Skip to main content
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [List Home]
[jetty-users] Strange failure of SSL handshake after Jetty Upgrade.
  • From: Srijith Kochunni <Srijith.Kochunni@xxxxxxxxxxxxxx>
  • Date: Fri, 17 Feb 2023 14:37:36 +0000
  • Accept-language: en-US
  • Arc-authentication-results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=microfocus.com; dmarc=pass action=none header.from=microfocus.com; dkim=pass header.d=microfocus.com; arc=none
  • Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=hZ8nw46d6GXuSw2D5lbqfhPi9UYzEEai7XNxiP4rxnI=; b=Kedh+3YBRcH67z1BIqv6lk5nfVMNOQrQhpLYkGMvwSFxQNcgozj3Cn2wycjWHp6Py+71Ed3hOUYDj/Ke6Q63FuDI896nLV/daZwWfDYOgA8sW9YlK0zGLb4DneFMA4A/AerKbDbuJ9ahb9qQGG5pOJZwSNDXIKC0Vm93424quXBmyPGwI3j1hvVwxJS/ihjdrjgOESeTfENoW6mhs/3X5LcQ1zv25dLVkRb8hiVniyvHEfSjsD92DYFdqMex2KIPfZ1Pkjxi5T3n161PQ/TrUqiIuO3YRukAc/ZjbSPtQm9WfoC73x/U8iOZIw4JdFcOPSSCbp0IcIoU4MtvuL4eBQ==
  • Arc-seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=DfMC5URDi/wk3GW/xfyMEdSM6R8Sdwlg7iRMb+yQxqKmbEV7q1xr7Z6uAwA2YgB8tF/dlJEAGYGVZmGssQpe8LDjx5/85FQoY3eFsqVYHzuE2/QduisE7rq2bRzDFN71b3AHmZM+ojmy050h9bDb1Zf8ZvP0GhIhh1xD5yN4YdIBVQN7Aux3qQ2fUNVtKV1v/E3qAcgYB/udIx/vRUKfP6w8XvqbRQ9fvjTlNsOlrl02fqFPDGjQ1TeJfnBmhaHpQQvAOfVN6suNA6GD6i9lxqUnCaZ6FltJC4INT9IU8p+d5d6h3A9ZuB7fAP1mbEBuQUOzBejq2AEQLBCrWP3pTw==
  • Delivered-to: jetty-users@xxxxxxxxxxx
  • List-archive: <https://www.eclipse.org/mailman/private/jetty-users/>
  • List-help: <mailto:jetty-users-request@eclipse.org?subject=help>
  • List-subscribe: <https://www.eclipse.org/mailman/listinfo/jetty-users>, <mailto:jetty-users-request@eclipse.org?subject=subscribe>
  • List-unsubscribe: <https://www.eclipse.org/mailman/options/jetty-users>, <mailto:jetty-users-request@eclipse.org?subject=unsubscribe>
  • Thread-index: AdlC20ZwDqXODVmJTriV3OQ4XVv8Hg==
  • Thread-topic: Strange failure of SSL handshake after Jetty Upgrade.

Hi,

 

          We’re observing a random issue with some of our customers, after doing an upgrade of the Jetty from 9.4.11 to 9.4.44. We’re starting Jetty programmatically in a Zulu JRE 8 runtime.

 

         We’re initializing the SSLContextFactory as follows

 

        SslContextFactory contextFactory = new SslContextFactory.Server();
        contextFactory.setKeyStorePath(config.getKeyStorePath());
        contextFactory.setKeyStorePassword(config.getDecryptedPassword());
        contextFactory.setTrustStorePath(config.getKeyStorePath());
        contextFactory.setTrustStorePassword(config.getDecryptedPassword());
        contextFactory.setExcludeCipherSuites(excCipherSuites);
        contextFactory.addExcludeProtocols(excludedProtocols.toArray(new String[0]));

 

 

           What we’re observing is that the SSL handshake is failing when the server is accessed over FQDN. However the handshake goes through when accessed over IP Address.

