search

jetty / jetty.project

Eclipse Jetty® - Web Container & Clients - supports HTTP/2, HTTP/1.1, HTTP/1.0, websocket, servlets, and more
https://eclipse.dev/jetty
Other
3.85k stars 1.91k forks source link

what is the com.rsa:sslj dependency version for jetty10.0.12? #9276

Closed Naziburjec closed 1 year ago

Naziburjec commented 1 year ago

Jetty version jetty10.0.12 Java version jdk11 Question Below rsa sslj dependency it is working fine with jetty 9.4.14.v20181114 com.rsa:sslj:6.2:FIPS-140-2

But same rsa sslj dependency not working with jetty10.0.12, throwing below exception.

Caused by: javax.net.ssl.SSLException: Inbound closed before receiving peer's close_notify: possible truncation attack?
    at com.rsa.sslj.x.aH.d(Unknown Source) ~[sslj-6.2-FIPS-140-2.jar:6.2]
    at com.rsa.sslj.x.ap.a(Unknown Source) ~[sslj-6.2-FIPS-140-2.jar:6.2]
    at com.rsa.sslj.x.ap.a(Unknown Source) ~[sslj-6.2-FIPS-140-2.jar:6.2]
    at com.rsa.sslj.x.ap.j(Unknown Source) ~[sslj-6.2-FIPS-140-2.jar:6.2]
    at com.rsa.sslj.x.ap.i(Unknown Source) ~[sslj-6.2-FIPS-140-2.jar:6.2]
    at com.rsa.sslj.x.ap.h(Unknown Source) ~[sslj-6.2-FIPS-140-2.jar:6.2]
    at com.rsa.sslj.x.aS.startHandshake(Unknown Source) ~[sslj-6.2-FIPS-140-2.jar:6.2]
    at sun.net.www.protocol.https.HttpsClient.afterConnect(HttpsClient.java:567) ~[?:?]
    at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(AbstractDelegateHttpsURLConnection.java:197) ~[?:?]
    at sun.net.www.protocol.http.HttpURLConnection.getInputStream0(HttpURLConnection.java:1592) ~[?:?]
    at sun.net.www.protocol.http.HttpURLConnection.getInputStream(HttpURLConnection.java:1520) ~[?:?]
    at java.net.HttpURLConnection.getResponseCode(HttpURLConnection.java:527) ~[?:?]
    at sun.net.www.protocol.https.HttpsURLConnectionImpl.getResponseCode(HttpsURLConnectionImpl.java:334) ~[?:?]
    at com.sun.jersey.client.urlconnection.URLConnectionClientHandler._invoke(URLConnectionClientHandler.java:253) ~[jersey-client-1.19.4.jar:1.19.4]
    at com.sun.jersey.client.urlconnection.URLConnectionClientHandler.handle(URLConnectionClientHandler.java:153) ~[jersey-client-1.19.4.jar:1.19.4]
    at com.sun.jersey.api.client.Client.handle(Client.java:652) ~[jersey-client-1.19.4.jar:1.19.4]
    at com.sun.jersey.api.client.WebResource.handle(WebResource.java:682) ~[jersey-client-1.19.4.jar:1.19.4]
    at com.sun.jersey.api.client.WebResource.access$200(WebResource.java:74) ~[jersey-client-1.19.4.jar:1.19.4]
    at com.sun.jersey.api.client.WebResource$Builder.get(WebResource.java:509) ~[jersey-client-1.19.4.jar:1.19.4]

Can anyone help me on this issue?

joakime commented 1 year ago

Jetty does not depend on, or ship, with this dependency.

This is something your runtime environment is including. Judging from the jar filename, it appears to have something to do with FIPS based security.