码头“javax.net.ssl.SSLHandshakeException:没有共同的密码套件”
[英]Jetty "javax.net.ssl.SSLHandshakeException: no cipher suites in common"
问题描述
I've looked through similar questions on this but nothing seems to match what I'm doing or the suggested fixes work.
我已经查看了类似的问题,但似乎没有什么与我正在做的事情或建议的修复工作相匹配。
I've got a Jetty 9.4.0 server configured from Java (JDK 1.8.0_101) which is not accepting SSL connections from Chrome or from my own Java client.我有一个从 Java (JDK 1.8.0_101) 配置的 Jetty 9.4.0 服务器,它不接受来自 Chrome 或我自己的 Java 客户端的 SSL 连接。 Connecting from openssl s_client works.从 openssl s_client 连接有效。
The reported error on the Jetty side is "javax.net.ssl.SSLHandshakeException: no cipher suites in common". Jetty 端报告的错误是“javax.net.ssl.SSLHandshakeException: no cipher suites in common”。 Chrome reports "The client and server don't support a common SSL protocol version or cipher suite." Chrome 报告“客户端和服务器不支持常见的 SSL 协议版本或密码套件。”
I'm using an internal CA to create Certificates.我正在使用内部 CA 来创建证书。 The CA certs have been added to Chrome as trusted. CA 证书已作为受信任的方式添加到 Chrome。 The Jetty server side uses an in-memory JKS containing the private key, server cert, and CA trusted certs. Jetty 服务器端使用包含私钥、服务器证书和 CA 可信证书的内存 JKS。
The Jetty server and Chrome/openssl are run on the same system (Windows 10). Jetty 服务器和 Chrome/openssl 在同一系统上运行(Windows 10)。
OUTPUT FROM JETTY/JAVA DEBUG WHEN CHROME CONNECTS: CHROME 连接时 JETTY/JAVA 调试的输出:
Session ID: {}
Cipher Suites: [Unknown 0xba:0xba, TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384, Unknown 0xcc:0xa9, Unknown 0xcc:0xa8, Unknown 0xcc:0x14, Unknown 0xcc:0x13, TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, TLS_RSA_WITH_AES_128_GCM_SHA256, TLS_RSA_WITH_AES_256_GCM_SHA384, TLS_RSA_WITH_AES_128_CBC_SHA, TLS_RSA_WITH_AES_256_CBC_SHA, SSL_RSA_WITH_3DES_EDE_CBC_SHA]
Compression Methods: { 0 }
Unsupported extension type_56026, data:
Extension renegotiation_info, renegotiated_connection: <empty>
Extension server_name, server_name: [type=host_name (0), value=dim.magnicomp.com]
Unsupported extension type_23, data:
Unsupported extension type_35, data:
Extension signature_algorithms, signature_algorithms: SHA512withRSA, SHA512withECDSA, SHA384withRSA, SHA384withECDSA, SHA256withRSA, SHA256withECDSA, SHA1withRSA, SHA1withECDSA
Unsupported extension status_request, data: 01:00:00:00:00
Unsupported extension type_18, data:
Unsupported extension type_16, data: 00:0c:02:68:32:08:68:74:74:70:2f:31:2e:31
Unsupported extension type_30032, data:
Extension ec_point_formats, formats: [uncompressed]
Extension elliptic_curves, curve names: {unknown curve 23130, unknown curve 29, java.security.spec.ECParameterSpec@b25af0c, java.security.spec.ECParameterSpec@4ac6a6d}
Unsupported extension type_64250, data: 00
***
%% Initialized: [Session-11, SSL_NULL_WITH_NULL_NULL]
matching alias: myPrivateKey for CN=dim.magnicomp.com
matching alias: myPrivateKey for CN=dim.magnicomp.com
matching alias: myPrivateKey for CN=dim.magnicomp.com
matching alias: myPrivateKey for CN=dim.magnicomp.com
matching alias: myPrivateKey for CN=dim.magnicomp.com
matching alias: myPrivateKey for CN=dim.magnicomp.com
matching alias: myPrivateKey for CN=dim.magnicomp.com
matching alias: myPrivateKey for CN=dim.magnicomp.com
qtp93314457-157, fatal error: 40: no cipher suites in common
javax.net.ssl.SSLHandshakeException: no cipher suites in common
%% Invalidated: [Session-11, SSL_NULL_WITH_NULL_NULL]
qtp93314457-157, SEND TLSv1.2 ALERT: fatal, description = handshake_failure
qtp93314457-157, WRITE: TLSv1.2 Alert, length = 2
qtp93314457-157, fatal: engine already closed. Rethrowing javax.net.ssl.SSLHandshakeException: no cipher suites in common
qtp93314457-157, called closeOutbound()
qtp93314457-157, closeOutboundInternal()
Allow unsafe renegotiation: false
Allow legacy hello messages: true
Is initial handshake: true
Is secure renegotiation: false
Ignoring unsupported cipher suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 for TLSv1
Ignoring unsupported cipher suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 for TLSv1
