I recently received a certificate from Commodo and I'm trying to integrate it with my Scala Spray Server. I have an trait to configure my Spray sever:
import java.io.{BufferedInputStream, FileInputStream}
import java.security.{SecureRandom, KeyStore}
import java.security.cert.{X509Certificate, CertificateFactory}
import javax.net.ssl.{TrustManagerFactory, KeyManagerFactory, SSLContext}
import spray.io._
import org.apache.camel.util.jsse._
// for SSL support (if enabled in application.conf)
trait MySSLConfig {
// if there is no SSLContext in scope implicitly the HttpServer uses the default SSLContext,
// since we want non-default settings in this example we make a custom SSLContext available here
implicit def sslContext: SSLContext = {
val keyStoreResource = "/home/ubuntu/key.jks"
val password = "password"
val keyStore = KeyStore.getInstance("jks")
keyStore.load(getClass.getResourceAsStream(keyStoreResource), password.toCharArray)
val keyManagerFactory = KeyManagerFactory.getInstance("SunX509")
keyManagerFactory.init(keyStore, password.toCharArray)
val trustManagerFactory = TrustManagerFactory.getInstance("SunX509")
trustManagerFactory.init(keyStore)
val context = SSLContext.getInstance("TLS")
context.init(keyManagerFactory.getKeyManagers, trustManagerFactory.getTrustManagers, new SecureRandom)
context
}
implicit def sslEngineProvider: ServerSSLEngineProvider = {
ServerSSLEngineProvider { engine =>
engine.setEnabledCipherSuites(Array("TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256"))
engine.setEnabledProtocols(Array("SSLv3", "TLSv1.2", "TLSv1", "TLSv1.1"))
engine
}
}
}
However I am getting this error at runtime when I try and request my uri with https
2015-09-15 02:06:54,662 - [ERROR] - from akka.actor.OneForOneStrategy in NflDbApiActorSystemConfig-akka.actor.default-dispatcher-11
Unsupported ciphersuite TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
java.lang.IllegalArgumentException: Unsupported ciphersuite TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
at sun.security.ssl.CipherSuite.valueOf(CipherSuite.java:235) ~[na:1.7.0_79]
at sun.security.ssl.CipherSuiteList.<init>(CipherSuiteList.java:82) ~[na:1.7.0_79]
at sun.security.ssl.SSLEngineImpl.setEnabledCipherSuites(SSLEngineImpl.java:2014) ~[na:1.7.0_79]
at com.suredbits.dfs.config.MySSLConfig$$anonfun$sslEngineProvider$1.apply(MySslConfig.scala:34) ~[suredbits-dfs.suredbits-dfs-0.0.1.jar:0.0.1]
at com.suredbits.dfs.config.MySSLConfig$$anonfun$sslEngineProvider$1.apply(MySslConfig.scala:33) ~[suredbits-dfs.suredbits-dfs-0.0.1.jar:0.0.1]
at scala.Option.map(Option.scala:145) ~[suredbits-dfs-nfl-assembly-0.0.1.jar:0.0.1]
at spray.io.SSLEngineProviderCompanion$$anonfun$apply$3.apply(SslTlsSupport.scala:408) ~[suredbits-dfs-nfl-assembly-0.0.1.jar:0.0.1]
at spray.io.SSLEngineProviderCompanion$$anonfun$apply$3.apply(SslTlsSupport.scala:408) ~[suredbits-dfs-nfl-assembly-0.0.1.jar:0.0.1]
at spray.io.ServerSSLEngineProvider$$anon$3.apply(SslTlsSupport.scala:427) ~[suredbits-dfs-nfl-assembly-0.0.1.jar:0.0.1]
