brooklyn-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "ASF GitHub Bot (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (BROOKLYN-190) Upgrade to Jetty9
Date Thu, 05 Nov 2015 10:20:27 GMT

    [ https://issues.apache.org/jira/browse/BROOKLYN-190?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14991463#comment-14991463
] 

ASF GitHub Bot commented on BROOKLYN-190:
-----------------------------------------

Github user CMoH commented on a diff in the pull request:

    https://github.com/apache/incubator-brooklyn/pull/997#discussion_r43995953
  
    --- Diff: usage/launcher/src/test/java/org/apache/brooklyn/launcher/BrooklynWebServerTest.java
---
    @@ -146,11 +146,13 @@ public void verifyHttpsFromConfig() throws Exception {
         @Test
         public void verifyHttpsCiphers() throws Exception {
             brooklynProperties.put(BrooklynWebConfig.HTTPS_REQUIRED, true);
    -        brooklynProperties.put(BrooklynWebConfig.TRANSPORT_PROTOCOLS, "XXX");
    -        brooklynProperties.put(BrooklynWebConfig.TRANSPORT_CIPHERS, "XXX");
    --- End diff --
    
    I adjusted the test to match your request above.
    
    However, since the SSL connectors are different between jetty8 and jetty9, the server
may choose to abort the connection at different stages. From the results of this test I presume
that jetty9 disconnects before starting the SSL handshake, so the client gets a SocketException,
while jetty8 delays reading those properties until later on, and therefore the client receives
an SSL exception.
    
    For that reason I believe the client exception is dependent of the server version.
    
    The jetty9 server log for this test supports my above reasoning:
    ```
    2015-11-05 11:57:29,631 WARN  Exception while notifying connection SslConnection@15c886f3{NEED_WRAP,eio=-1/-1,di=-1}
-> HttpConnection@112995a5{IDLE}
    org.eclipse.jetty.io.RuntimeIOException: javax.net.ssl.SSLHandshakeException: No appropriate
protocol (protocol is disabled or cipher suites are inappropriate)
    	at org.eclipse.jetty.io.ssl.SslConnection.onOpen(SslConnection.java:150) ~[jetty-io-9.2.13.v20150730.jar:9.2.13.v20150730]
    Caused by: javax.net.ssl.SSLHandshakeException: No appropriate protocol (protocol is disabled
or cipher suites are inappropriate)
    	at sun.security.ssl.Handshaker.activate(Handshaker.java:470) ~[na:1.7.0_80]
    2015-11-05 11:57:29,635 WARN  Exception while notifying connection SslConnection@70d9f5a6{NEED_WRAP,eio=-1/-1,di=-1}
-> HttpConnection@758e9f2b{IDLE}
    ```



> Upgrade to Jetty9
> -----------------
>
>                 Key: BROOKLYN-190
>                 URL: https://issues.apache.org/jira/browse/BROOKLYN-190
>             Project: Brooklyn
>          Issue Type: Improvement
>    Affects Versions: 0.8.0, 0.9.0
>            Reporter: Ciprian Ciubotariu
>            Assignee: Ciprian Ciubotariu
>            Priority: Minor
>             Fix For: 0.9.0
>
>
> According to [1] jetty9 is now the stable version.
> In relation to BROOKLYN-183, current stable pax-web 4.x series also support Jetty9 (although
I believe it can be used with Jetty8 as well). However, migrating Brooklyn to a more current
Jetty version seems preferable.
> [1] http://www.eclipse.org/jetty/documentation/current/what-jetty-version.html



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Mime
View raw message