Ignoring unsupported cipher suite: TLS_RSA_WITH_AES_256_CBC_SHA256 for TLSv1
Ignoring unsupported cipher suite: TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384 for TLSv1
Ignoring unsupported cipher suite: TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384 for TLSv1
Ignoring unsupported cipher suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 for TLSv1
Ignoring unsupported cipher suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 for TLSv1.1
Ignoring unsupported cipher suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 for TLSv1.1
Ignoring unsupported cipher suite: TLS_RSA_WITH_AES_256_CBC_SHA256 for TLSv1.1
Ignoring unsupported cipher suite: TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384 for TLSv1.1
Ignoring unsupported cipher suite: TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384 for TLSv1.1
Ignoring unsupported cipher suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 for TLSv1.1
qtp93314457-151, READ: TLSv1 Handshake, length = 206
*** ClientHello, TLSv1.2
RandomCookie: GMT: -2087203376 Using SSLEngineImpl.
bytes = { 70, 173, 91, 213, 98, 98, 217, 46, 252, 233, 43, 114, 31, 19, 183, 40, 228, 28, 173, 130, 85, 182, 183, 173, 4, 212, 40, 245 }
Session ID: {}
Cipher Suites: [Unknown 0x8a:0x8a, TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384, Unknown 0xcc:0xa9, Unknown 0xcc:0xa8, Unknown 0xcc:0x14, Unknown 0xcc:0x13, TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, TLS_RSA_WITH_AES_128_GCM_SHA256, TLS_RSA_WITH_AES_256_GCM_SHA384, TLS_RSA_WITH_AES_128_CBC_SHA, TLS_RSA_WITH_AES_256_CBC_SHA, SSL_RSA_WITH_3DES_EDE_CBC_SHA]
Compression Methods: { 0 }
Unsupported extension type_51914, data:
Extension renegotiation_info, renegotiated_connection: <empty>
Extension server_name, server_name: [type=host_name (0), value=dim.magnicomp.com]
Unsupported extension type_23, data:
Unsupported extension type_35, data:
Extension signature_algorithms, signature_algorithms: SHA512withRSA, SHA512withECDSA, SHA384withRSA, SHA384withECDSA, SHA256withRSA, SHA256withECDSA, SHA1withRSA, SHA1withECDSA
Unsupported extension status_request, data: 01:00:00:00:00
Unsupported extension type_18, data:
Unsupported extension type_16, data: 00:0c:02:68:32:08:68:74:74:70:2f:31:2e:31
Unsupported extension type_30032, data:
Extension ec_point_formats, formats: [uncompressed]
Extension elliptic_curves, curve names: {unknown curve 39578, unknown curve 29, java.security.spec.ECParameterSpec@638b01ff, java.security.spec.ECParameterSpec@3dbba4da}
Unsupported extension type_56026, data: 00
***
%% Initialized: [Session-12, SSL_NULL_WITH_NULL_NULL]
matching alias: myPrivateKey for CN=dim.magnicomp.com
matching alias: myPrivateKey for CN=dim.magnicomp.com
matching alias: myPrivateKey for CN=dim.magnicomp.com
matching alias: myPrivateKey for CN=dim.magnicomp.com
matching alias: myPrivateKey for CN=dim.magnicomp.com
matching alias: myPrivateKey for CN=dim.magnicomp.com
matching alias: myPrivateKey for CN=dim.magnicomp.com
Allow unsafe renegotiation: false
Allow legacy hello messages: true
Is initial handshake: true
Is secure renegotiation: false
matching alias: myPrivateKey for CN=dim.magnicomp.com
Ignoring unsupported cipher suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 for TLSv1
Ignoring unsupported cipher suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 for TLSv1
Ignoring unsupported cipher suite: TLS_RSA_WITH_AES_256_CBC_SHA256 for TLSv1
Ignoring unsupported cipher suite: TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384 for TLSv1
qtp93314457-151, fatal error: 40: no cipher suites in common
javax.net.ssl.SSLHandshakeException: no cipher suites in common
Ignoring unsupported cipher suite: TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384 for TLSv1
%% Invalidated: [Session-12, SSL_NULL_WITH_NULL_NULL]
Ignoring unsupported cipher suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 for TLSv1
qtp93314457-151, SEND TLSv1.2 ALERT: fatal, description = handshake_failure
