[GitHub] incubator-brooklyn pull request: [BROOKLYN-190] Move from Jetty8 t...

Thu, 05 Nov 2015 02:20:44 -0800 

Github user CMoH commented on a diff in the pull request:

    https://github.com/apache/incubator-brooklyn/pull/997#discussion_r43995953
  
    --- Diff: 
usage/launcher/src/test/java/org/apache/brooklyn/launcher/BrooklynWebServerTest.java
 ---
    @@ -146,11 +146,13 @@ public void verifyHttpsFromConfig() throws Exception {
         @Test
         public void verifyHttpsCiphers() throws Exception {
             brooklynProperties.put(BrooklynWebConfig.HTTPS_REQUIRED, true);
    -        brooklynProperties.put(BrooklynWebConfig.TRANSPORT_PROTOCOLS, 
"XXX");
    -        brooklynProperties.put(BrooklynWebConfig.TRANSPORT_CIPHERS, "XXX");
    --- End diff --
    
    I adjusted the test to match your request above.
    
    However, since the SSL connectors are different between jetty8 and jetty9, 
the server may choose to abort the connection at different stages. From the 
results of this test I presume that jetty9 disconnects before starting the SSL 
handshake, so the client gets a SocketException, while jetty8 delays reading 
those properties until later on, and therefore the client receives an SSL 
exception.
    
    For that reason I believe the client exception is dependent of the server 
version.
    
    The jetty9 server log for this test supports my above reasoning:
    ```
    2015-11-05 11:57:29,631 WARN  Exception while notifying connection 
SslConnection@15c886f3{NEED_WRAP,eio=-1/-1,di=-1} -> 
HttpConnection@112995a5{IDLE}
    org.eclipse.jetty.io.RuntimeIOException: 
javax.net.ssl.SSLHandshakeException: No appropriate protocol (protocol is 
disabled or cipher suites are inappropriate)
        at 
org.eclipse.jetty.io.ssl.SslConnection.onOpen(SslConnection.java:150) 
~[jetty-io-9.2.13.v20150730.jar:9.2.13.v20150730]
    Caused by: javax.net.ssl.SSLHandshakeException: No appropriate protocol 
(protocol is disabled or cipher suites are inappropriate)
        at sun.security.ssl.Handshaker.activate(Handshaker.java:470) 
~[na:1.7.0_80]
    2015-11-05 11:57:29,635 WARN  Exception while notifying connection 
SslConnection@70d9f5a6{NEED_WRAP,eio=-1/-1,di=-1} -> 
HttpConnection@758e9f2b{IDLE}
    ```



---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at [email protected] or file a JIRA ticket
with INFRA.
---

Reply via email to