Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Java "no cipher suites in common" issue when trying to securely connect to server

Tags:

java

ssl

encryption

I have an issue when a client (not mine) connects to my server securely.

It seems that the connection is being refused on the basis of mismatching ciphers, but I have verified that the server indeed shares some of the ciphers with the client.

Could it be an issue with the unknown cipher (Unknown 0x0:0x60)? If so, what must I do to fix it?

Java SSL logs are shown below:

Listener-https, setSoTimeout(30000) called
Worker-30, READ: SSLv3 Handshake, length = 63
*** ClientHello, SSLv3
RandomCookie:  GMT: 1267050437 bytes = { 23, 244, 228, 68, 161, 225, 218, 222, 207, 128, 228, 138, 127, 141, 159, 63, 232, 48, 242, 240, 26, 76, 58, 158, 179, 0, 192, 140 }
Session ID:  {}
Cipher Suites: [TLS_DHE_RSA_WITH_AES_256_CBC_SHA, TLS_RSA_WITH_AES_256_CBC_SHA, TLS_DHE_RSA_WITH_AES_128_CBC_SHA, TLS_RSA_WITH_AES_128_CBC_SHA, SSL_RSA_WITH_IDEA_CBC_SHA, SSL_RSA_WITH_RC4_128_SHA, SSL_RSA_WITH_RC4_128_MD5, SSL_RSA_EXPORT1024_WITH_RC4_56_SHA, Unknown 0x0:0x60, SSL_RSA_EXPORT_WITH_RC4_40_MD5]
Compression Methods:  { 0 }
***
Worker-30, SEND SSLv3 ALERT:  fatal, description = handshake_failure
Worker-30, WRITE: SSLv3 Alert, length = 2
Worker-30, called closeSocket()
Worker-30, handling exception: javax.net.ssl.SSLHandshakeException: no cipher suites in common
Worker-30, called close()
Worker-30, called closeInternal(true)
Worker-30, called close()
Worker-30, called closeInternal(true)

Thanks, -Ben

like image 848
Ben Avatar asked Sep 07 '10 21:09

Ben

1 Answers

Adding to erickson's answer, if your certificate does not use a RSA key-pair, and instead turns out to use a DSA key-pair, then no amount of RSA cipher suite "stuffing" will aid in resolving this issue. You'll need to enable the DSA related cipher suites (they're usually indicated by the DSS keyword in them), and also have the client utilize the same cipher suites.

The reason this edge case might turn out to be your problem is due to the default behavior of the keytool utility when generating secret keypairs - DSA and not RSA is the default algorithm.

like image 121
Vineet Reynolds Avatar answered Sep 19 '22 18:09

Vineet Reynolds
Sign in to Comment

Related questions

Conditional operator in if-statement?
Java Garbage Collection
Java Collection performance question
For a HttpGet method what are getParams()?
how to convert mp4 to mp3 in java
What happens if an exception is thrown during finalize()
Why is the return type not considered when differentiating methods? [duplicate]
How to find if the file is a CSV file?
Struts 1 Date Format Tag
How to check the Database Connection leakage in Java EE application?
Exception in AES decryption algorithm in java
Auto Log Off once the session expires
Updating the text of a XWPFParagraph using Apache POI
Understanding the 'finally' block
Encryption method that's implemented for both php and java?
How does a person go about learning Java? (convert byte array to hex string)
java refreshing an array into jList
Intercept the view/response in Spring MVC 3
read post request values HttpHandler
why there are public methods in the Object class in java?

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!