at spray.io.ServerSSLEngineProvider$$anon$3.apply(SslTlsSupport.scala:425) ~[suredbits-dfs-nfl-assembly-0.0.1.jar:0.0.1]
at spray.can.server.HttpServerConnection$$anon$1.sslEngine(HttpServerConnection.scala:78) ~[suredbits-dfs-nfl-assembly-0.0.1.jar:0.0.1]
at spray.can.server.RequestParsing$$anon$1$$anon$2.<init>(RequestParsing.scala:41) ~[suredbits-dfs-nfl-assembly-0.0.1.jar:0.0.1]
at spray.can.server.RequestParsing$$anon$1.apply(RequestParsing.scala:39) ~[suredbits-dfs-nfl-assembly-0.0.1.jar:0.0.1]
at spray.can.server.RequestParsing$$anon$1.apply(RequestParsing.scala:37) ~[suredbits-dfs-nfl-assembly-0.0.1.jar:0.0.1]
at spray.io.RawPipelineStage$$anon$3.apply(Pipelines.scala:117) ~[suredbits-dfs-nfl-assembly-0.0.1.jar:0.0.1]
at spray.io.RawPipelineStage$$anon$3.apply(Pipelines.scala:116) ~[suredbits-dfs-nfl-assembly-0.0.1.jar:0.0.1]
at spray.io.RawPipelineStage$$anon$3.apply(Pipelines.scala:116) ~[suredbits-dfs-nfl-assembly-0.0.1.jar:0.0.1]
at spray.io.RawPipelineStage$$anon$3.apply(Pipelines.scala:116) ~[suredbits-dfs-nfl-assembly-0.0.1.jar:0.0.1]
at spray.io.RawPipelineStage$$anon$3.apply(Pipelines.scala:116) ~[suredbits-dfs-nfl-assembly-0.0.1.jar:0.0.1]
at spray.io.RawPipelineStage$$anon$3.apply(Pipelines.scala:116) ~[suredbits-dfs-nfl-assembly-0.0.1.jar:0.0.1]
at spray.io.ConnectionHandler$class.running(ConnectionHandler.scala:56) ~[suredbits-dfs-nfl-assembly-0.0.1.jar:0.0.1]
at spray.can.server.HttpServerConnection.running(HttpServerConnection.scala:29) ~[suredbits-dfs-nfl-assembly-0.0.1.jar:0.0.1]
at spray.can.server.HttpServerConnection.register(HttpServerConnection.scala:68) ~[suredbits-dfs-nfl-assembly-0.0.1.jar:0.0.1]
at spray.can.server.HttpServerConnection$$anonfun$receive$1.applyOrElse(HttpServerConnection.scala:49) ~[suredbits-dfs-nfl-assembly-0.0.1.jar:0.0.1]
at akka.actor.Actor$class.aroundReceive(Actor.scala:465) ~[suredbits-dfs-nfl-assembly-0.0.1.jar:0.0.1]
at spray.can.server.HttpServerConnection.aroundReceive(HttpServerConnection.scala:29) ~[suredbits-dfs-nfl-assembly-0.0.1.jar:0.0.1]
at akka.actor.ActorCell.receiveMessage(ActorCell.scala:516) ~[suredbits-dfs-nfl-assembly-0.0.1.jar:0.0.1]
at akka.actor.ActorCell.invoke(ActorCell.scala:487) ~[suredbits-dfs-nfl-assembly-0.0.1.jar:0.0.1]
at akka.dispatch.Mailbox.processMailbox(Mailbox.scala:254) ~[suredbits-dfs-nfl-assembly-0.0.1.jar:0.0.1]
at akka.dispatch.Mailbox.run(Mailbox.scala:221) ~[suredbits-dfs-nfl-assembly-0.0.1.jar:0.0.1]
at akka.dispatch.Mailbox.exec(Mailbox.scala:231) ~[suredbits-dfs-nfl-assembly-0.0.1.jar:0.0.1]
at scala.concurrent.forkjoin.ForkJoinTask.doExec(ForkJoinTask.java:260) ~[suredbits-dfs-nfl-assembly-0.0.1.jar:0.0.1]
at scala.concurrent.forkjoin.ForkJoinPool$WorkQueue.runTask(ForkJoinPool.java:1339) ~[suredbits-dfs-nfl-assembly-0.0.1.jar:0.0.1]
at scala.concurrent.forkjoin.ForkJoinPool.runWorker(ForkJoinPool.java:1979) [suredbits-dfs-nfl-assembly-0.0.1.jar:0.0.1]
at scala.concurrent.forkjoin.ForkJoinWorkerThread.run(ForkJoinWorkerThread.java:107) [suredbits-dfs-nfl-assembly-0.0.1.jar:0.0.1]
Can anyone provide any insight as to why I am getting this error?
