cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Unsafe Protocol Port 8021

anil_perera2
Helper

I see this message in my Server.log

2017-02-07 21:17:10 INFO [SecuringJettyModule] Ciphers remaining enabled in Jetty instance at port 8021: [TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256, ....TLS_EMPTY_RENEGOTIATION_INFO_SCSV]
2017-02-07 21:17:10 INFO [SecuringJettyModule] Removing unsafe protocols from Jetty instance at port 8021: [SSLv2, SSLv3, SSLv2Hello]
2017-02-07 21:17:10 WARNING [ServerServiceTrackerCustomizer] HTTP Server listener(s) cannot be started, please edit server.config.xml for alternative ports.

Dynatrace 6.5

java version "1.7.0_121"

What could be the problem?

9 REPLIES 9

anil_perera2
Helper

I changed the port several times, 6631, 9931, 8031. Still the same message in the log file.

dominik_stadler
Dynatrace Pro
Dynatrace Pro

The log-line states "Removing unsafe protocols", so this log states that the SSL/TSL-related protocols "SSLv2", "SSLv3" and "SSLv2Hello" were disabled because they are not seen as fully secure any more, but the version of java enables them by default.

So only the newer TLS-based protocols are left enabled and used for any communication over this port.

Thanks for your reply. Which port should I use instead of 8021?

The port is fine, it is telling the server not to accept traffic using those 'unsafe' protocols anymore.

I compared with another 6.5 server. It has

2017-02-08 13:46:21 INFO [SecuringJettyModule] Removing unsafe protocols from Jetty instance at port 8021: [SSLv2, SSLv3, SSLv2Hello]
2017-02-08 13:46:22 INFO [HttpActivator] http://dynatraceint01.stage.inforcloud.local:8020 available.
2017-02-08 13:46:22 INFO [HttpActivator] https://dynatraceint01.stage.inforcloud.local:8021 available.

This server has

2017-02-08 13:55:56 INFO [SecuringJettyModule] Removing unsafe protocols from Jetty instance at port 8021: [SSLv2, SSLv3, SSLv2Hello]
2017-02-08 13:55:56 WARNING [ServerServiceTrackerCustomizer] HTTP Server listener(s) cannot be started, please edit server.config.xml for alternative ports.

I cannot telnet to this server on port 8021.


May I ask what type of host this server is running on?

These are AWS instances.

uname -a

Linux dynatraceauto01.auto.cloud.local 2.6.32-642.11.1.el6.x86_64 #1 SMP Fri Nov 18 19:25:05 UTC 2016 x86_64 x86_64 x86_64 GNU/Linux.

I ask because the only support case I can find that mentions this was on an unsupported Mac server. All I can think of is to make sure those ports you try are not being blocked by a firewall rule - perhaps others can provide some help - if necesary I would open a case with support.

I am also leaning towards the firewall rule. However when I do a netstat -na | grep 8021 I get nothing.

I opened a ticket.

Thanks for your help.

https://support.dynatrace.com/supportportal/browse/SUPDT-30357