stackoom
  简体   繁体   中英

Embedded Jetty - General SSLEngine Problem - SSLv2Hello disabled error

 原文  2020-04-14 10:23:56       java/ ssl/ https/ embedded-jetty/ atmosphere

Question

When I try to connect to my jetty server, I get the following error(s):

New I/O worker #777, WRITE: SSLv2 client hello message, length = 179
fatal error: 10: General SSLEngine problem
javax.net.ssl.SSLHandshakeException: SSLv2Hello is disabled
SEND TLSv1.2 ALERT:  fatal, description = unexpected_message
WRITE: TLSv1.2 Alert, length = 2
fatal: engine already closed.  Rethrowing javax.net.ssl.SSLHandshakeException: SSLv2Hello is disabled
New I/O worker #777, called closeOutbound()
New I/O worker #777, closeOutboundInternal()
New I/O worker #777, SEND TLSv1.2 ALERT:  warning, description = close_notify
New I/O worker #777, WRITE: TLSv1.2 Alert, length = 2

Using Java 1.8.241. Using Jetty (v9.2.9) server configured to use SSL. The server is using a self-signed certificate and I've imported it into the keystore and cacerts.Connecting to the server with an wAsync Atmosphere client.

To create the self-signed certificate, I used the following commands in command prompt as admin:

keytool -genkeypair -alias jetty_cloud -keyalg RSA -keysize 2048 -storetype PKCS12 -keystore jetty_cloud.p12 -validity 3650
keytool -genkeypair -alias jetty_cloud -keyalg RSA -keysize 2048 -keystore jetty_cloud.jks -validity 3650
keytool -importkeystore -srckeystore jetty_cloud.jks -destkeystore jetty_cloud.p12 -deststoretype pkcs12
keytool -export -alias jetty_cloud -file jetty_cloud.crt -keystore jetty_cloud.jks
keytool -import -alias jetty_cloud -file "C:\Program Files\Java\jre1.8.0_241\bin\jetty_cloud.crt" -keystore "C:\Program Files\Java\jre1.8.0_241\lib\security\cacerts" -storepass changeit

1 answers

solution1
 1 ACCPTED  2020-04-15 21:13:52

SSLv2Hello is disabled by default on Java 7+

See: https://www.oracle.com/java/technologies/compatibility.html

Your client, the Async Atmosphere client, needs to be either configured or upgraded to use a newer SSL/TLS setup.

Would recommend targeting for a client configuration that is TLSv1.2 or greater. (meaning that SSL, SSLv2, SSLv3, TLSv1.0, and TLSv1.1 are all disabled at the client)

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Tomcat 7 getting SSLv2Hello is disabled error when trying to make client server ssl authntication SSLv2Hello cannot be enabled Unsupported record version SSLv2Hello using CloseableHttpClient SSLv2Hello - javax.net.ssl.SSLException: Received fatal alert: unexpected_message Bitbucket error when testing connection: “javax.net.ssl.SSLHandshakeException: General SSLEngine problem” java SSLHandshakeException General SSLEngine jaxrs with embedded jetty configuration problem 500 Error in Embedded Jetty Application Embedded Jetty 9 PWC6188 Error Embedded Jetty 9
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM