| Re: [jetty-users] Issue with TLS/SSL Handshake with Jetty-9.4.12 |
S_256_GCM_SHA384, Unknown 0xcc:0xa9, Unknown 0xcc:0xa8, SSL_ECDHE_RSA_WITH_AES_128_CBC_SHA, SSL_ECDHE_RSA_WITH_AES_256_CBC_SHA, SSL_RSA_WITH_AES_128_GCM_SHA256,
ES_256_GCM_SHA384, SSL_RSA_WITH_AES_128_CBC_SHA, SSL_RSA_WITH_AES_256_CBC_SHA, SSL_RSA_WITH_3DES_EDE_CBC_SHA]
You seem to be using an IBM JVM with the non-RFC Cipher Suite names.
The updated default excludes are likely causing problems with your choice of JVM.
The updated Cipher Suites excludes issue: https://github.com/eclipse/jetty.project/issues/2807
See IBM j9 JVM specific issue: https://github.com/eclipse/jetty.project/issues/2921
_______________________________________________=====================================================Hi all,
We have noticed an odd behavior when we upgraded from jetty-9.4.11 to jetty-9.4.12. The same cipher suites and private key that works with jetty-9.4.11 is failing with jetty-9.4.12. The browser clients are exactly the same, it fails with Chrome, FF, and IE. Here are the TLS/SSL debug info that we see when the browser client comes in. We would like to know if anyone has encountered the same issue:
Is initial handshake: true
qtp1065544782-23, READ: TLSv1 Handshake, length = 181
*** ClientHello, TLSv1.2
RandomCookie: GMT: 2126030534 bytes = { 27, 197, 135, 255, 107, 39, 249, 101, 178, 205, 70, 191, 220, 146, 188, 170, 240, 23, 116, 17, 190, 32, 240, 102, 164,
Session ID: {}
Cipher Suites: [Unknown 0xa:0xa, SSL_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, SSL_ECDHE_RSA_WITH_AES_128_GCM_SHA256, SSL_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, SSL_EC
S_256_GCM_SHA384, Unknown 0xcc:0xa9, Unknown 0xcc:0xa8, SSL_ECDHE_RSA_WITH_AES_128_CBC_SHA, SSL_ECDHE_RSA_WITH_AES_256_CBC_SHA, SSL_RSA_WITH_AES_128_GCM_SHA256,
ES_256_GCM_SHA384, SSL_RSA_WITH_AES_128_CBC_SHA, SSL_RSA_WITH_AES_256_CBC_SHA, SSL_RSA_WITH_3DES_EDE_CBC_SHA]
Compression Methods: { 0 }
Unsupported extension type_51914, data:
Extension renegotiation_info, ri_length: 0, ri_connection_data: { null }
Extension extended_master_secret
Unsupported extension type_35, data:
Extension signature_algorithms, signature_algorithms: SHA256withECDSA, Unknown (hash:0x8, signature:0x4), SHA256withRSA, SHA384withECDSA, Unknown (hash:0x8, sig
A384withRSA, Unknown (hash:0x8, signature:0x6), SHA512withRSA, SHA1withRSA
Unsupported extension status_request, data: 01:00:00:00:00
Unsupported extension type_18, data:
Extension application_layer_protocol_negotiation, protocol names: [h2][http/1.1]
Unsupported extension type_30032, data:
Extension ec_point_formats, formats: [uncompressed]
Extension elliptic_curves, curve names: {unknown curve 35466, unknown curve 29, secp256r1, secp384r1}
Unsupported extension type_27, data: 02:00:02
Unsupported extension type_10794, data: 00
***
[read] MD5 and SHA1 hashes: len = 181
0000: 01 00 00 b1 03 03 7f b9 a7 c6 1b c5 87 ff 6b 27 ..............k.
0010: f9 65 b2 cd 46 bf dc 92 bc aa f0 17 74 11 be 20 .e..F.......t...
0020: f0 66 a4 97 44 e7 00 00 1c 0a 0a c0 2b c0 2f c0 .f..D...........
0030: 2c c0 30 cc a9 cc a8 c0 13 c0 14 00 9c 00 9d 00 ..0.............
0040: 2f 00 35 00 0a 01 00 00 6c ca ca 00 00 ff 01 00 ..5.....l.......
0050: 01 00 00 17 00 00 00 23 00 00 00 0d 00 14 00 12 ................
0060: 04 03 08 04 04 01 05 03 08 05 05 01 08 06 06 01 ................
0070: 02 01 00 05 00 05 01 00 00 00 00 00 12 00 00 00 ................
0080: 10 00 0e 00 0c 02 68 32 08 68 74 74 70 2f 31 2e ......h2.http.1.
0090: 31 75 50 00 00 00 0b 00 02 01 00 00 0a 00 0a 00 1uP.............
00a0: 08 8a 8a 00 1d 00 17 00 18 00 1b 00 03 02 00 02 ................
00b0: 2a 2a 00 01 00 .....
ALPNJSSEExt not initialized for Server
ALPN will not be negotiated2c04dae7[SSLEngine[hostname=10.120.136.135 port=60235] SSL_NULL_WITH_NULL_NULL]
%% Initialized: [Session-6, SSL_NULL_WITH_NULL_NULL]
qtp1065544782-23, fatal error: 40: no cipher suites in common
javax.net.ssl.SSLHandshakeException: no cipher suites in common
%% Invalidated: [Session-6, SSL_NULL_WITH_NULL_NULL]
qtp1065544782-23, SEND TLSv1.2 ALERT: fatal, description = handshake_failure
qtp1065544782-23, WRITE: TLSv1.2 Alert, length = 2
qtp1065544782-23, fatal: engine already closed. Rethrowing javax.net.ssl.SSLHandshakeException: no cipher suites in common
qtp1065544782-23, called closeOutbound()
qtp1065544782-23, closeOutboundInternal()
Using SSLEngineImpl.
Using SSLEngineImpl.
Please refer to http://www.aricent.com/email-disclaimer
for important disclosures regarding this electronic communication.
=====================================================
jetty-users mailing list
jetty-users@xxxxxxxxxxx
To change your delivery options, retrieve your password, or unsubscribe from this list, visit
https://dev.eclipse.org/mailman/listinfo/jetty-users