 

           Enabled, Java SSL Logging and herewith attaching the trace of the same.

 

           What we see in the logs is

 

           javax.net.ssl|SEVERE|08 1C|qtp1363141203-2076|2023-02-07 12:35:40.763 EST|TransportContext.java:340|Fatal (HANDSHAKE_FAILURE): no cipher suites in common (

"throwable" : {

  javax.net.ssl.SSLHandshakeException: no cipher suites in common

                at sun.security.ssl.Alert.createSSLException(Alert.java:131)

                at sun.security.ssl.Alert.createSSLException(Alert.java:117)

                at sun.security.ssl.TransportContext.fatal(TransportContext.java:335)

                at sun.security.ssl.TransportContext.fatal(TransportContext.java:291)

                at sun.security.ssl.TransportContext.fatal(TransportContext.java:282)

                at sun.security.ssl.ServerHello$T12ServerHelloProducer.chooseCipherSuite(ServerHello.java:461)

                at sun.security.ssl.ServerHello$T12ServerHelloProducer.produce(ServerHello.java:296)

                at sun.security.ssl.SSLHandshake.produce(SSLHandshake.java:421)

                at sun.security.ssl.ClientHello$T12ClientHelloConsumer.consume(ClientHello.java:1020)

                at sun.security.ssl.ClientHello$ClientHelloConsumer.onClientHello(ClientHello.java:727)

                at sun.security.ssl.ClientHello$ClientHelloConsumer.consume(ClientHello.java:693)

                at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:377)

                at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:444)

                at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:981)

                at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:968)

                at java.security.AccessController.doPrivileged(Native Method)

                at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:915)

                at org.eclipse.jetty.io.ssl.SslConnection$DecryptedEndPoint.fill(SslConnection.java:654)

                at org.eclipse.jetty.server.HttpConnection.fillRequestBuffer(HttpConnection.java:350)

                at org.eclipse.jetty.server.HttpConnection.onFillable(HttpConnection.java:260)

                at org.eclipse.jetty.io.AbstractConnection$ReadCallback.succeeded(AbstractConnection.java:311)

                at org.eclipse.jetty.io.FillInterest.fillable(FillInterest.java:105)

                at org.eclipse.jetty.io.ssl.SslConnection$DecryptedEndPoint.onFillable(SslConnection.java:555)

                at org.eclipse.jetty.io.ssl.SslConnection.onFillable(SslConnection.java:410)

                at org.eclipse.jetty.io.ssl.SslConnection$2.succeeded(SslConnection.java:164)

                at org.eclipse.jetty.io.FillInterest.fillable(FillInterest.java:105)

                at org.eclipse.jetty.io.ChannelEndPoint$1.run(ChannelEndPoint.java:104)

                at org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.runTask(EatWhatYouKill.java:338)

                at org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.doProduce(EatWhatYouKill.java:315)

                at org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.tryProduce(EatWhatYouKill.java:173)

                at org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.run(EatWhatYouKill.java:131)

                at org.eclipse.jetty.util.thread.ReservedThreadExecutor$ReservedThread.run(ReservedThreadExecutor.java:409)

                at org.eclipse.jetty.util.thread.QueuedThreadPool.runJob(QueuedThreadPool.java:883)

                at org.eclipse.jetty.util.thread.QueuedThreadPool$Runner.run(QueuedThreadPool.java:1034)

                at java.lang.Thread.run(Thread.java:750)}

 

      The problem seems similar to the issue seen in the case of https://github.com/eclipse/jetty.project/issues/7691 - However this was seen on Java 11.

 

       Also seems similar to the issue seen in https://github.com/eclipse/jetty.project/issues/6099, but in this it is marked as Fixed in 9.4.41 and we’re on 9.4.44. We tried to follow the workaround of setting sni required as true. But in our internal testing, after setting that, handshake was failing both over IP and FQDN.

