[jetty-users] Issue with Jetty 7.5.4 / 8.1.3 - SSL and Firefox 12.0

[Charles Moulliard <cmoulliard@xxxxxxxxx>]

Hi,

I use Jetty WebSocket with SSL and when I try connect to the SSL address https://localhost:8443 of my Jetty Application Server (7.5.4 or 8.1.3), I get the following error from Firefox 12

*** ClientHello, TLSv1

RandomCookie:  GMT: 1322641391 bytes = { 185, 81, 146, 11, 172, 15, 154, 172, 211, 186, 248, 5, 124, 220, 4, 26, 177, 30, 22, 147, 23, 153, 58, 109, 209, 96, 106, 47 }

Session ID:  {}

Cipher Suites: [TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, Unknown 0x0:0x88, TLS_DHE_RSA_WITH_AES_256_CBC_SHA, TLS_ECDH_RSA_WITH_AES_256_CBC_SHA, TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA, Unknown 0x0:0x84, TLS_RSA_WITH_AES_256_CBC_SHA, SSL_RSA_WITH_3DES_EDE_CBC_SHA]

Compression Methods:  { 0 }

Unsupported extension server_name, [host_name: localhost]

Extension renegotiation_info, renegotiated_connection: <empty>

Extension elliptic_curves, curve names: {secp256r1, secp384r1, secp521r1}

Extension ec_point_formats, formats: [uncompressed]

Unsupported extension type_35, data: 

***

qtp1295075195-37, fatal error: 40: no cipher suites in common

javax.net.ssl.SSLHandshakeException: no cipher suites in common

qtp1295075195-37, SEND TLSv1 ALERT:  fatal, description = handshake_failure

qtp1295075195-37, WRITE: TLSv1 Alert, length = 2

qtp1295075195-37, fatal: engine already closed.  Rethrowing javax.net.ssl.SSLHandshakeException: no cipher suites in common

[              qtp1295075195-37] ssl                            WARN  127.0.0.1:55319 

javax.net.ssl.SSLHandshakeException: no cipher suites in common

at com.sun.net.ssl.internal.ssl.Handshaker.checkThrown(Handshaker.java:1015)[:1.6]

at com.sun.net.ssl.internal.ssl.SSLEngineImpl.checkTaskThrown(SSLEngineImpl.java:485)[:1.6]

at com.sun.net.ssl.internal.ssl.SSLEngineImpl.writeAppRecord(SSLEngineImpl.java:1128)[:1.6]

at com.sun.net.ssl.internal.ssl.SSLEngineImpl.wrap(SSLEngineImpl.java:1100)[:1.6]

at javax.net.ssl.SSLEngine.wrap(SSLEngine.java:452)[:1.6]

at org.eclipse.jetty.io.nio.SslSelectChannelEndPoint.wrap(SslSelectChannelEndPoint.java:642)[jetty-io-7.5.4.v20111024.jar:7.5.4.v20111024]

at org.eclipse.jetty.io.nio.SslSelectChannelEndPoint.process(SslSelectChannelEndPoint.java:309)[jetty-io-7.5.4.v20111024.jar:7.5.4.v20111024]

at org.eclipse.jetty.io.nio.SslSelectChannelEndPoint.fill(SslSelectChannelEndPoint.java:398)[jetty-io-7.5.4.v20111024.jar:7.5.4.v20111024]

at org.eclipse.jetty.http.HttpParser.fill(HttpParser.java:949)[jetty-http-7.5.4.v20111024.jar:7.5.4.v20111024]

Remarks :

- The certificate used is created using openssl and keytool on a Mac OS machine. 

- I can access to my server using Google Chrome or Safari. In this case, I can use the cipher

- JDK = 1.6.0_31 

***

{79, 214, 232, 192, 54, 177, 254, 131, 145, 44, 31, 240, 172, 161, 8, 240, 163, 176, 154, 85, 138, 34, 187, 54, 101, 200, 204, 231, 51, 185, 13, 175}

Cipher Suite: TLS_DHE_DSS_WITH_AES_256_CBC_SHA

Compression Method: 0

Extension renegotiation_info, renegotiated_connection: <empty>

***

Cipher suite:  TLS_DHE_DSS_WITH_AES_256_CBC_SHA

qtp1295075195-96, WRITE: TLSv1 Handshake, length = 48

[5-51 - /js/jquery-1.7.2-min.js] Server                         DEBUG REQUEST /js/jquery-1.7.2-min.js on org.eclipse.jetty.server.nio.SelectChannelConnector$SelectChannelHttpConnection@2a6a4b6@127.0.0.1:8443<->127.0.0.1:55504

Regards,

Charles Moulliard

Apache Committer

Blog : http://cmoulliard.blogspot.com
Twitter : http://twitter.com/cmoulliard
Linkedin : http://www.linkedin.com/in/charlesmoulliard
Skype: cmoulliard