Ignoring unsupported cipher suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 for TLSv1.1
qtp93314457-151, WRITE: TLSv1.2 Alert, length = 2
Ignoring unsupported cipher suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 for TLSv1.1
Ignoring unsupported cipher suite: TLS_RSA_WITH_AES_256_CBC_SHA256 for TLSv1.1
Ignoring unsupported cipher suite: TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384 for TLSv1.1
Ignoring unsupported cipher suite: TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384 for TLSv1.1
Ignoring unsupported cipher suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 for TLSv1.1
qtp93314457-151, fatal: engine already closed. Rethrowing javax.net.ssl.SSLHandshakeException: no cipher suites in common
qtp93314457-151, called closeOutbound()
qtp93314457-151, closeOutboundInternal()
qtp93314457-160, READ: TLSv1 Handshake, length = 212
*** ClientHello, TLSv1.2
RandomCookie: GMT: -316909219 bytes = { 57, 49, 102, 214, 160, 20, 226, 56, 251, 203, 38, 163, 9, 6, 194, 243, 5, 216, 212, 3, 4, 190, 51, 224, 44, 154, 92, 64 }
Session ID: {}
Cipher Suites: [Unknown 0xea:0xea, TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, TLS_DHE_RSA_WITH_AES_128_GCM_SHA256, TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384, Unknown 0xcc:0xa9, Unknown 0xcc:0xa8, Unknown 0xcc:0x14, Unknown 0xcc:0x13, TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_RSA_WITH_AES_128_CBC_SHA, TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, TLS_DHE_RSA_WITH_AES_256_CBC_SHA, TLS_RSA_WITH_AES_128_GCM_SHA256, TLS_RSA_WITH_AES_256_GCM_SHA384, TLS_RSA_WITH_AES_128_CBC_SHA, TLS_RSA_WITH_AES_256_CBC_SHA, SSL_RSA_WITH_3DES_EDE_CBC_SHA]
Compression Methods: { 0 }
Unsupported extension type_23130, data:
Extension renegotiation_info, renegotiated_connection: <empty>
Extension server_name, server_name: [type=host_name (0), value=dim.magnicomp.com]
Unsupported extension type_23, data:
Unsupported extension type_35, data:
Extension signature_algorithms, signature_algorithms: SHA512withRSA, SHA512withECDSA, SHA384withRSA, SHA384withECDSA, SHA256withRSA, SHA256withECDSA, SHA1withRSA, SHA1withECDSA
Unsupported extension status_request, data: 01:00:00:00:00
Unsupported extension type_18, data:
Unsupported extension type_16, data: 00:0c:02:68:32:08:68:74:74:70:2f:31:2e:31
Unsupported extension type_30032, data:
Extension ec_point_formats, formats: [uncompressed]
Extension elliptic_curves, curve names: {unknown curve 6682, unknown curve 29, java.security.spec.ECParameterSpec@e90285a, java.security.spec.ECParameterSpec@51bbd50e}
Unsupported extension type_19018, data: 00
***
%% Initialized: [Session-13, SSL_NULL_WITH_NULL_NULL]
matching alias: myPrivateKey for CN=dim.magnicomp.com
matching alias: myPrivateKey for CN=dim.magnicomp.com
matching alias: myPrivateKey for CN=dim.magnicomp.com
matching alias: myPrivateKey for CN=dim.magnicomp.com
matching alias: myPrivateKey for CN=dim.magnicomp.com
matching alias: myPrivateKey for CN=dim.magnicomp.com
matching alias: myPrivateKey for CN=dim.magnicomp.com
matching alias: myPrivateKey for CN=dim.magnicomp.com
matching alias: myPrivateKey for CN=dim.magnicomp.com
qtp93314457-160, fatal error: 40: no cipher suites in common
javax.net.ssl.SSLHandshakeException: no cipher suites in common
%% Invalidated: [Session-13, SSL_NULL_WITH_NULL_NULL]
qtp93314457-160, SEND TLSv1.2 ALERT: fatal, description = handshake_failure
qtp93314457-160, WRITE: TLSv1.2 Alert, length = 2
qtp93314457-160, fatal: engine already closed. Rethrowing javax.net.ssl.SSLHandshakeException: no cipher suites in common
qtp93314457-160, called closeOutbound()
qtp93314457-160, closeOutboundInternal()
Here is my Jetty code:这是我的码头代码:
private Server createServer() {
Server server = new Server();
server.setStopAtShutdown(true);
if (log.getDebugLevel() >= 1)
server.setDumpAfterStart(true);
ServerConnector httpConnector = createHttpConnector(server);
ServerConnector httpsConnector = createHttpsConnector(server);
server.addConnector(httpConnector);
server.addConnector(httpsConnector);
... snip ...