 

       We’re working to see if we can dump on server start and collect more logs, but meanwhile if we can get any help here, it would be much appreciated.

 

        What we’re clear is that the Server Hello is not able to prove possession and therefore the handshake is failing. How it is related to Jetty version is what we’re trying to figure out.

 

 

Thanks,

Srijith.

javax.net.ssl|FINE|07 F3|qtp1363141203-2035|2023-02-07 12:35:40.760 EST|ClientHello.java:689|Consuming ClientHello handshake message (
"ClientHello": {
  "client version"      : "TLSv1.2",
  "random"              : "4A 7B 44 66 DA F6 D4 00 60 62 09 96 D5 B8 BA F5 EE 51 B4 3B B1 E1 5A 58 8E B9 7A E6 3A D9 14 58",
  "session id"          : "18 CB 45 94 D3 BC 60 E5 08 A5 3E CF FA 68 F9 CA 96 91 20 38 0B 62 0B EF 1E EE 49 AA E3 2E ED C5",
  "cipher suites"       : "[UNKNOWN-CIPHER-SUITE(0x2A2A)(0x2A2A), TLS_AES_128_GCM_SHA256(0x1301), TLS_AES_256_GCM_SHA384(0x1302), TLS_CHACHA20_POLY1305_SHA256(0x1303), TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256(0xC02B), TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256(0xC02F), TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384(0xC02C), TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384(0xC030), UNKNOWN-CIPHER-SUITE(0xCCA9)(0xCCA9), UNKNOWN-CIPHER-SUITE(0xCCA8)(0xCCA8), TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA(0xC013), TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA(0xC014), TLS_RSA_WITH_AES_128_GCM_SHA256(0x009C), TLS_RSA_WITH_AES_256_GCM_SHA384(0x009D), TLS_RSA_WITH_AES_128_CBC_SHA(0x002F), TLS_RSA_WITH_AES_256_CBC_SHA(0x0035)]",
  "compression methods" : "00",
  "extensions"          : [
    "unknown extension (60,138)": {
      
    },
    "application_layer_protocol_negotiation (16)": {
      [h2, http/1.1]
    },
    "key_share (51)": {
      "client_shares": [  
        {
          "named group": UNDEFINED-NAMED-GROUP(47802)
          "key_exchange": {
            0000: 00 
          }
        },
        {
          "named group": x25519
          "key_exchange": {
            0000: 13 A1 84 46 AB BA 4E 5A   2E 47 BE B3 D9 6D E6 B4  ...F..NZ.G...m..
            0010: 70 57 2F 2C FC 48 E3 E4   C6 1C 52 A6 5A 8E B2 58  pW/,.H....R.Z..X
          }
        },
      ]
    },
    "server_name (0)": {
      type=host_name (0), value=cotlv201.corp.toronto.ca
    },
    "status_request (5)": {
      "certificate status type": ocsp
      "OCSP status request": {
        "responder_id": <empty>
        "request extensions": {
          <empty>
        }
      }
    },
    "extended_master_secret (23)": {
      <empty>
    },
    "unknown extension (17,513)": {
      0000: 00 03 02 68 32                                     ...h2
    },
    "ec_point_formats (11)": {
      "formats": [uncompressed]
    },
    "signed_certificate_timestamp (18)": {
      
    },
    "supported_versions (43)": {
      "versions": [TLS-42.42, TLSv1.3, TLSv1.2]
    },
    "supported_groups (10)": {
      "versions": [UNDEFINED-NAMED-GROUP(47802), x25519, secp256r1, secp384r1]
    },
    "signature_algorithms (13)": {
      "signature schemes": [ecdsa_secp256r1_sha256, rsa_pss_rsae_sha256, rsa_pkcs1_sha256, ecdsa_secp384r1_sha384, rsa_pss_rsae_sha384, rsa_pkcs1_sha384, rsa_pss_rsae_sha512, rsa_pkcs1_sha512, rsa_pkcs1_sha1]
    },
    "psk_key_exchange_modes (45)": {
      "ke_modes": [psk_dhe_ke]
    },
    "unknown extension (27)": {
      0000: 02 00 02                                           ...
    },
    "session_ticket (35)": {
      
