Uploaded image for project: 'Identity Provider'
  1. Identity Provider
  2. IDP-1074

Jetty config installed with MSI Installer

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Closed
    • Priority: Minor
    • Resolution: Fixed
    • Affects Version/s: 3.2.1
    • Fix Version/s: 3.3.0
    • Component/s: Configuration
    • Labels:
      None
    • Environment:

      Windows 2012r2

    • Operating System:
      Multiple
    • Servlet Container:
      Jetty 9.3

      Description

      FYI, since this impacts two config files that the user is "not supposed to mess with", associated with the MSI installed Jetty (still impacts 3.2.1.1) on Windows. Your default config for 'excludeProtocols' in the files:

      jetty-base/etc/jetty-ssl-context.xml
      jetty-base/etc/jetty-backchannel.xml

      is "incorrect", in that it has:

      <Set name="excludeProtocols">
      <Array type="String">
      <Item>SSL SSLv2 SSLv3</Item>
      </Array>
      </Set>

      whereas it should have:

      <Set name="excludeProtocols">
      <Array type="String">
      <Item>SSL</Item>
      <Item>SSLv2</Item>
      <Item>SSLv3</Item>
      </Array>
      </Set>

      I believe with your current config it is looking for a protocol named 'SSL SSLv2 SSLv3', which, of course, doesn't exist. The fact that those SSL protocols are disabled must be due to other default config in Jetty, not to do with your config.

      p.s. We discovered this when trying to add 'TLSv1' to that list, recognizing that we aren't supposed to touch those files. Looking in the Linux distribution of the IdP, it looks like you have the correct syntax, in the file embedded/jetty-base/etc/jetty.xml, although it only explicitly lists SSLv3.

        Attachments

          Activity

            People

            Assignee:
            cantor.2@osu.edu Scott Cantor
            Reporter:
            mgrady@unicon.net Michael Grady
            Watchers:
            2 Start watching this issue

              Dates

              Created:
              Updated:
              Resolved:

                Time Tracking

                Estimated:
                Original Estimate - Not Specified
                Not Specified
                Remaining:
                Remaining Estimate - 0 minutes
                0m
                Logged:
                Time Spent - 30 minutes
                30m