}
private ServerConnector createHttpsConnector(Server server) {
HttpConfiguration httpConfig = new HttpConfiguration(getBasicHttpConfiguration());
httpConfig.addCustomizer(new SecureRequestCustomizer());
SslContextFactory sslContextFactory = createSslContextFactory();
SslConnectionFactory connectionFactory = new SslConnectionFactory(sslContextFactory, HTTP_VERSION);
ServerConnector connector = new ServerConnector(server, connectionFactory, new HttpConnectionFactory(httpConfig));
connector.setPort(getHttpsPort());
connector.setIdleTimeout(getHttpIdleTimeoutSeconds());
return connector;
}
private SslContextFactory createSslContextFactory() {
KeyStore keyStore = createKeyStore();
KeyStore trustStore = createTrustStore();
SslContextFactory sslContextFactory = new SslContextFactory();
sslContextFactory.setKeyStore(keyStore);
sslContextFactory.setTrustStore(trustStore);
sslContextFactory.setExcludeCipherSuites(excludeCiphers);
sslContextFactory.setExcludeProtocols(excludeProtocols);
return sslContextFactory;
}
private HttpConfiguration getBasicHttpConfiguration() {
if (basicHttpConfig == null) {
basicHttpConfig = new HttpConfiguration();
basicHttpConfig.setSecureScheme("https");
basicHttpConfig.setSecurePort(getHttpsPort());
}
return basicHttpConfig;
}
public KeyStore createKeyStore(...) {
X509Certificate xcert = ...
List<X509Certificate> chain = new ArrayList<>();
chain.add(xcert);
chain.addAll(caCerts);
PrivateKey privateKey = ... ;
String keyAlias = "myPrivateKey for " + xcert.getSubjectX500Principal().getName();
String certAlias = "myCertificate for " + xcert.getSubjectX500Principal().getName();
KeyStore ks = KeyStore.getInstance(KEYSTORE_TYPE);
ks.load(null, null);
ks.setCertificateEntry(certAlias, xcert);
ks.setKeyEntry(keyAlias, privateKey, null, xchain.toArray(new X509Certificate [] {}));
return ks;
}
public KeyStore createTrustStore() {
KeyStore ks = null;
try {
ks = KeyStore.getInstance("JKS");
ks.load(null, null);
} catch (NoSuchAlgorithmException | CertificateException | IOException | KeyStoreException e) {
throw new OperationFailedException(e);
}
int count = 0;
for (CertificateAuthority ca : list) {
boolean isTrusted = (ca.getTrusted() != null) ? ca.getTrusted() : false;
if (isTrusted == false)
continue;
X509Certificate xcert = CertificateConverter.convertToX509Certificate(ca.getCertificate());
String alias = xcert.getSubjectDN().getName();
TrustedCertificateEntry entry = new TrustedCertificateEntry(xcert);
try {
ks.setEntry(alias, entry, null);
++count;
} catch (KeyStoreException e) {
throw new OperationFailedException(e);
}
}
if (count == 0)
throw new OperationFailedException("No Trusted Certificate Authorities found");
return ks;
}
When the Jetty server starts it does show it's included Ciphers:当 Jetty 服务器启动时,它确实显示它包含密码:
| | +- Protocol Selections
| | | +- Enabled (size=3)
| | | | +- TLSv1
| | | | +- TLSv1.1
| | | | +- TLSv1.2
| | | +- Disabled (size=2)
| | | +- SSLv2Hello - ConfigExcluded:'SSLv2Hello'
| | | +- SSLv3 - JreDisabled:java.security, ConfigExcluded:'SSLv3'
| | +- Cipher Suite Selections
| | +- Enabled (size=34)
| | | +- TLS_DHE_RSA_WITH_AES_128_GCM_SHA256
| | | +- TLS_DHE_RSA_WITH_AES_256_CBC_SHA256
| | | +- TLS_DHE_RSA_WITH_AES_256_GCM_SHA384