    },
    "renegotiation_info (65,281)": {
      "renegotiated connection": [<no renegotiated connection>]
    },
    "unknown extension (64,250)": {
      0000: 00                                                 .
    },
    "client_certificate_type (21)": {
      0000: 00 00 00 00 00 00 00 00   00 00 00 00 00 00 00 00  ................
      0010: 00 00 00 00 00 00 00 00   00 00 00 00 00 00 00 00  ................
      0020: 00 00 00 00 00 00 00 00   00 00 00 00 00 00 00 00  ................
      0030: 00 00 00 00 00 00 00 00   00 00 00 00 00 00 00 00  ................
      0040: 00 00 00 00 00 00 00 00   00 00 00 00 00 00 00 00  ................
      0050: 00 00 00 00 00 00 00 00   00 00 00 00 00 00 00 00  ................
      0060: 00 00 00 00 00 00 00 00   00 00 00 00 00 00 00 00  ................
      0070: 00 00 00 00 00 00 00 00   00 00 00 00 00 00 00 00  ................
      0080: 00 00 00 00 00 00 00 00   00 00 00 00 00 00 00 00  ................
      0090: 00 00 00 00 00 00 00 00   00 00 00 00 00 00 00 00  ................
      00A0: 00 00 00 00 00 00 00 00   00 00 00 00 00 00 00 00  ................
      00B0: 00 00 00 00 00 00 00 00   00 00 00 00 00           .............
    }
  ]
}
)
javax.net.ssl|FINE|07 F3|qtp1363141203-2035|2023-02-07 12:35:40.761 EST|SSLExtensions.java:192|Consumed extension: supported_versions
javax.net.ssl|FINE|07 F3|qtp1363141203-2035|2023-02-07 12:35:40.761 EST|ClientHello.java:719|Negotiated protocol version: TLSv1.2
javax.net.ssl|ALL|07 F3|qtp1363141203-2035|2023-02-07 12:35:40.761 EST|ClientHello.java:849|Can't resume, the existing session is not rejoinable
javax.net.ssl|FINE|07 F3|qtp1363141203-2035|2023-02-07 12:35:40.761 EST|ServerNameExtension.java:310|server name indication (type=host_name (0), value=cotlv201.corp.toronto.ca) is accepted
javax.net.ssl|FINE|07 F3|qtp1363141203-2035|2023-02-07 12:35:40.761 EST|SSLExtensions.java:192|Consumed extension: server_name
javax.net.ssl|FINE|07 F3|qtp1363141203-2035|2023-02-07 12:35:40.761 EST|SSLExtensions.java:173|Ignore unavailable extension: max_fragment_length
javax.net.ssl|ALL|08 1C|qtp1363141203-2076|2023-02-07 12:35:40.761 EST|SignatureScheme.java:403|Ignore disabled signature scheme: rsa_md5
javax.net.ssl|FINE|07 F3|qtp1363141203-2035|2023-02-07 12:35:40.761 EST|SSLExtensions.java:192|Consumed extension: status_request
javax.net.ssl|ALL|08 1C|qtp1363141203-2076|2023-02-07 12:35:40.761 EST|SSLSessionImpl.java:215|Session initialized:  Session(1675791340761|SSL_NULL_WITH_NULL_NULL)
javax.net.ssl|FINE|07 F3|qtp1363141203-2035|2023-02-07 12:35:40.761 EST|SSLExtensions.java:192|Consumed extension: supported_groups
javax.net.ssl|WARNING|08 1C|qtp1363141203-2076|2023-02-07 12:35:40.761 EST|SSLExtensions.java:215|Ignore impact of unsupported extension: server_name
javax.net.ssl|FINE|07 F3|qtp1363141203-2035|2023-02-07 12:35:40.761 EST|SSLExtensions.java:192|Consumed extension: ec_point_formats
javax.net.ssl|FINE|08 1C|qtp1363141203-2076|2023-02-07 12:35:40.761 EST|SSLExtensions.java:207|Ignore unavailable extension: max_fragment_length
