应用程序没有在https端口-8443上启动,在客户端(浏览器(面临问题,并且正在低于堆栈:
oejs.HttpChannel:qtp2134607032-16: handleException /favicon.ico
org.eclipse.jetty.http.BadMessageException: 400: Invalid SNI
at org.eclipse.jetty.server.SecureRequestCustomizer.customize(SecureRequestCustomizer.java:266)
at org.eclipse.jetty.server.SecureRequestCustomizer.customize(SecureRequestCustomizer.java:207)
at org.eclipse.jetty.server.HttpChannel.lambda$handle$0(HttpChannel.java:402)
at org.eclipse.jetty.server.HttpChannel.dispatch(HttpChannel.java:663)
at org.eclipse.jetty.server.HttpChannel.handle(HttpChannel.java:398)
at org.eclipse.jetty.server.HttpConnection.onFillable(HttpConnection.java:282)
at org.eclipse.jetty.io.AbstractConnection$ReadCallback.succeeded(AbstractConnection.java:319)
at org.eclipse.jetty.io.FillInterest.fillable(FillInterest.java:100)
at org.eclipse.jetty.io.ssl.SslConnection$DecryptedEndPoint.onFillable(SslConnection.java:538)
at org.eclipse.jetty.io.ssl.SslConnection.onFillable(SslConnection.java:387)
at org.eclipse.jetty.io.ssl.SslConnection$2.succeeded(SslConnection.java:161)
at org.eclipse.jetty.io.FillInterest.fillable(FillInterest.java:100)
at org.eclipse.jetty.io.SocketChannelEndPoint$1.run(SocketChannelEndPoint.java:101)
at org.eclipse.jetty.util.thread.strategy.AdaptiveExecutionStrategy.runTask(AdaptiveExecutionStrategy.java:412)
at org.eclipse.jetty.util.thread.strategy.AdaptiveExecutionStrategy.consumeTask(AdaptiveExecutionStrategy.java:381)
at org.eclipse.jetty.util.thread.strategy.AdaptiveExecutionStrategy.tryProduce(AdaptiveExecutionStrategy.java:268)
at org.eclipse.jetty.util.thread.strategy.AdaptiveExecutionStrategy.lambda$new$0(AdaptiveExecutionStrategy.java:138)
at org.eclipse.jetty.util.thread.ReservedThreadExecutor$ReservedThread.run(ReservedThreadExecutor.java:378)
at org.eclipse.jetty.util.thread.QueuedThreadPool.runJob(QueuedThreadPool.java:894)
at org.eclipse.jetty.util.thread.QueuedThreadPool$Runner.run(QueuedThreadPool.java:1038)
at java.base/java.lang.Thread.run(Thread.java:829)
以下是以下步骤:
openssl genrsa -des3 -out jcg.key
openssl req -new -x509 -key jcg.key -out jcg.crt
openssl pkcs12 -inkey jcg.key -in jcg.crt -export -out jcg.pkcs12
cp jcg.pkcs12 JETTY_BASE/etc/
jdk/bin/keytool -importkeystore -srckeystore jcg.pkcs12 -srcstoretype PKCS12 -destkeystore keystore
jdk/bin/java -cp $JETTY_BASE/lib/jetty-util-10.jar org.eclipse.jetty.util.security.Password <Your Password>
Change in ssl.ini for keystore, keymanage passwords
不要使用RSA(即使使用DES3(,这两种方法都是不安全的,Java本身也不再支持它们。(该组合被Java本身禁用(
请参阅https://www.java.com/en/jre-jdk-cryptoroadmap.html
此外,请注意用于连接到服务器的TLS级别,因为TLS 1.1与TLS 1.2或TLS 1.3具有不同的受支持证书集。
如果您是从头开始设置服务器,请只查看TLS 1.3,并将您的证书选择限制为TLS 1.3和您的Java版本所支持的证书(有关您的Java版的详细信息,请参阅上面的路线图链接(
当您使用浏览器或HTTP客户端进行测试时,必须使用主机名(而不是IP地址或与localhost相关的任何东西(进行测试