Just jumped a staging server up to the 8.1.25 nightly 2023-01-09 snapshot and every HTTPS access is getting SNI errors.
In the wrapper logs I see this:
INFO | jvm 1 | 2023/01/10 15:38:20 | W [o.e.j.s.HttpChannel ] [15:38:20]: handleException /data/perspective/runnable-projects org.eclipse.jetty.http.BadMessageException: 400: Invalid SNI
In the browser I see this:
HTTP ERROR 400 Invalid SNI
| URI: | /web |
|---|---|
| STATUS: | 400 |
| MESSAGE: | Invalid SNI |
| SERVLET: | - |
| CAUSED BY: | org.eclipse.jetty.http.BadMessageException: 400: Invalid SNI |
Caused by:
org.eclipse.jetty.http.BadMessageException: 400: Invalid SNI at org.eclipse.jetty.server.SecureRequestCustomizer.customize(SecureRequestCustomizer.java:266) at org.eclipse.jetty.server.SecureRequestCustomizer.customize(SecureRequestCustomizer.java:207) at org.eclipse.jetty.server.HttpChannel.lambda$handle$0(HttpChannel.java:501) at org.eclipse.jetty.server.HttpChannel.dispatch(HttpChannel.java:762) at org.eclipse.jetty.server.HttpChannel.handle(HttpChannel.java:497) at org.eclipse.jetty.server.HttpConnection.onFillable(HttpConnection.java:282) at org.eclipse.jetty.io.AbstractConnection$ReadCallback.succeeded(AbstractConnection.java:314) at org.eclipse.jetty.io.FillInterest.fillable(FillInterest.java:100) at org.eclipse.jetty.io.ssl.SslConnection$DecryptedEndPoint.onFillable(SslConnection.java:558) at org.eclipse.jetty.io.ssl.SslConnection.onFillable(SslConnection.java:379) at org.eclipse.jetty.io.ssl.SslConnection$2.succeeded(SslConnection.java:146) at org.eclipse.jetty.io.FillInterest.fillable(FillInterest.java:100) at org.eclipse.jetty.io.SelectableChannelEndPoint$1.run(SelectableChannelEndPoint.java:53) at org.eclipse.jetty.util.thread.strategy.AdaptiveExecutionStrategy.runTask(AdaptiveExecutionStrategy.java:416) at org.eclipse.jetty.util.thread.strategy.AdaptiveExecutionStrategy.consumeTask(AdaptiveExecutionStrategy.java:385) at org.eclipse.jetty.util.thread.strategy.AdaptiveExecutionStrategy.tryProduce(AdaptiveExecutionStrategy.java:272) at org.eclipse.jetty.util.thread.strategy.AdaptiveExecutionStrategy.lambda$new$0(AdaptiveExecutionStrategy.java:140) at org.eclipse.jetty.util.thread.ReservedThreadExecutor$ReservedThread.run(ReservedThreadExecutor.java:411) at org.eclipse.jetty.util.thread.QueuedThreadPool.runJob(QueuedThreadPool.java:934) at org.eclipse.jetty.util.thread.QueuedThreadPool$Runner.run(QueuedThreadPool.java:1078) at java.base/java.lang.Thread.run(Unknown Source)
In our case I am accessing the system via alternate DNS names that do not match the certificate, but this has not been an issue like this before.
Going to roll back the staging server for now, but was hoping for some feedback if this is a known issue or there is a workaround so I can decide how to approach this upgrade again in the future.