javax.net.ssl|FINE|07 F3|qtp1363141203-2035|2023-02-07 12:35:40.761 EST|SSLExtensions.java:192|Consumed extension: signature_algorithms
javax.net.ssl|WARNING|08 1C|qtp1363141203-2076|2023-02-07 12:35:40.761 EST|SSLExtensions.java:215|Ignore impact of unsupported extension: status_request
javax.net.ssl|FINE|07 F3|qtp1363141203-2035|2023-02-07 12:35:40.761 EST|SSLExtensions.java:173|Ignore unavailable extension: signature_algorithms_cert
javax.net.ssl|WARNING|08 1C|qtp1363141203-2076|2023-02-07 12:35:40.761 EST|SSLExtensions.java:215|Ignore impact of unsupported extension: supported_groups
javax.net.ssl|FINE|07 F3|qtp1363141203-2035|2023-02-07 12:35:40.761 EST|AlpnExtension.java:296|Ignore server unenabled extension: application_layer_protocol_negotiation
javax.net.ssl|WARNING|08 1C|qtp1363141203-2076|2023-02-07 12:35:40.761 EST|SSLExtensions.java:215|Ignore impact of unsupported extension: ec_point_formats
javax.net.ssl|FINE|07 F3|qtp1363141203-2035|2023-02-07 12:35:40.761 EST|SSLExtensions.java:192|Consumed extension: application_layer_protocol_negotiation
javax.net.ssl|FINE|07 F3|qtp1363141203-2035|2023-02-07 12:35:40.761 EST|SSLExtensions.java:173|Ignore unavailable extension: status_request_v2
javax.net.ssl|FINE|07 F3|qtp1363141203-2035|2023-02-07 12:35:40.761 EST|SSLExtensions.java:192|Consumed extension: extended_master_secret
javax.net.ssl|FINE|08 1C|qtp1363141203-2076|2023-02-07 12:35:40.761 EST|SSLExtensions.java:224|Populated with extension: signature_algorithms
javax.net.ssl|FINE|07 F3|qtp1363141203-2035|2023-02-07 12:35:40.762 EST|SSLExtensions.java:192|Consumed extension: supported_versions
javax.net.ssl|FINE|08 1C|qtp1363141203-2076|2023-02-07 12:35:40.762 EST|SSLExtensions.java:207|Ignore unavailable extension: signature_algorithms_cert
javax.net.ssl|FINE|07 F3|qtp1363141203-2035|2023-02-07 12:35:40.762 EST|SSLExtensions.java:192|Consumed extension: renegotiation_info
javax.net.ssl|WARNING|08 1C|qtp1363141203-2076|2023-02-07 12:35:40.762 EST|SSLExtensions.java:215|Ignore impact of unsupported extension: application_layer_protocol_negotiation
javax.net.ssl|ALL|07 F3|qtp1363141203-2035|2023-02-07 12:35:40.762 EST|SignatureScheme.java:384|Ignore unsupported signature scheme: ed25519
javax.net.ssl|FINE|08 1C|qtp1363141203-2076|2023-02-07 12:35:40.762 EST|SSLExtensions.java:207|Ignore unavailable extension: status_request_v2
javax.net.ssl|ALL|07 F3|qtp1363141203-2035|2023-02-07 12:35:40.762 EST|SignatureScheme.java:384|Ignore unsupported signature scheme: ed448
javax.net.ssl|WARNING|08 1C|qtp1363141203-2076|2023-02-07 12:35:40.762 EST|SSLExtensions.java:215|Ignore impact of unsupported extension: extended_master_secret
javax.net.ssl|WARNING|08 1C|qtp1363141203-2076|2023-02-07 12:35:40.762 EST|SSLExtensions.java:215|Ignore impact of unsupported extension: supported_versions
javax.net.ssl|WARNING|08 1C|qtp1363141203-2076|2023-02-07 12:35:40.762 EST|SSLExtensions.java:215|Ignore impact of unsupported extension: renegotiation_info