| | | +- TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA
| | | +- TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256
| | | +- TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
| | | +- TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA
| | | +- TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384
| | | +- TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
| | | +- TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
| | | +- TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
| | | +- TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
| | | +- TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
| | | +- TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
| | | +- TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
| | | +- TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA
| | | +- TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256
| | | +- TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256
| | | +- TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA
| | | +- TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384
| | | +- TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384
| | | +- TLS_ECDH_RSA_WITH_AES_128_CBC_SHA
| | | +- TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256
| | | +- TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256
| | | +- TLS_ECDH_RSA_WITH_AES_256_CBC_SHA
| | | +- TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384
| | | +- TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384
| | | +- TLS_EMPTY_RENEGOTIATION_INFO_SCSV
| | | +- TLS_RSA_WITH_AES_128_CBC_SHA
| | | +- TLS_RSA_WITH_AES_128_CBC_SHA256
| | | +- TLS_RSA_WITH_AES_128_GCM_SHA256
| | | +- TLS_RSA_WITH_AES_256_CBC_SHA
| | | +- TLS_RSA_WITH_AES_256_CBC_SHA256
| | | +- TLS_RSA_WITH_AES_256_GCM_SHA384
| | +- Disabled (size=48)
| | +- SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA - JreDisabled:java.security, ConfigExcluded:'SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA', ConfigExcluded:'.*DES.*', ConfigExcluded:'.*DSS.*'
| | +- SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA - ConfigExcluded:'.*DES.*', ConfigExcluded:'.*DSS.*'
| | +- SSL_DHE_DSS_WITH_DES_CBC_SHA - JreDisabled:java.security, ConfigExcluded:'SSL_DHE_DSS_WITH_DES_CBC_SHA', ConfigExcluded:'.*DES.*', ConfigExcluded:'.*DSS.*'
... snip ...
There are definitely multiple ciphers in common with the above Include Ciphers output from Jetty and what the ClientHello shows (from Chrome).上面肯定有多个密码与来自 Jetty 的 Include Ciphers 输出和 ClientHello 显示的内容(来自 Chrome)相同。
I can successfully connect to the Jetty server with openssl:我可以使用 openssl 成功连接到 Jetty 服务器:
openssl s_client -CAfile ca-bundle.crt -connect dim.magnicomp.com:443
CONNECTED(00000003)
depth=2 CN = MagniComp Root CA
verify return:1
depth=1 DC = com, DC = magnicomp, CN = MagniComp Issuing CA3
verify return:1
depth=0 CN = dim.magnicomp.com
verify return:1
---
Certificate chain
0 s:/CN=dim.magnicomp.com
i:/DC=com/DC=magnicomp/CN=MagniComp Issuing CA3
1 s:/DC=com/DC=magnicomp/CN=MagniComp Issuing CA3
i:/CN=MagniComp Root CA
2 s:/CN=MagniComp Root CA
i:/CN=MagniComp Root CA
---
Server certificate
-----BEGIN CERTIFICATE-----
MIIHLDCCBRSgAwIBAgITSwAAHrdVt+0m8ilX2QABAAAetzANBgkqhkiG9w0BAQsF
... snip ...
