When I try to connect to my jetty server, I get the following error(s):
New I/O worker #777, WRITE: SSLv2 client hello message, length = 179
fatal error: 10: General SSLEngine problem
javax.net.ssl.SSLHandshakeException: SSLv2Hello is disabled
SEND TLSv1.2 ALERT: fatal, description = unexpected_message
WRITE: TLSv1.2 Alert, length = 2
fatal: engine already closed. Rethrowing javax.net.ssl.SSLHandshakeException: SSLv2Hello is disabled
New I/O worker #777, called closeOutbound()
New I/O worker #777, closeOutboundInternal()
New I/O worker #777, SEND TLSv1.2 ALERT: warning, description = close_notify
New I/O worker #777, WRITE: TLSv1.2 Alert, length = 2
Using Java 1.8.241. Using Jetty (v9.2.9) server configured to use SSL. The server is using a self-signed certificate and I've imported it into the keystore and cacerts.Connecting to the server with an wAsync Atmosphere client.
To create the self-signed certificate, I used the following commands in command prompt as admin:
keytool -genkeypair -alias jetty_cloud -keyalg RSA -keysize 2048 -storetype PKCS12 -keystore jetty_cloud.p12 -validity 3650
keytool -genkeypair -alias jetty_cloud -keyalg RSA -keysize 2048 -keystore jetty_cloud.jks -validity 3650
keytool -importkeystore -srckeystore jetty_cloud.jks -destkeystore jetty_cloud.p12 -deststoretype pkcs12
keytool -export -alias jetty_cloud -file jetty_cloud.crt -keystore jetty_cloud.jks
keytool -import -alias jetty_cloud -file "C:\Program Files\Java\jre1.8.0_241\bin\jetty_cloud.crt" -keystore "C:\Program Files\Java\jre1.8.0_241\lib\security\cacerts" -storepass changeit
SSLv2Hello
is disabled by default on Java 7+
See: https://www.oracle.com/java/technologies/compatibility.html
Your client, the Async Atmosphere client, needs to be either configured or upgraded to use a newer SSL/TLS setup.
Would recommend targeting for a client configuration that is TLSv1.2 or greater. (meaning that SSL, SSLv2, SSLv3, TLSv1.0, and TLSv1.1 are all disabled at the client)