Skip to main content


Eclipse Community Forums
Forum Search:

Search      Help    Register    Login    Home
Home » Newcomers » Newcomers » Jetty webserver launch failing and giving " fatal error: 40: no cipher suites in common"(Whenever i am trying to launch jetty server with SSL debug logs and sending request to the host ip, i am getting error in debugs logs " fatal error: 40: no cipher suites in common")
Jetty webserver launch failing and giving " fatal error: 40: no cipher suites in common" [message #1802410] Fri, 08 February 2019 12:41 Go to next message
Sujit Kumar is currently offline Sujit KumarFriend
Messages: 1
Registered: February 2019
Junior Member
i am using Jetty version 9.4.14. here is the ssl logs:
$ java -jar start.jar -Djavax.net.debug=ssl:handshake:verbose
WARN : System properties and/or JVM args set. Consider using --dry-run or --exec
2020-01-09 16:37:55.677:INFO::main: Logging initialized @1027ms to org.eclipse.jetty.util.log.StdErrLog
2020-01-09 16:37:56.114:INFO:oejs.Server:main: jetty-9.4.8.v20171121, build timestamp: 2017-11-22T02:57:37+05:30, git hash: 82b8fb23f757335bb3329d540ce37a2a2615f0a8
2020-01-09 16:37:56.139:INFO:oejdp.ScanningAppProvider:main: Deployment monitor [file:///opt/project/radius/website/webserver/jetty/webapps/] at interval 1
2020-01-09 16:37:56.769:INFO:oejs.session:main: DefaultSessionIdManager workerName=node0
2020-01-09 16:37:56.770:INFO:oejs.session:main: No SessionScavenger set, using defaults
2020-01-09 16:37:56.771:INFO:oejs.session:main: Scavenging every 660000ms
2020-01-09 16:37:56.933:INFO:oejsh.ContextHandler:main: Started o.e.j.w.WebAppContext@52a86356{/,file:///opt/project/radius/website/webserver/jetty/webapps/ROOT/,AVAILABLE}{/ROOT}
2020-01-09 16:37:57.396:INFO:oejus.SslContextFactory:main: x509=X509@223d2c72(1,h=[sbr-vmware20.(none)],w=[]) for SslContextFactory@8f4ea7c[provider=null,keyStore=file:///opt/project/radius/website/webserver/openssl/Sbr_Self_Signed.pfx,trustStore=null]
***
found key for : 1
chain [0] = [
[
Version: V1
Subject: CN=sbr-vmware20.(none), O=Networks, C=US
Signature Algorithm: SHA256withRSA, OID = 1.2.840.113549.1.1.11

Key: Sun RSA public key, 2048 bits
modulus: 26614484937779763152252089073589238803391634932047782808267027775184511985489410820091502097374328465826045999180616223630679858429503746414547289165922400181512164899525302576827650355736820097262154093349733188093704190857178611046950311273884599733886850269560599400721380459058388117617102413578113376454407959229653925333207695327097481053031237388923258232829647599931104229739355739939725031148351380851432100325688356104984116744023959810364586589363697438483484435416197316945572109235577148085111064018994824582432904526070656879080640483677747194257399401117174439278485901530087934323421255898169308069397
public exponent: 65537
Validity: [From: Mon Dec 30 19:09:28 IST 2019,
To: Thu Dec 27 19:09:28 IST 2029]
Issuer: CN=sbr-vmware20.(none), O=Networks, C=US
SerialNumber: [ 029e0431 6a30af2b 5a016772]