+yePwA+yZbwCJmfm6H/tHw==
-----END CERTIFICATE-----
subject=/CN=dim.magnicomp.com
issuer=/DC=com/DC=magnicomp/CN=MagniComp Issuing CA3
---
No client certificate CA names sent
Peer signing digest: SHA512
Server Temp Key: ECDH, P-256, 256 bits
---
SSL handshake has read 5896 bytes and written 490 bytes
---
New, TLSv1/SSLv3, Cipher is ECDHE-RSA-AES256-SHA384
Server public key is 2048 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
SSL-Session:
Protocol : TLSv1.2
Cipher : ECDHE-RSA-AES256-SHA384
Session-ID: 585C70B03124705067B91809B759000159C3537719D2D49CDA95FA34A8A0A838
Session-ID-ctx:
Master-Key: 869543E852F7C7FB0C8849CFE673FDB5C89EA7F8BA118215E00781F80390ADD6DA71B747F8DAA8F5E610FE9EF2F0ADFD
Key-Arg : None
PSK identity: None
PSK identity hint: None
SRP username: None
Start Time: 1482453168
Timeout : 300 (sec)
Verify return code: 0 (ok)
Here is the server certificate I'm using:这是我正在使用的服务器证书:
Signature Algorithm: sha256WithRSAEncryption
Issuer: DC=com, DC=magnicomp, CN=MagniComp Issuing CA3
Validity
Not Before: Dec 22 22:09:32 2016 GMT
Not After : Dec 22 22:09:32 2017 GMT
Subject: CN=dim.magnicomp.com
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (2048 bit)
Modulus:
00:a1:95:ef:ff:bf:c8:a2:fb:4e:3a:81:b5:4d:36:
03:21:55:3e:fb:35:93:14:b0:4e:93:16:2c:13:fd:
dd:7e:b4:4d:5a:32:04:28:9a:51:93:23:01:e4:80:
37:e9:4e:9b:9e:ca:ba:8d:96:5e:2b:78:2d:f9:3f:
bd:7e:cf:70:32:75:9b:e8:c7:1d:42:d4:ee:8e:2d:
e0:b8:2f:93:02:2b:a4:72:ac:99:8c:6d:05:f9:6b:
18:88:47:52:06:02:71:a9:9d:fe:87:71:d3:4f:28:
84:9b:55:2a:cd:af:37:77:94:a9:cc:6f:26:fe:88:
6b:c0:b5:b2:c6:59:c0:94:dd:af:3a:50:d7:7b:da:
2f:e4:98:b0:8a:b7:56:a7:ed:13:fd:7f:b3:39:14:
76:12:f4:39:0d:b4:ac:31:f3:2b:c6:12:3a:44:ef:
5b:b8:0d:03:0d:e4:f4:06:05:38:46:66:a7:07:9b:
ec:83:af:bc:48:46:d0:32:e7:96:13:96:6a:c6:d9:
49:71:c0:49:3c:04:9b:1e:20:ab:2f:06:af:6f:43:
ff:5a:30:55:35:3b:96:6b:51:61:cf:95:5b:58:c3:
37:e4:bf:05:09:d0:3b:57:82:86:40:bf:7e:bf:d8:
41:be:27:1c:f5:36:a7:b1:63:98:ea:cb:ff:32:99:
60:83
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Extended Key Usage:
TLS Web Server Authentication
X509v3 Subject Alternative Name:
DNS:dim.magnicomp.com, DNS:dim
X509v3 Subject Key Identifier:
8D:8D:4E:99:AB:6A:15:32:B8:EA:C0:61:52:9D:3B:BE:A9:2E:C9:13
X509v3 Authority Key Identifier:
keyid:22:D9:24:A4:0C:3C:E9:63:82:D2:22:F6:87:C0:03:A2:2F:97:ED:80
X509v3 CRL Distribution Points:
Full Name:
URI:http://CDP.magnicomp.com/PKI/MagniComp%20Issuing%20CA3.crl
URI:ldap:///CN=MagniComp%20Issuing%20CA3,CN=ca3,CN=CDP,CN=Public%20Key%20Services,CN=Services,CN=Configuration,DC=magnicomp,DC=com?certificateRevocationList?base?objectClass=cRLDistributionPoint
Authority Information Access:
CA Issuers - URI:http://CDP.magnicomp.com/PKI/ca3.magnicomp.com_MagniComp%20Issuing%20CA3(1).crt
CA Issuers - URI:ldap:///CN=MagniComp%20Issuing%20CA3,CN=AIA,CN=Public%20Key%20Services,CN=Services,CN=Configuration,DC=magnicomp,DC=com?cACertificate?base?objectClass=certificationAuthority
X509v3 Key Usage: critical
Digital Signature, Key Encipherment
1.3.6.1.4.1.311.21.7:
0..&+.....7.....X...........b...d^...q......d...
1.3.6.1.4.1.311.21.10:
0.0
..+.......
Signature Algorithm: sha256WithRSAEncryption
... snip ...