EDIT:
I upgraded the jdk to 1.8 as @Steffen Ullrich which yields a new error that I am receiving:
2015-09-15 15:14:51,717 - [ERROR] - from spray.can.server.HttpServerConnection in NflDbApiActorSystemConfig-akka.actor.default-dispatcher-7
Aborting encrypted connection to my-ip due to [SSLHandshakeException:no cipher suites in common] -> [SSLHandshakeException:no cipher suites in common]
2015-09-15 15:14:51,881 - [ERROR] - from spray.can.server.HttpServerConnection in NflDbApiActorSystemConfig-akka.actor.default-dispatcher-4
Aborting encrypted connection to my-ip due to [SSLHandshakeException:no cipher suites in common] -> [SSLHandshakeException:no cipher suites in common]
2015-09-15 15:14:52,029 - [ERROR] - from spray.can.server.HttpServerConnection in NflDbApiActorSystemConfig-akka.actor.default-dispatcher-10
Aborting encrypted connection to my-ip due to [SSLHandshakeException:Client requested protocol TLSv1.1 not enabled or not supported] -> [SSLHandshakeException:Client requested protocol TLSv1.1 not enabled or not supported]
2015-09-15 15:14:52,184 - [ERROR] - from spray.can.server.HttpServerConnection in NflDbApiActorSystemConfig-akka.actor.default-dispatcher-2
Aborting encrypted connection to my-ip due to [SSLHandshakeException:Client requested protocol TLSv1 not enabled or not supported] -> [SSLHandshakeException:Client requested protocol TLSv1 not enabled or not supported]
EDIT2:
I modified this line
engine.setEnabledCipherSuites(sslContext.getServerSocketFactory.getSupportedCipherSuites)
which gives me a list of cipher suites that includes
TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
however I am still getting this error:
2015-09-15 18:43:55,690 - [INFO] - from org.apache.camel.util.jsse.SSLContextParameters in NflDbApiActorSystemConfig-akka.actor.default-dispatcher-9
Available providers: SUN version 1.8.
2015-09-15 18:43:55,696 - [ERROR] - from spray.can.server.HttpServerConnection in NflDbApiActorSystemConfig-akka.actor.default-dispatcher-4
Aborting encrypted connection to my-ip due to [SSLHandshakeException:no cipher suites in common] -> [SSLHandshakeException:no cipher suites in common]
more logs using a more granular debugging mode for -Djava.net.debug=ssl
Using SSLEngineImpl.
Using SSLEngineImpl.
Using SSLEngineImpl.
Using SSLEngineImpl.