]
Algorithm: [SHA256withRSA]
Signature:
0000: 3F 9E BA 9C AC 1F 62 84 B7 9F DF D3 B5 D8 0C 02 ?.....b.........
0010: DA 15 5E 94 E4 2C 9D DB 72 43 9C 04 5D 7F 33 18 ..^..,..rC..].3.
0020: 06 17 3F D0 E2 C7 0C 80 31 43 1F D3 CF FC F5 B3 ..?.....1C......
0030: 33 3E 29 44 17 81 02 10 94 54 A1 5E E9 4F 1C FD 3>)D.....T.^.O..
0040: 44 30 68 2E B3 69 F3 69 8D 4D 52 3B 5F E1 F9 AC D0h..i.i.MR;_...
0050: 11 83 3B C7 97 7E D5 6D 76 92 34 DE 67 E4 CF 51 ..;....mv.4.g..Q
0060: 27 D5 D3 88 B1 CF 31 AC BF E0 D8 6A BF 6F 9D 44 '.....1....j.o.D
0070: A3 73 CA A8 9E 9B 29 0A 96 3D 3E 7F D2 31 C3 B8 .s....)..=>..1..
0080: 8D 9B 48 74 9B F7 1C 24 5E 16 E9 CB BC B1 FD 6E ..Ht...$^......n
0090: AD 03 E4 7E 43 10 B2 D5 E4 AB BD 46 5A F6 0F 49 ....C......FZ..I
00A0: E5 C5 71 37 B5 B1 FE 4B 4C F3 66 39 45 04 5B 4B ..q7...KL.f9E.[K
00B0: 2E C3 E6 B5 25 99 1B C4 BF 2E 4E 46 B6 AC E8 EC ....%.....NF....
00C0: 7C 27 7A ED 9B E9 33 81 82 78 CC B9 C8 AC 52 41 .'z...3..x....RA
00D0: 1A BA CA 7D 03 DD 1C F4 26 2F 24 05 5C B2 C8 84 ........&/$.\...
00E0: 96 EE E7 E4 D0 0F 2D 5F F5 5D C8 0F 30 01 E6 25 ......-_.]..0..%
00F0: F3 09 D5 8E 3C E4 AE A2 DD 65 0D A1 FC 73 0A 2A ....<....e...s.*

]
***
adding as trusted cert:
Subject: CN=sbr-vmware20.(none), O=Networks, C=US
Issuer: CN=sbr-vmware20.(none), O=Networks, C=US
Algorithm: RSA; Serial number: 0x29e04316a30af2b5a016772
Valid from Mon Dec 30 19:09:28 IST 2019 until Thu Dec 27 19:09:28 IST 2029

