></Set>
<Set name="idleTimeout"><Property name="jetty.ssl.idleTimeout" deprecated="ssl.timeout" default="30000"/></Set>
<Set name="soLingerTime"><Property name="jetty.ssl.soLingerTime" deprecated="ssl.soLingerTime" default="-1"/></Set>
<Set name="acceptorPriorityDelta"><Property name="jetty.ssl.acceptorPriorityDelta" deprecated="ssl.acceptorPriorityDelta" default="0"/></Set>
<Set name="acceptQueueSize"><Property name="jetty.ssl.acceptQueueSize" deprecated="ssl.acceptQueueSize" default="0"/></Set>
<Get name="SelectorManager">
<Set name="connectTimeout"><Property name="jetty.ssl.connectTimeout" default="15000"/></Set>
<Set name="reservedThreads"><Property name="jetty.ssl.reservedThreads" default="-2"/></Set>
</Get>
<New class="org.eclipse.jetty.server.SslConnectionFactory">
<Set name="IncludeCipherSuites">
<Array type="java.lang.String">
<Item>ECDHE-ECDSA-CHACHA20-POLY1305</Item>
<Item>ECDHE-RSA-CHACHA20-POLY1305</Item>
<Item>ECDHE-ECDSA-AES128-GCM-SHA256</Item>
<Item>ECDHE-RSA-AES128-GCM-SHA256</Item>
<Item>ECDHE-ECDSA-AES256-GCM-SHA384</Item>
<Item>ECDHE-RSA-AES256-GCM-SHA384</Item>
<Item>DHE-RSA-AES128-GCM-SHA256</Item>
<Item>DHE-RSA-AES256-GCM-SHA384</Item>
<Item>ECDHE-ECDSA-AES128-SHA256</Item>
<Item>ECDHE-RSA-AES128-SHA256</Item>
<Item>ECDHE-ECDSA-AES128-SHA</Item>
<Item>ECDHE-RSA-AES256-SHA384</Item>
<Item>ECDHE-RSA-AES128-SHA</Item>
<Item>ECDHE-ECDSA-AES256-SHA384</Item>
<Item>ECDHE-ECDSA-AES256-SHA</Item>
<Item>ECDHE-RSA-AES256-SHA</Item>
<Item>DHE-RSA-AES128-SHA256</Item>
<Item>DHE-RSA-AES128-SHA</Item>
<Item>DHE-RSA-AES256-SHA256</Item>
<Item>DHE-RSA-AES256-SHA</Item>
<Item>ECDHE-ECDSA-DES-CBC3-SHA</Item>
<Item>ECDHE-RSA-DES-CBC3-SHA</Item>
<Item>EDH-RSA-DES-CBC3-SHA</Item>
<Item>AES128-GCM-SHA256</Item>
<Item>AES256-GCM-SHA384</Item>
<Item>AES128-SHA256</Item>
<Item>AES256-SHA256</Item>
<Item>AES128-SHA</Item>
<Item>AES256-SHA</Item>
<Item>DES-CBC3-SHA</Item>
</Array>
</Set>
</New>
</New>
</Arg>
</Call>
<!-- =========================================================== -->
<!-- Create a TLS specific HttpConfiguration based on the -->
<!-- common HttpConfiguration defined in jetty.xml -->
<!-- Add a SecureRequestCustomizer to extract certificate and -->
<!-- session information -->
<!-- =========================================================== -->
<New id="sslHttpConfig" class="org.eclipse.jetty.server.HttpConfiguration">
<Arg><Ref refid="httpConfig"/></Arg>
<Call name="addCustomizer">
<Arg>
<New class="org.eclipse.jetty.server.SecureRequestCustomizer">
<Arg name="sniHostCheck" type="boolean"><Property name="jetty.ssl.sniHostCheck" default="true"/></Arg>
<Arg name="stsMaxAgeSeconds" type="int"><Property name="jetty.ssl.stsMaxAgeSeconds" default="-1"/></Arg>
<Arg name="stsIncludeSubdomains" type="boolean"><Property name="jetty.ssl.stsIncludeSubdomains" default="false"/></Arg>
</New>
</Arg>
</Call>
</New>
</Configure>
我也尝试过不同的方法来设置这个 CipherSuites,但它总是以相同的行为结束。 提前感谢您的帮助。
使用了错误的class。
必须使用 <New class="org.eclipse.jetty.util.ssl.SslContextFactory">
问题已解决。 谢谢!