javax.net.ssl|ALL|08 1C|qtp1363141203-2076|2023-02-07 12:35:40.762 EST|X509Authentication.java:270|No X.509 cert selected for EC
javax.net.ssl|ALL|08 1C|qtp1363141203-2076|2023-02-07 12:35:40.762 EST|X509Authentication.java:270|No X.509 cert selected for EC
javax.net.ssl|ALL|07 F3|qtp1363141203-2035|2023-02-07 12:35:40.762 EST|SignatureScheme.java:403|Ignore disabled signature scheme: rsa_md5
javax.net.ssl|ALL|07 F3|qtp1363141203-2035|2023-02-07 12:35:40.762 EST|SSLSessionImpl.java:215|Session initialized:  Session(1675791340762|SSL_NULL_WITH_NULL_NULL)
javax.net.ssl|FINE|08 1C|qtp1363141203-2076|2023-02-07 12:35:40.762 EST|SunX509KeyManagerImpl.java:392|matching alias: tomcat
javax.net.ssl|WARNING|07 F3|qtp1363141203-2035|2023-02-07 12:35:40.762 EST|SSLExtensions.java:215|Ignore impact of unsupported extension: server_name
javax.net.ssl|FINE|07 F3|qtp1363141203-2035|2023-02-07 12:35:40.762 EST|SSLExtensions.java:207|Ignore unavailable extension: max_fragment_length
javax.net.ssl|ALL|08 1C|qtp1363141203-2076|2023-02-07 12:35:40.762 EST|X509Authentication.java:270|No X.509 cert selected for RSA
javax.net.ssl|WARNING|07 F3|qtp1363141203-2035|2023-02-07 12:35:40.762 EST|SSLExtensions.java:215|Ignore impact of unsupported extension: status_request
javax.net.ssl|ALL|08 1C|qtp1363141203-2076|2023-02-07 12:35:40.762 EST|X509Authentication.java:270|No X.509 cert selected for RSASSA-PSS
javax.net.ssl|WARNING|07 F3|qtp1363141203-2035|2023-02-07 12:35:40.762 EST|SSLExtensions.java:215|Ignore impact of unsupported extension: supported_groups
javax.net.ssl|WARNING|07 F3|qtp1363141203-2035|2023-02-07 12:35:40.763 EST|SSLExtensions.java:215|Ignore impact of unsupported extension: ec_point_formats
javax.net.ssl|FINE|08 1C|qtp1363141203-2076|2023-02-07 12:35:40.762 EST|SunX509KeyManagerImpl.java:392|matching alias: tomcat
javax.net.ssl|ALL|08 1C|qtp1363141203-2076|2023-02-07 12:35:40.763 EST|X509Authentication.java:270|No X.509 cert selected for RSA
javax.net.ssl|ALL|08 1C|qtp1363141203-2076|2023-02-07 12:35:40.763 EST|X509Authentication.java:270|No X.509 cert selected for RSASSA-PSS
javax.net.ssl|FINE|07 F3|qtp1363141203-2035|2023-02-07 12:35:40.763 EST|SSLExtensions.java:224|Populated with extension: signature_algorithms
javax.net.ssl|FINE|07 F3|qtp1363141203-2035|2023-02-07 12:35:40.763 EST|SSLExtensions.java:207|Ignore unavailable extension: signature_algorithms_cert
javax.net.ssl|WARNING|07 F3|qtp1363141203-2035|2023-02-07 12:35:40.763 EST|SSLExtensions.java:215|Ignore impact of unsupported extension: application_layer_protocol_negotiation
javax.net.ssl|FINE|07 F3|qtp1363141203-2035|2023-02-07 12:35:40.763 EST|SSLExtensions.java:207|Ignore unavailable extension: status_request_v2
javax.net.ssl|WARNING|07 F3|qtp1363141203-2035|2023-02-07 12:35:40.763 EST|SSLExtensions.java:215|Ignore impact of unsupported extension: extended_master_secret
javax.net.ssl|WARNING|07 F3|qtp1363141203-2035|2023-02-07 12:35:40.763 EST|SSLExtensions.java:215|Ignore impact of unsupported extension: supported_versions
