Some advise needed

classic Classic list List threaded Threaded
4 messages Options
Reply | Threaded
Open this post in threaded view
|

Some advise needed

Saeed Khademi
Hello Everyone,
I am new to this list, and I’m not sure if this is the right place to ask my question,
so please forgive me, if this is not the right place.
 
I am using jetty 9.3.9 on windows server. I installed SSL certificate for the server and it works fine.
I tried to test the ssl configuration by using https://www.htbridge.com/ssl/ and the result says it needs some work.
 
To resolve the issues I need to solve the following :
1- remove some weak elliptic curves like secp160k1 (161 bits)
    I searched the web to find a document to do this without any luck.
2- The test result also says : “SERVER DOES NOT SUPPORT OCSP STAPLING
    How can I enable OCSP?
3- How to redirect http to https?
 
 
If you know any documents that help to resolve these issues, it will be a great help.
 
Kind Regards,
Saeed.
 

_______________________________________________
jetty-users mailing list
[hidden email]
To change your delivery options, retrieve your password, or unsubscribe from this list, visit
https://dev.eclipse.org/mailman/listinfo/jetty-users
Reply | Threaded
Open this post in threaded view
|

Re: Some advise needed

Simone Bordet-3
Hi,

On Sun, May 20, 2018 at 7:55 AM, Saeed Khademi <[hidden email]> wrote:
> Hello Everyone,
> I am new to this list, and I’m not sure if this is the right place to ask my
> question,
> so please forgive me, if this is not the right place.
>
> I am using jetty 9.3.9 on windows server. I installed SSL certificate for
> the server and it works fine.

What JDK version ?
You want to make sure you are on the latest JDK version that support
TLS 1.2 and OCSP stapling.

> I tried to test the ssl configuration by using https://www.htbridge.com/ssl/
> and the result says it needs some work.
>
> To resolve the issues I need to solve the following :
> 1- remove some weak elliptic curves like secp160k1 (161 bits)
>     I searched the web to find a document to do this without any luck.

https://www.eclipse.org/jetty/documentation/current/configuring-ssl.html

> 2- The test result also says : “SERVER DOES NOT SUPPORT OCSP STAPLING“
>     How can I enable OCSP?

https://stackoverflow.com/questions/49904935/jetty-9-enable-ocsp-stapling-for-domain-validated-certificate

> 3- How to redirect http to https?

https://www.eclipse.org/jetty/documentation/current/moved-context-handler.html

--
Simone Bordet
----
http://cometd.org
http://webtide.com
Developer advice, training, services and support
from the Jetty & CometD experts.
_______________________________________________
jetty-users mailing list
[hidden email]
To change your delivery options, retrieve your password, or unsubscribe from this list, visit
https://dev.eclipse.org/mailman/listinfo/jetty-users
Reply | Threaded
Open this post in threaded view
|

Re: Some advise needed

Joakim Erdfelt-8

> 3- How to redirect http to https?

https://www.eclipse.org/jetty/documentation/current/moved-context-handler.html

This can also be done with the SecuredRedirectHandler for all contexts and webapps.

If you want it for just a specific webapp, look at the WEB-INF/web.xml security constraints.

- Joakim

_______________________________________________
jetty-users mailing list
[hidden email]
To change your delivery options, retrieve your password, or unsubscribe from this list, visit
https://dev.eclipse.org/mailman/listinfo/jetty-users
Reply | Threaded
Open this post in threaded view
|

Re: Some advise needed

Saeed Khademi
In reply to this post by Simone Bordet-3
Hi,
Both JDK and JRE versions are 1.8.0.92.

Thank you for the help and reply.
I went through all 3 documents, but none of them worked.
Still working on them and will inform about the result.

Kind Regards,
Saeed.



-----Original Message-----
From: Simone Bordet
Sent: Monday, May 21, 2018 5:47 PM
To: JETTY user mailing list
Subject: Re: [jetty-users] Some advise needed

Hi,

On Sun, May 20, 2018 at 7:55 AM, Saeed Khademi <[hidden email]> wrote:
> Hello Everyone,
> I am new to this list, and I’m not sure if this is the right place to ask
> my
> question,
> so please forgive me, if this is not the right place.
>
> I am using jetty 9.3.9 on windows server. I installed SSL certificate for
> the server and it works fine.

What JDK version ?
You want to make sure you are on the latest JDK version that support
TLS 1.2 and OCSP stapling.

> I tried to test the ssl configuration by using
> https://www.htbridge.com/ssl/
> and the result says it needs some work.
>
> To resolve the issues I need to solve the following :
> 1- remove some weak elliptic curves like secp160k1 (161 bits)
>     I searched the web to find a document to do this without any luck.

https://www.eclipse.org/jetty/documentation/current/configuring-ssl.html

> 2- The test result also says : “SERVER DOES NOT SUPPORT OCSP STAPLING“
>     How can I enable OCSP?

https://stackoverflow.com/questions/49904935/jetty-9-enable-ocsp-stapling-for-domain-validated-certificate

> 3- How to redirect http to https?

https://www.eclipse.org/jetty/documentation/current/moved-context-handler.html

--
Simone Bordet
----
http://cometd.org
http://webtide.com
Developer advice, training, services and support
from the Jetty & CometD experts.
_______________________________________________
jetty-users mailing list
[hidden email]
To change your delivery options, retrieve your password, or unsubscribe from
this list, visit
https://dev.eclipse.org/mailman/listinfo/jetty-users 

_______________________________________________
jetty-users mailing list
[hidden email]
To change your delivery options, retrieve your password, or unsubscribe from this list, visit
https://dev.eclipse.org/mailman/listinfo/jetty-users