Allow unsafe renegotiation: false
Allow legacy hello messages: true
Is initial handshake: true
Is secure renegotiation: false
Ignoring disabled protocol: SSLv3
NflDbApiActorSystemConfig-akka.actor.default-dispatcher-42, READ: TLSv1 Handshake, length = 167
*** ClientHello, TLSv1
RandomCookie: GMT: -265533514 bytes = { 61, 40, 108, 219, 248, 171, 159, 143, 197, 121, 120, 2, 169, 117, 206, 251, 77, 174, 188, 36, 13, 240, 239, 104, 177, 132, 36, 253 }
Session ID: {}
Cipher Suites: [Unknown 0x56:0x0, TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, TLS_ECDHE_ECDSA_WITH_RC4_128_SHA, TLS_ECDHE_RSA_WITH_RC4_128_SHA, TLS_DHE_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_RSA_WITH_AES_256_CBC_SHA, TLS_RSA_WITH_AES_128_CBC_SHA, TLS_RSA_WITH_AES_256_CBC_SHA, SSL_RSA_WITH_3DES_EDE_CBC_SHA, SSL_RSA_WITH_RC4_128_SHA, SSL_RSA_WITH_RC4_128_MD5]
Compression Methods: { 0 }
Extension server_name, server_name: [type=host_name (0), value=api.extrapoint.io]
Extension renegotiation_info, renegotiated_connection: <empty>
Extension elliptic_curves, curve names: {secp256r1, secp384r1, secp521r1}
Extension ec_point_formats, formats: [uncompressed]
Unsupported extension type_35, data:
Unsupported extension type_13172, data:
Unsupported extension type_16, data: 00:12:08:73:70:64:79:2f:33:2e:31:08:68:74:74:70:2f:31:2e:31
Unsupported extension status_request, data: 01:00:00:00:00
Unsupported extension type_18, data:
***
%% Initialized: [Session-868, SSL_NULL_WITH_NULL_NULL]
NflDbApiActorSystemConfig-akka.actor.default-dispatcher-42, fatal error: 40: no cipher suites in common
javax.net.ssl.SSLHandshakeException: no cipher suites in common
%% Invalidated: [Session-868, SSL_NULL_WITH_NULL_NULL]
NflDbApiActorSystemConfig-akka.actor.default-dispatcher-42, SEND TLSv1 ALERT: fatal, description = handshake_failure
NflDbApiActorSystemConfig-akka.actor.default-dispatcher-42, WRITE: TLSv1 Alert, length = 2
NflDbApiActorSystemConfig-akka.actor.default-dispatcher-42, fatal: engine already closed. Rethrowing javax.net.ssl.SSLHandshakeException: no cipher suites in common
Using SSLEngineImpl.
Using SSLEngineImpl.
Using SSLEngineImpl.
Using SSLEngineImpl.
Allow unsafe renegotiation: false
Allow legacy hello messages: true
Is initial handshake: true
Is secure renegotiation: false
Ignoring disabled protocol: SSLv3
NflDbApiActorSystemConfig-akka.actor.default-dispatcher-38, READ: TLSv1 Handshake, length = 167
*** ClientHello, TLSv1
RandomCookie: GMT: -1569487286 bytes = { 25, 54, 227, 33, 169, 61, 202, 196, 56, 250, 139, 68, 8, 183, 153, 237, 234, 230, 40, 91, 244, 198, 29, 236, 243, 121, 109, 28 }
Session ID: {}
Cipher Suites: [Unknown 0x56:0x0, TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, TLS_ECDHE_ECDSA_WITH_RC4_128_SHA, TLS_ECDHE_RSA_WITH_RC4_128_SHA, TLS_DHE_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_RSA_WITH_AES_256_CBC_SHA, TLS_RSA_WITH_AES_128_CBC_SHA, TLS_RSA_WITH_AES_256_CBC_SHA, SSL_RSA_WITH_3DES_EDE_CBC_SHA, SSL_RSA_WITH_RC4_128_SHA, SSL_RSA_WITH_RC4_128_MD5]
Compression Methods: { 0 }
Extension server_name, server_name: [type=host_name (0), value=api.extrapoint.io]
Extension renegotiation_info, renegotiated_connection: <empty>
Extension elliptic_curves, curve names: {secp256r1, secp384r1, secp521r1}
Extension ec_point_formats, formats: [uncompressed]
Unsupported extension type_35, data:
Unsupported extension type_13172, data:
Unsupported extension type_16, data: 00:12:08:73:70:64:79:2f:33:2e:31:08:68:74:74:70:2f:31:2e:31
Unsupported extension status_request, data: 01:00:00:00:00
Unsupported extension type_18, data:
***
%% Initialized: [Session-869, SSL_NULL_WITH_NULL_NULL]
NflDbApiActorSystemConfig-akka.actor.default-dispatcher-38, fatal error: 40: no cipher suites in common
javax.net.ssl.SSLHandshakeException: no cipher suites in common
%% Invalidated: [Session-869, SSL_NULL_WITH_NULL_NULL]
NflDbApiActorSystemConfig-akka.actor.default-dispatcher-38, SEND TLSv1 ALERT: fatal, description = handshake_failure
NflDbApiActorSystemConfig-akka.actor.default-dispatcher-38, WRITE: TLSv1 Alert, length = 2
NflDbApiActorSystemConfig-akka.actor.default-dispatcher-38, fatal: engine already closed. Rethrowing javax.net.ssl.SSLHandshakeException: no cipher suites in common
Using SSLEngineImpl.