trigger seeding of SecureRandom
done seeding SecureRandom
Using SSLEngineImpl.
2020-01-09 16:37:57.488:INFO:oejs.AbstractConnector:main: Started ServerConnector@66c9de3b{SSL,[ssl, http/1.1]}{0.0.0.0:2909}
2020-01-09 16:37:57.490:INFO:oejs.Server:main: Started @2843ms
Using SSLEngineImpl.
Allow unsafe renegotiation: false
Allow legacy hello messages: true
Is initial handshake: true
Is secure renegotiation: false
Ignoring unsupported cipher suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 for TLSv1
Ignoring unsupported cipher suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 for TLSv1
Ignoring unsupported cipher suite: TLS_RSA_WITH_AES_256_CBC_SHA256 for TLSv1
Ignoring unsupported cipher suite: TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384 for TLSv1
Ignoring unsupported cipher suite: TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384 for TLSv1
Ignoring unsupported cipher suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 for TLSv1
Ignoring unsupported cipher suite: TLS_DHE_DSS_WITH_AES_256_CBC_SHA256 for TLSv1
Ignoring unsupported cipher suite: TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 for TLSv1
Ignoring unsupported cipher suite: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 for TLSv1
Ignoring unsupported cipher suite: TLS_RSA_WITH_AES_128_CBC_SHA256 for TLSv1
Ignoring unsupported cipher suite: TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256 for TLSv1
Ignoring unsupported cipher suite: TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256 for TLSv1
Ignoring unsupported cipher suite: TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 for TLSv1
Ignoring unsupported cipher suite: TLS_DHE_DSS_WITH_AES_128_CBC_SHA256 for TLSv1
Ignoring unsupported cipher suite: TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 for TLSv1
Ignoring unsupported cipher suite: TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 for TLSv1
Ignoring unsupported cipher suite: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 for TLSv1
Ignoring unsupported cipher suite: TLS_RSA_WITH_AES_256_GCM_SHA384 for TLSv1
Ignoring unsupported cipher suite: TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384 for TLSv1
Ignoring unsupported cipher suite: TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384 for TLSv1
Ignoring unsupported cipher suite: TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 for TLSv1
Ignoring unsupported cipher suite: TLS_DHE_DSS_WITH_AES_256_GCM_SHA384 for TLSv1
Ignoring unsupported cipher suite: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 for TLSv1
Ignoring unsupported cipher suite: TLS_RSA_WITH_AES_128_GCM_SHA256 for TLSv1
Ignoring unsupported cipher suite: TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256 for TLSv1
Ignoring unsupported cipher suite: TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256 for TLSv1
Ignoring unsupported cipher suite: TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 for TLSv1
Ignoring unsupported cipher suite: TLS_DHE_DSS_WITH_AES_128_GCM_SHA256 for TLSv1
Ignoring unsupported cipher suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 for TLSv1.1
Ignoring unsupported cipher suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 for TLSv1.1
Ignoring unsupported cipher suite: TLS_RSA_WITH_AES_256_CBC_SHA256 for TLSv1.1
Ignoring unsupported cipher suite: TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384 for TLSv1.1
Ignoring unsupported cipher suite: TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384 for TLSv1.1
Ignoring unsupported cipher suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 for TLSv1.1
Ignoring unsupported cipher suite: TLS_DHE_DSS_WITH_AES_256_CBC_SHA256 for TLSv1.1
Ignoring unsupported cipher suite: TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 for TLSv1.1
Ignoring unsupported cipher suite: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 for TLSv1.1
Ignoring unsupported cipher suite: TLS_RSA_WITH_AES_128_CBC_SHA256 for TLSv1.1
Ignoring unsupported cipher suite: TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256 for TLSv1.1
Ignoring unsupported cipher suite: TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256 for TLSv1.1
Ignoring unsupported cipher suite: TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 for TLSv1.1
Ignoring unsupported cipher suite: TLS_DHE_DSS_WITH_AES_128_CBC_SHA256 for TLSv1.1
Ignoring unsupported cipher suite: TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 for TLSv1.1
Ignoring unsupported cipher suite: TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 for TLSv1.1
Ignoring unsupported cipher suite: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 for TLSv1.1
Ignoring unsupported cipher suite: TLS_RSA_WITH_AES_256_GCM_SHA384 for TLSv1.1
Ignoring unsupported cipher suite: TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384 for TLSv1.1
Ignoring unsupported cipher suite: TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384 for TLSv1.1
Ignoring unsupported cipher suite: TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 for TLSv1.1
Ignoring unsupported cipher suite: TLS_DHE_DSS_WITH_AES_256_GCM_SHA384 for TLSv1.1
Ignoring unsupported cipher suite: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 for TLSv1.1
Ignoring unsupported cipher suite: TLS_RSA_WITH_AES_128_GCM_SHA256 for TLSv1.1
Ignoring unsupported cipher suite: TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256 for TLSv1.1
Ignoring unsupported cipher suite: TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256 for TLSv1.1
Ignoring unsupported cipher suite: TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 for TLSv1.1
Ignoring unsupported cipher suite: TLS_DHE_DSS_WITH_AES_128_GCM_SHA256 for TLSv1.1
qtp380936215-9, READ: TLSv1 Handshake, length = 98
*** ClientHello, TLSv1
RandomCookie: GMT: -245788233 bytes = { 182, 200, 156, 1, 7, 73, 52, 195, 125, 208, 137, 23, 142, 90, 117, 120, 211, 10, 56, 208, 195, 55, 146, 41, 173, 213, 151, 145 }
Session ID: {}
Cipher Suites: [TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, TLS_DHE_RSA_WITH_AES_256_CBC_SHA, TLS_DHE_DSS_WITH_AES_256_CBC_SHA, TLS_RSA_WITH_AES_256_CBC_SHA, TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_DSS_WITH_AES_128_CBC_SHA, TLS_RSA_WITH_AES_128_CBC_SHA, SSL_RSA_WITH_RC4_128_SHA, SSL_RSA_WITH_RC4_128_MD5, SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA, SSL_RSA_WITH_3DES_EDE_CBC_SHA]
Compression Methods: { 0 }
Extension renegotiation_info, renegotiated_connection: <empty>
Extension elliptic_curves, curve names: {secp256r1, secp384r1, secp521r1}
Extension ec_point_formats, formats: [uncompressed]
***
%% Initialized: [Session-1, SSL_NULL_WITH_NULL_NULL]
qtp380936215-9, fatal error: 40: no cipher suites in common
javax.net.ssl.SSLHandshakeException: no cipher suites in common
%% Invalidated: [Session-1, SSL_NULL_WITH_NULL_NULL]
qtp380936215-9, SEND TLSv1 ALERT: fatal, description = handshake_failure
qtp380936215-9, WRITE: TLSv1 Alert, length = 2
qtp380936215-9, fatal: engine already closed. Rethrowing javax.net.ssl.SSLHandshakeException: no cipher suites in common
qtp380936215-9, called closeOutbound()
qtp380936215-9, closeOutboundInternal()
:q
^C2020-01-09 16:38:42.497:INFO:oejs.AbstractConnector:Thread-0: Stopped ServerConnector@66c9de3b{SSL,[ssl, http/1.1]}{0.0.0.0:2909}
2020-01-09 16:38:42.498:INFO:oejs.session:Thread-0: Stopped scavenging
2020-01-09 16:38:42.520:INFO:oejsh.ContextHandler:Thread-0: Stopped o.e.j.w.WebAppContext@52a86356{/,null,UNAVAILABLE}{/ROOT}

