Unable to Connect to the Jetty Server Using Current Browsers Due to SSL Error Extending RTC Versions Lower Than 6.x


Attempting to connect to my Jetty server to debug a new RTC Extension I was working on in RTC 4.0.1, failed with an SSL error with all my current Browsers, Chrome and Firefox without being able to find a workaround in the browsers. How to work around that issue?

This problem only occurs when using the RTC SDK for RTC versions prior to RTC 6.x. It will affect all of these versions. It does not prevents performing the RTC Extensions Workshop since most of the tasks there can be done using the Eclipse UI. However, it impacts developing RTC Server extensions and test them properly, if it is necessary to use the Web UI because it is impossible to go into the web UI to test.

The problem I ran into is basically related to Chrome Does Not Work With RTC Debug Server on Jetty. However, it turns out that the work around described there does no longer work. Neither Tomcat nor Chrome allow to enable SSL V3 anymore showing errors like this in FireFox.

SSL ERROR

The messages contain text like

Unable to Connect Securely

Firefox cannot guarantee the safety of your data on localhost:7443 because it uses SSLv3, a broken security protocol.
Advanced info: ssl_error_unsupported_version

or

This webpage is not available

ERR_SSL_VERSION_OR_CIPHER_MISMATCH
Hide details
A secure connection cannot be established because this site uses an unsupported protocol.

The only ways around I found so far are:

You can download Chromium of various versions here. Version 44.0.2385.0 does still work for me and it does not update automatically.

The development team tracks the issue in Defect 354890. As long as there is no other solution, use the workarounds provided above. As soon as there are new news, I will try to provide the details.

Advertisements

About rsjazz

Hi, my name is Ralph. I work for IBM and help colleagues and customers with adopting the Jazz technologies.
This entry was posted in Jazz, RTC, RTC Extensibility and tagged , , , , . Bookmark the permalink.

8 Responses to Unable to Connect to the Jetty Server Using Current Browsers Due to SSL Error Extending RTC Versions Lower Than 6.x

  1. amauryq says:

    Hi.
    The problem is because the jvm jetty server and the browser does not share the same ssl libraries, try to use a different jvm for Jetty and indeed it will work again

    Hope this help

    • rsjazz says:

      No, I discussed this with development and I can even show the line where “SSL” is passed to Jetty. It is hard coded. Since SSL is no longer supported by up to date browsers it would have to pass”TLS1.2″. Since it is hard coded this would require a code change.

  2. joakim says:

    Note: Oracle has disabled SSLv3 in Java 8 as well.

    You should look to update your code, as TLS1.2 is the way forward (with HTTP/2 pretty much requiring it)

    • rsjazz says:

      The 6.0 version is already fixed. We are working on a patch for older SDK’s

      • Ravikanth Chavali says:

        Thank you Ralph, I started with v5.0.2 and ran into the same issue. I tried replacing the SDK folder with v6.0.1 and it worked fine. I was able to launch the jetty server.

        However when I tried to establish a repository connection from eclipse client to the tomcat server. I got the version incompatible message between 502server and 601client.

        when i tried to establish a repository connection with the jetty server. it worked fine.

        Do you think we could run a separate client for tomcat versus jetty with 2 version of SDK, if and when we need separate connections in parallel ?

      • rsjazz says:

        Hi,

        I don’t think you can replace the SDK folder with the 6.x version. Then you basically have a different version for the SDK than for the application.
        I would suggest to get an older version of the chromium browser and use that. As an alternative, you can develop in 6.x and remove the version numbers in the dependencies and finally run the result in 5.x.
        Development works on a patch for older SDK’s.

  3. All recent releases of jetty have the default configuration of SslContextFactory as addExcludeProtocols(“SSL”, “SSLv2”, “SSLv2Hello”, “SSLv3”);
    You should be able to update the configuration of older jetty instances to also exclude SSLv3

    • rsjazz says:

      Greg, this Jetty is basically shipped with a SDK in a Jar File and in older versions SSL is hard coded into the launch.
      The 6.0 version is already fixed. We are working on a patch for older SDK’s

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s