dushkin
Reputation: 2111
Jetty to support TLS 1.2 requests from SoapUI
I am struggling to build an embedded Jetty server which will accept TLSv1.2 requests.
This is the Java code:
private void launchHttpsListener() {
Server server = new Server(new InetSocketAddress(m_sAddress, m_nPort));
SslContextFactory sslContextFactory = new SslContextFactory();
sslContextFactory.setKeyStorePath("./keystore.jks");
sslContextFactory.setKeyStorePassword("Aa123456");
sslContextFactory.setKeyManagerPassword("Aa123456");
//sslContextFactory.setProtocol("TLSv1.2");
//sslContextFactory.setIncludeProtocols("TLSv1.2");
// Setup HTTP Configuration
HttpConfiguration httpConf = new HttpConfiguration();
httpConf.setSecurePort(m_nPort);
httpConf.setSecureScheme("https");
httpConf.addCustomizer(new SecureRequestCustomizer());
ContextHandler contextHandler = new ContextHandler();
contextHandler.setContextPath("/Service");
contextHandler.setHandler(new JettyServiceHandler());
ContextHandlerCollection contextHandlers = new ContextHandlerCollection();
contextHandlers.setHandlers(new Handler[] { contextHandler });
ServerConnector serverConnector = new ServerConnector(server,
new SslConnectionFactory(sslContextFactory,"http/1.1"),
new HttpConnectionFactory(httpConf));
serverConnector.setPort(m_nPort);
server.setConnectors(new Connector[] { serverConnector });
server.setHandler(contextHandlers);
try {
server.start();
Log4jWrapper.writeLog(LogLevelEnum.INFO, "[-----------------] <JettyServiceListener> launchHttpsListener",
"HTTPS Listener on " + m_sAddress + ":" + m_nPort);
server.join();
} catch (InterruptedException e) {
Log4jWrapper.writeLog(LogLevelEnum.ERROR, "[-----------------] <JettyServiceListener> launchHttpsListener",
e.getMessage());
} catch (Exception e) {
Log4jWrapper.writeLog(LogLevelEnum.ERROR, "[-----------------] <JettyServiceListener> launchHttpsListener",
e.getMessage());
}
}
m_nPort = 9520
And this is the handler:
public class JettyServiceHandler extends AbstractHandler {
@Override
public void handle(String target, Request baseRequest, HttpServletRequest request, HttpServletResponse response)
throws IOException, ServletException {
Log4jWrapper.writeLog(LogLevelEnum.DEBUG, "[-----------------] <JettyServiceHandler> handle", "Received a notification...");
String requestStr = convertStreamToString(baseRequest.getReader());
Log4jWrapper.writeLog(LogLevelEnum.DEBUG, "[-----------------] <JettyServiceHandler> handle", "requestStr = " + requestStr);
response.setContentType("text/html;charset=utf-8");
response.setStatus(HttpServletResponse.SC_OK);
baseRequest.setHandled(true);
response.getWriter().println("1.2.1");
}
static String convertStreamToString(BufferedReader bufferedReader) {
Stream<String> lines = bufferedReader.lines();
return lines.collect(Collectors.joining("\n"));
}
}
From SoapUI I am sending a very simple request to some https address 135.136.137.138:9520
Currently I get the following error:
ERROR:javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure
The handler of course is not reached.
The keystore is self signed.
I have added the following to SoapUI-5.3.0.vmoptions:
-Dsoapui.https.protocols=TLSv1.2
Where do I go wrong?
Upvotes: 0
Views: 453
Answers (1)
dushkin
Reputation: 2111
Found the missing link...
I added the following:
sslContextFactory.setExcludeCipherSuites("SSL_RSA_WITH_DES_CBC_SHA",
"SSL_DHE_RSA_WITH_DES_CBC_SHA",
"SSL_DHE_DSS_WITH_DES_CBC_SHA",
"SSL_RSA_EXPORT_WITH_RC4_40_MD5",
"SSL_RSA_EXPORT_WITH_DES40_CBC_SHA",
"SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA",
"SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA");
and the exception disappeared!
Upvotes: 1
Related Questions
- Enabling TLS-1.2 on embedded Jetty
- How to force java SSLContext to use TLSv1.1
- TLS on Embedded Jetty without JKS
- Enable usage of TLS 1.2 in soapUI Pro
- Disable TLSv1.0 in spring boot v 1.4.0 with embedded jetty v 9.2.13
- Using embedded Jetty 9 with HTTPS only
- Configuring SSL with Jetty 9
- Jetty with SSL in Spring Boot 1.2.1
- Enabling SSL(TLS) for Jetty in Ubuntu Oneiric
- Jetty HTTP Client with SSL