Request to host through curl command:

$ curl -v https://10.212.10.224:2909 --insecure
* About to connect() to 10.212.10.224 port 2909 (#0)
* Trying 10.212.10.224... connected
* Connected to 10.212.10.224 (10.212.10.224) port 2909 (#0)
* Initializing NSS with certpath: sql:/etc/pki/nssdb
* warning: ignoring value of ssl.verifyhost
* NSS error -12286
* Closing connection #0
* SSL connect error
curl: (35) SSL connect error


Jetty Config:

$ java -jar start.jar --list-config

Java Environment:
-----------------
java.home = /tmp/jdk1.8.0_162/jre
java.vm.vendor = Oracle Corporation
java.vm.version = 25.162-b12
java.vm.name = Java HotSpot(TM) 64-Bit Server VM
java.vm.info = mixed mode
java.runtime.name = Java(TM) SE Runtime Environment
java.runtime.version = 1.8.0_162-b12
java.io.tmpdir = /tmp
user.dir = /opt/project/radius/website/webserver/jetty
user.language = en
user.country = US

Jetty Environment:
-----------------
jetty.version = 9.4.8.v20171121
jetty.tag.version = master
jetty.home = /opt/project/radius/website/webserver/jetty
jetty.base = /opt/project/radius/website/webserver/jetty

Config Search Order:
--------------------
<command-line>
${jetty.base} -> /opt/project/radius/website/webserver/jetty
${jetty.home} -> /opt/project/radius/website/webserver/jetty


JVM Arguments:
--------------
(no jvm args specified)

System Properties:
------------------
(no system properties specified)

Properties:
-----------
java.version = 1.8.0_162
java.version.major = 1
java.version.micro = 0
java.version.minor = 8
java.version.platform = 8
java.version.update = 162
jetty.base = /opt/project/radius/website/webserver/jetty
jetty.base.uri = file:///opt/project/radius/website/webserver/jetty
jetty.home = /opt/project/radius/website/webserver/jetty
jetty.home.uri = file:///opt/project/radius/website/webserver/jetty
jetty.ssl.connectTimeout = 15000
jetty.ssl.idleTimeout = 30000
jetty.ssl.port = 2909
jetty.sslContext.keyStorePassword = sbr
jetty.sslContext.keyStorePath = etc/keystore
jetty.sslContext.keyStoreType = pkcs12
jetty.sslContext.needClientAuth = true
jetty.sslContext.renegotiationAllowed = true
jetty.sslContext.renegotiationLimit = 5
jetty.sslContext.sslSessionCacheSize = -1
jetty.sslContext.sslSessionTimeout = -1
jetty.sslContext.useCipherSuitesOrder = true
jetty.sslContext.wantClientAuth = true

