[
Date Prev][
Date Next][
Thread Prev][
Thread Next][
Date Index][
Thread Index]
[
List Home]
|
Re: [jetty-users] SSLHandshakeException: no cipher suites in common for all connections
|
Hi Shahryar
No, it is definitely a JCEKS key store, despite the .jks extension.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
C:\jettyssl>keytool -list -keystore trajan.jks -storetype jceks
-storepass welcome1 -v
Keystore type: JCEKS
Keystore provider: SunJCE
Your keystore contains 1 entry
Alias name: trajanssl
Creation date: 20/08/2013
Entry type: PrivateKeyEntry
Certificate chain length: 1
Certificate[1]:
Owner: C=US, ST=California, L=Redwood Shores, O=SELF-SIGNED,
OU=SELF-SIGNED, CN=sjklaptop
Issuer: C=US, ST=California, L=Redwood Shores, O=SELF-SIGNED,
OU=SELF-SIGNED, CN=sjklaptop
Serial number: 406e959cbb18494d01dc12c9ff2a78cc
Valid from: Tue Aug 20 16:24:01 EST 2013 until: Fri Aug 18 16:24:01 EST 2023
Certificate fingerprints:
MD5: 6E:A3:9B:8D:A6:EB:FC:93:46:A4:64:EF:AF:D7:BA:C1
SHA1: 20:0C:70:F1:44:77:AC:28:B8:15:85:AC:1B:CE:8D:C1:1A:9E:7A:29
SHA256:
85:07:8E:FE:A0:56:6B:FB:96:22:10:A2:DA:95:D4:C4:45:AA:F3:6C:8D:BA:C3:AA:F4:E9:A5:A2:15:BC:26:4E
Signature algorithm name: SHA1withRSA
Version: 3
*******************************************
*******************************************
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
In my experience, specifying storetype of JCEKS but supplying a JKS
key store is harmless, since the SunJCE key store provider knows how
to read JKS keystores. (The opposite is not true.) But, in any event,
that is not what I have done.
What I did do, however, is supply an invalid certificate. I had the
SubjectPublicKeyInfo algorithm set to sha1WithRsa, which is
nonsensical. I have corrected that to be rsa.
Now the simplified test case is working, but the main program I am
working on is still behaving in the same way even using the same
keystore. Hmm...
Thanks
Simon
On 19 August 2013 23:57, Shahryar Sedghi <shsedghi@xxxxxxxxx> wrote:
> At the first glance I see :
>
> sslContextFactory.setKeyStoreType("JCEKS");
>
> while
>
> sslContextFactory.setKeyStorePath("trajan.jks");
>
> JKS and JCEKS are different key store types. Are you sure it is not the one
> causing it?
>
>
>
> On Mon, Aug 19, 2013 at 7:11 AM, Lothar Kimmeringer <job@xxxxxxxxxxxxxx>
> wrote:
>>
>> Hi,
>>
>> Am 19.08.2013 03:29, schrieb SJ Kissane:
>>
>> > Jetty never responds. Full trace here:
>> > https://sites.google.com/site/skissane/files/jettyssl.pcap
>>
>> What is the debug-output of the server? When it starts up, you can
>> see the list of SSL-versions and ciphers that are supported by
>> the server.
>>
>>
>> Regards, Lothar
>> _______________________________________________
>> jetty-users mailing list
>> jetty-users@xxxxxxxxxxx
>> https://dev.eclipse.org/mailman/listinfo/jetty-users
>
>
>
>
> --
> Life has no meaning a priori … It is up to you to give it a meaning, and
> value is nothing but the meaning that you choose ~ Jean-Paul Sartre
>
> _______________________________________________
> jetty-users mailing list
> jetty-users@xxxxxxxxxxx
> https://dev.eclipse.org/mailman/listinfo/jetty-users
>
