Re: [jetty-users] SolrJ/Solr: HTTP protocol violation: Authentication ch

[Greg Wilkins <gregw@xxxxxxxxxxx>]

Shawn,

The other thing to do is to bisect the changes from a jetty-9.4.x that you think works to jetty-9.4.48 that you think does not work.   There are not that many changes in jetty 9.4, so it should not be too much work... but it will be some effort.... which is why we don't offer open source support on jetty-9.4 anymore - we just don't have the cycles to track down things like this (especially when more often than not, after doing the work we find it is not a bug in jetty).

If you can identify an actual commit that you think is bad, then that will help working out what the issue is.

Of course the other thing to do is to get somebody to take out a commercial support agreement, so we can put in the effort to help debug this issue (even if it turns out to be not jetty).

cheers

On Fri, 2 Jun 2023 at 00:43, Shawn Heisey <eclipse@xxxxxxxxxxxx> wrote:

On 6/1/23 15:45, Jesse McConnell wrote:
> Your best bet would be to do at Greg said and capture the actual request
> failing on the wire using wireshark or tcpdump, or get a
> HttpChannel.Listener[1] set up in the server so you can see what is
> happening there.

I do not have access to the private key for the TLS certificate.

Even if I did, I have found that Wireshark cannot decrypt HTTPS if a
modern cipher is being used.  Solr 9 requires at least Java 11, and that
is the version being used.  I would expect Java 11, Jetty Server 9, and
Jetty client 10 to be utilizing a modern cipher.  Browser connections to
Solr are using TLS 1.2 with the cipher named
TLS_ECDHE_RSA_WITH_AES256_GCM_SHA384.

Thanks,
Shawn
_______________________________________________
jetty-users mailing list
jetty-users@xxxxxxxxxxx
To unsubscribe from this list, visit https://www.eclipse.org/mailman/listinfo/jetty-users

--

Greg Wilkins <gregw@xxxxxxxxxxx> CTO http://webtide.com