Jetty Server Classpath:
-----------------------
Version Information on 26 entries in the classpath.
Note: order presented here is how they would appear on the classpath.
changes to the --module=name command line options will be reflected here.
0: 1.4.1.v201005082020 | ${jetty.base}/lib/mail/javax.mail.glassfish-1.4.1.v201005082020.jar
1: (dir) | ${jetty.base}/resources
2: 3.1.0 | ${jetty.base}/lib/servlet-api-3.1.jar
3: 3.1.0.M0 | ${jetty.base}/lib/jetty-schemas-3.1.jar
4: 9.4.8.v20171121 | ${jetty.base}/lib/jetty-http-9.4.8.v20171121.jar
5: 9.4.8.v20171121 | ${jetty.base}/lib/jetty-server-9.4.8.v20171121.jar
6: 9.4.8.v20171121 | ${jetty.base}/lib/jetty-xml-9.4.8.v20171121.jar
7: 9.4.8.v20171121 | ${jetty.base}/lib/jetty-util-9.4.8.v20171121.jar
8: 9.4.8.v20171121 | ${jetty.base}/lib/jetty-io-9.4.8.v20171121.jar
9: 9.4.8.v20171121 | ${jetty.base}/lib/jetty-jndi-9.4.8.v20171121.jar
10: 9.4.8.v20171121 | ${jetty.base}/lib/jetty-security-9.4.8.v20171121.jar
11: 1.2 | ${jetty.base}/lib/transactions/javax.transaction-api-1.2.jar
12: 9.4.8.v20171121 | ${jetty.base}/lib/jetty-servlet-9.4.8.v20171121.jar
13: 9.4.8.v20171121 | ${jetty.base}/lib/jetty-webapp-9.4.8.v20171121.jar
14: 9.4.8.v20171121 | ${jetty.base}/lib/jetty-plus-9.4.8.v20171121.jar
15: 9.4.8.v20171121 | ${jetty.base}/lib/jetty-annotations-9.4.8.v20171121.jar
16: 6.0 | ${jetty.base}/lib/annotations/asm-6.0.jar
17: 6.0 | ${jetty.base}/lib/annotations/asm-commons-6.0.jar
18: 1.2 | ${jetty.base}/lib/annotations/javax.annotation-api-1.2.jar
19: 3.12.3.v20170228-1205 | ${jetty.base}/lib/apache-jsp/org.eclipse.jdt.ecj-3.12.3.jar
20: 9.4.8.v20171121 | ${jetty.base}/lib/apache-jsp/org.eclipse.jetty.apache-jsp-9.4.8.v20171121.jar
21: 8.5.20 | ${jetty.base}/lib/apache-jsp/org.mortbay.jasper.apache-el-8.5.23.jar
22: 2.3 | ${jetty.base}/lib/apache-jsp/org.mortbay.jasper.apache-jsp-8.5.23.jar
23: 1.2.5 | ${jetty.base}/lib/apache-jstl/org.apache.taglibs.taglibs-standard-impl-1.2.5.jar
24: 1.2.5 | ${jetty.base}/lib/apache-jstl/org.apache.taglibs.taglibs-standard-spec-1.2.5.jar
25: 9.4.8.v20171121 | ${jetty.base}/lib/jetty-deploy-9.4.8.v20171121.jar

Jetty Active XMLs:
------------------
${jetty.base}/etc/jetty.xml
${jetty.base}/etc/jetty-webapp.xml
${jetty.base}/etc/jetty-plus.xml
${jetty.base}/etc/jetty-annotations.xml
${jetty.base}/etc/jetty-deploy.xml
${jetty.base}/etc/jetty-ssl.xml
${jetty.base}/etc/jetty-ssl-context.xml
${jetty.base}/etc/jetty-https.xml
Re: Jetty webserver launch failing and giving " fatal error: 40: no cipher suites in common&quo [message #1802623 is a reply to message #1802410] Tue, 12 February 2019 22:27 Go to previous message
Nitin Dahyabhai is currently offline Nitin DahyabhaiFriend
Messages: 3404
Registered: July 2009
Senior Member

I think Jetty prefers questions on their -users mailing list: https://accounts.eclipse.org/mailing-list/jetty-users

Nitin Dahyabhai
Eclipse Web Tools Platform
Previous Topic:Debugging - Eclipse PTP: cannot open file /usr/local/bin/routes_379c55d4-f04f-4c89-860f-6111983f3f35
Next Topic:*** NOT WORKING ***
Goto Forum:
  


Current Time: Sun May 19 14:26:39 GMT 2019

Powered by FUDForum. Page generated in 0.02796 seconds
.:: Contact :: Home ::.

Powered by: FUDforum 3.0.2.
Copyright ©2001-2010 FUDforum Bulletin Board Software

Back to the top