javax.net.ssl|SEVERE|08 1C|qtp1363141203-2076|2023-02-07 12:35:40.763 EST|TransportContext.java:340|Fatal (HANDSHAKE_FAILURE): no cipher suites in common (
"throwable" : {
  javax.net.ssl.SSLHandshakeException: no cipher suites in common
  	at sun.security.ssl.Alert.createSSLException(Alert.java:131)
  	at sun.security.ssl.Alert.createSSLException(Alert.java:117)
  	at sun.security.ssl.TransportContext.fatal(TransportContext.java:335)
  	at sun.security.ssl.TransportContext.fatal(TransportContext.java:291)
  	at sun.security.ssl.TransportContext.fatal(TransportContext.java:282)
  	at sun.security.ssl.ServerHello$T12ServerHelloProducer.chooseCipherSuite(ServerHello.java:461)
  	at sun.security.ssl.ServerHello$T12ServerHelloProducer.produce(ServerHello.java:296)
  	at sun.security.ssl.SSLHandshake.produce(SSLHandshake.java:421)
  	at sun.security.ssl.ClientHello$T12ClientHelloConsumer.consume(ClientHello.java:1020)
  	at sun.security.ssl.ClientHello$ClientHelloConsumer.onClientHello(ClientHello.java:727)
  	at sun.security.ssl.ClientHello$ClientHelloConsumer.consume(ClientHello.java:693)
  	at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:377)
  	at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:444)
  	at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:981)
  	at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:968)
  	at java.security.AccessController.doPrivileged(Native Method)
  	at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:915)
  	at org.eclipse.jetty.io.ssl.SslConnection$DecryptedEndPoint.fill(SslConnection.java:654)
  	at org.eclipse.jetty.server.HttpConnection.fillRequestBuffer(HttpConnection.java:350)
  	at org.eclipse.jetty.server.HttpConnection.onFillable(HttpConnection.java:260)
  	at org.eclipse.jetty.io.AbstractConnection$ReadCallback.succeeded(AbstractConnection.java:311)
  	at org.eclipse.jetty.io.FillInterest.fillable(FillInterest.java:105)
  	at org.eclipse.jetty.io.ssl.SslConnection$DecryptedEndPoint.onFillable(SslConnection.java:555)
  	at org.eclipse.jetty.io.ssl.SslConnection.onFillable(SslConnection.java:410)
  	at org.eclipse.jetty.io.ssl.SslConnection$2.succeeded(SslConnection.java:164)
  	at org.eclipse.jetty.io.FillInterest.fillable(FillInterest.java:105)
  	at org.eclipse.jetty.io.ChannelEndPoint$1.run(ChannelEndPoint.java:104)
  	at org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.runTask(EatWhatYouKill.java:338)
  	at org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.doProduce(EatWhatYouKill.java:315)
  	at org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.tryProduce(EatWhatYouKill.java:173)
  	at org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.run(EatWhatYouKill.java:131)
  	at org.eclipse.jetty.util.thread.ReservedThreadExecutor$ReservedThread.run(ReservedThreadExecutor.java:409)
  	at org.eclipse.jetty.util.thread.QueuedThreadPool.runJob(QueuedThreadPool.java:883)
  	at org.eclipse.jetty.util.thread.QueuedThreadPool$Runner.run(QueuedThreadPool.java:1034)
  	at java.lang.Thread.run(Thread.java:750)}

)

Back to the top