Skip to main content

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [List Home]
Re: [jetty-users] SSLHandshakeException: no cipher suites in common for all connections

Hi Shahryar

No, it is definitely a JCEKS key store, despite the .jks extension.
C:\jettyssl>keytool -list -keystore trajan.jks -storetype jceks
-storepass welcome1 -v

Keystore type: JCEKS
Keystore provider: SunJCE

Your keystore contains 1 entry

Alias name: trajanssl
Creation date: 20/08/2013
Entry type: PrivateKeyEntry
Certificate chain length: 1
Owner: C=US, ST=California, L=Redwood Shores, O=SELF-SIGNED,
OU=SELF-SIGNED, CN=sjklaptop
Issuer: C=US, ST=California, L=Redwood Shores, O=SELF-SIGNED,
OU=SELF-SIGNED, CN=sjklaptop
Serial number: 406e959cbb18494d01dc12c9ff2a78cc
Valid from: Tue Aug 20 16:24:01 EST 2013 until: Fri Aug 18 16:24:01 EST 2023
Certificate fingerprints:
         MD5:  6E:A3:9B:8D:A6:EB:FC:93:46:A4:64:EF:AF:D7:BA:C1
         SHA1: 20:0C:70:F1:44:77:AC:28:B8:15:85:AC:1B:CE:8D:C1:1A:9E:7A:29
         Signature algorithm name: SHA1withRSA
         Version: 3


In my experience, specifying storetype of JCEKS but supplying a JKS
key store is harmless, since the SunJCE key store provider knows how
to read JKS keystores. (The opposite is not true.) But, in any event,
that is not what I have done.

What I did do, however, is supply an invalid certificate. I had the
SubjectPublicKeyInfo algorithm set to sha1WithRsa, which is
nonsensical. I have corrected that to be rsa.

Now the simplified test case is working, but the main program I am
working on is still behaving in the same way even using the same
keystore. Hmm...


On 19 August 2013 23:57, Shahryar Sedghi <shsedghi@xxxxxxxxx> wrote:
> At the first glance I see :
> sslContextFactory.setKeyStoreType("JCEKS");
> while
> sslContextFactory.setKeyStorePath("trajan.jks");
> JKS and JCEKS are different key store types. Are you sure it is not the one
> causing it?
> On Mon, Aug 19, 2013 at 7:11 AM, Lothar Kimmeringer <job@xxxxxxxxxxxxxx>
> wrote:
>> Hi,
>> Am 19.08.2013 03:29, schrieb SJ Kissane:
>> > Jetty never responds. Full trace here:
>> >
>> What is the debug-output of the server? When it starts up, you can
>> see the list of SSL-versions and ciphers that are supported by
>> the server.
>> Regards, Lothar
>> _______________________________________________
>> jetty-users mailing list
>> jetty-users@xxxxxxxxxxx
> --
> Life has no meaning a priori … It is up to you to give it a meaning, and
> value is nothing but the meaning that you choose ~ Jean-Paul Sartre
> _______________________________________________
> jetty-users mailing list
> jetty-users@xxxxxxxxxxx

Back to the top