3 个解决方案
解决方案1
8 2016-12-27 19:43:16
I finally figured this out.我终于想通了这一点。 The KeyStore alias must be "jetty" for both the cert and key entries.证书和密钥条目的 KeyStore 别名必须是“jetty”。 I was using a custom name for each to more easily identify the entries in the keystore.我为每个名称使用自定义名称,以便更轻松地识别密钥库中的条目。
RANT: Why in the world does Jetty or the underlying Java SSL code report "no ciphers in common" when it can't find the cert/key in the KeyStore? RANT:为什么 Jetty 或底层 Java SSL 代码在 KeyStore 中找不到证书/密钥时会报告“没有共同的密码”? This is completely obtuse and has almost no chance of helping the developer figure out what the problem is!这完全是迟钝的,几乎没有机会帮助开发人员找出问题所在!
解决方案2
1 2020-03-29 10:00:00
https://www.eclipse.org/jetty/documentation/current/configuring-ssl.html https://www.eclipse.org/jetty/documentation/current/jetty-ssl-distribution.html https://www.eclipse.org/jetty/documentation/current/configuring-ssl.html https://www.eclipse.org/jetty/documentation/current/jetty-ssl-distribution.html
Don't follow anything else other than the official documentation from jetty.除了 jetty 的官方文档之外,不要遵循任何其他内容。 I could make it work after following what has been told above, plus adding these following lines in start.ini.我可以按照上面所说的进行操作,并在 start.ini 中添加以下几行。
jetty.sslContext.keyStorePath=etc/keystore jetty.sslContext.trustStorePath=etc/keystore jetty.sslContext.keyStorePassword=password jetty.sslContext.keyManagerPassword=password jetty.sslContext.trustStorePassword=password jetty.sslContext.keyStorePath=etc/keystore jetty.sslContext.trustStorePath=etc/keystore jetty.sslContext.keyStorePassword=password jetty.sslContext.keyManagerPassword=password jetty.sslContext.trustStorePassword=password
解决方案3
0 2022-07-22 08:28:38
I don't know if anyone can use this, but I had the same problem.我不知道是否有人可以使用它,但我遇到了同样的问题。 It occured that the JRE I was using was to old or at least some of the ciphers I had specified in cipherSuiteParameters was not contained or not supported by the actual JRE.碰巧我使用的 JRE 太旧了,或者至少我在 cipherSuiteParameters 中指定的一些密码没有被实际的 JRE 包含或不支持。
Verify that the ciphers you specify are supported by the JRE.验证 JRE 是否支持您指定的密码。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.
相关问题
HTTPS套接字“javax.net.ssl.SSLHandshakeException:没有共同的密码套件” - HTTPS Socket “javax.net.ssl.SSLHandshakeException: no cipher suites in common”
javax.net.ssl.SSLHandshakeException:没有共同的密码套件没有共同的密码套件 - javax.net.ssl.SSLHandshakeException: no cipher suites in common no cipher suites in common
使用OpenSSL + Java服务器的C客户端:javax.net.ssl.SSLHandshakeException:没有共同的密码套件 - C client with OpenSSL + Java server : javax.net.ssl.SSLHandshakeException: no cipher suites in common
javax.net.ssl.SSLHandshakeException:没有适当的协议(协议被禁用或密码套件不合适)没有握手 - javax.net.ssl.SSLHandshakeException: No appropriate protocol (protocol is disabled or cipher suites are inappropriate) without handshake
原因:javax.net.ssl.SSLHandshakeException:java 11.0.9 中没有合适的协议(协议被禁用或密码套件不合适) - Caused by: javax.net.ssl.SSLHandshakeException: No appropriate protocol (protocol is disabled or cipher suites are inappropriate) in java 11.0.9
处理异常:javax.net.ssl.SSLHandshakeException:没有合适的协议(协议被禁用或密码套件不合适) - handling exception: javax.net.ssl.SSLHandshakeException: No appropriate protocol (protocol is disabled or cipher suites are inappropriate)
javax.net.ssl.SSLHandshakeException:没有合适的协议(协议被禁用或密码套件不合适 - javax.net.ssl.SSLHandshakeException: No appropriate protocol (protocol is disabled or cipher suites are inappropriate
javax.net.ssl.SSLHandshakeException - javax.net.ssl.SSLHandshakeException
javax.net.ssl.SSLHandshakeException? - javax.net.ssl.SSLHandshakeException?
SSLHandshakeException:没有通用的密码套件 - SSLHandshakeException:no cipher suites in common
相关标签