Re: [jetty-users] ERR_SSL_VERSION_OR_CIPHER

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [List Home]

Re: [jetty-users] ERR_SSL_VERSION_OR_CIPHER_MISMATCH

From: Lou DeGenaro <lou.degenaro@xxxxxxxxx>
Date: Fri, 24 Feb 2017 09:50:16 -0500
Delivered-to: jetty-users@xxxxxxxxxxx
List-archive: <https://dev.eclipse.org/mailman/private/jetty-users>
List-help: <mailto:jetty-users-request@eclipse.org?subject=help>
List-subscribe: <https://dev.eclipse.org/mailman/listinfo/jetty-users>, <mailto:jetty-users-request@eclipse.org?subject=subscribe>
List-unsubscribe: <https://dev.eclipse.org/mailman/options/jetty-users>, <mailto:jetty-users-request@eclipse.org?subject=unsubscribe>

bash-4.1$ /share/ibm-jdk1.8/bin/java -version
java version "1.8.0"
Java(TM) SE Runtime Environment (build pxa6480sr3-20160428_01(SR3))
IBM J9 VM (build 2.8, JRE 1.8.0 Linux amd64-64 Compressed References 20160427_301573 (JIT enabled, AOT enabled)
J9VM - R28_Java8_SR3_20160427_1620_B301573
JIT - tr.r14.java.green_20160329_114288
GC - R28_Java8_SR3_20160427_1620_B301573_CMPRSS
J9CL - 20160427_301573)
JCL - 20160421_01 based on Oracle jdk8u91-b14

The certificate is "Base64-encoded X509 Certificate".

My rough count of characters between BEGIN and END is 5120.

Lou.

On Fri, Feb 24, 2017 at 9:31 AM, Joakim Erdfelt <joakim@xxxxxxxxxxx> wrote:

Which version of Java?
(Make sure you are running the latest JVM, as that's a requirement for SSL/TLS. Pay attention to the JVM release notes and follow the JVM expiration notices!)

What are the security details of ducc.crt?
(DSA? RSA? what bitlength? What type of certificate? does your start.ini configuration indicate this type if nor jks? -
hint, DSA is a no-go anymore, and a bitlength under 2048 will fail too)

Joakim Erdfelt / joakim@xxxxxxxxxxx

On Fri, Feb 24, 2017 at 6:49 AM, Lou DeGenaro <lou.degenaro@xxxxxxxxx> wrote:
2017-02-24 08:05:25.900:INFO:oejs.Server:main: jetty-9.4.2.v20170220

I created a folder for my webapp called "test" and put my "Hello World" index.html in it. http serves it just fine, thank you. https no so much.

Chromium says: ERR_SSL_VERSION_OR_CIPHER_MISMATCH
FireFox says: SSL_ERROR_NO_CYPHER_OVERLAP

I created the keystore like so:

keytool -keystore keystore -import -alias jetty -file ducc.crt

I edited the start.ini file with the keystore password for both jetty.keystore.password and jetty.truststore.password.

I've made no other changes to the jetty that I downloaded.

I'm a bit out of my comfort zone here, so it's likely that I'm doing something wrong. Please advise.

Thanks.

Lou.

_______________________________________________
jetty-users mailing list
jetty-users@xxxxxxxxxxx
To change your delivery options, retrieve your password, or unsubscribe from this list, visit
https://dev.eclipse.org/mailman/listinfo/jetty-users

_______________________________________________
jetty-users mailing list
jetty-users@xxxxxxxxxxx
To change your delivery options, retrieve your password, or unsubscribe from this list, visit
https://dev.eclipse.org/mailman/listinfo/jetty-users

References:
- [jetty-users] ERR_SSL_VERSION_OR_CIPHER_MISMATCH
  - From: Lou DeGenaro
- Re: [jetty-users] ERR_SSL_VERSION_OR_CIPHER_MISMATCH
  - From: Joakim Erdfelt

Prev by Date: Re: [jetty-users] ERR_SSL_VERSION_OR_CIPHER_MISMATCH
Next by Date: Re: [jetty-users] ERR_SSL_VERSION_OR_CIPHER_MISMATCH
Previous by thread: Re: [jetty-users] ERR_SSL_VERSION_OR_CIPHER_MISMATCH
Next by thread: Re: [jetty-users] ERR_SSL_VERSION_OR_CIPHER_MISMATCH
Index(es):
- Date
- Thread

Breadcrumbs