Using SSLEngineImpl.
Using SSLEngineImpl.
Using SSLEngineImpl.
Allow unsafe renegotiation: false
Allow legacy hello messages: true
Is initial handshake: true
Is secure renegotiation: false
Ignoring disabled protocol: SSLv3
NflDbApiActorSystemConfig-akka.actor.default-dispatcher-45, READ: TLSv1 Handshake, length = 167
*** ClientHello, TLSv1
RandomCookie: GMT: -1995784349 bytes = { 231, 253, 51, 160, 51, 83, 215, 117, 136, 228, 2, 249, 107, 133, 172, 213, 70, 200, 95, 170, 53, 5, 93, 19, 131, 185, 241, 92 }
Session ID: {}
Cipher Suites: [Unknown 0x56:0x0, TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, TLS_ECDHE_ECDSA_WITH_RC4_128_SHA, TLS_ECDHE_RSA_WITH_RC4_128_SHA, TLS_DHE_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_RSA_WITH_AES_256_CBC_SHA, TLS_RSA_WITH_AES_128_CBC_SHA, TLS_RSA_WITH_AES_256_CBC_SHA, SSL_RSA_WITH_3DES_EDE_CBC_SHA, SSL_RSA_WITH_RC4_128_SHA, SSL_RSA_WITH_RC4_128_MD5]
Compression Methods: { 0 }
Extension server_name, server_name: [type=host_name (0), value=api.extrapoint.io]
Extension renegotiation_info, renegotiated_connection: <empty>
Extension elliptic_curves, curve names: {secp256r1, secp384r1, secp521r1}
Extension ec_point_formats, formats: [uncompressed]
Unsupported extension type_35, data:
Unsupported extension type_13172, data:
Unsupported extension type_16, data: 00:12:08:73:70:64:79:2f:33:2e:31:08:68:74:74:70:2f:31:2e:31
Unsupported extension status_request, data: 01:00:00:00:00
Unsupported extension type_18, data:
***
%% Initialized: [Session-870, SSL_NULL_WITH_NULL_NULL]
NflDbApiActorSystemConfig-akka.actor.default-dispatcher-45, fatal error: 40: no cipher suites in common
javax.net.ssl.SSLHandshakeException: no cipher suites in common
%% Invalidated: [Session-870, SSL_NULL_WITH_NULL_NULL]
NflDbApiActorSystemConfig-akka.actor.default-dispatcher-45, SEND TLSv1 ALERT: fatal, description = handshake_failure
NflDbApiActorSystemConfig-akka.actor.default-dispatcher-45, WRITE: TLSv1 Alert, length = 2
NflDbApiActorSystemConfig-akka.actor.default-dispatcher-45, fatal: engine already closed. Rethrowing javax.net.ssl.SSLHandshakeException: no cipher suites in common
Using SSLEngineImpl.
Using SSLEngineImpl.
Using SSLEngineImpl.
Using SSLEngineImpl.
Using SSLEngineImpl.
Using SSLEngineImpl.
Using SSLEngineImpl.
Allow unsafe renegotiation: false
Allow legacy hello messages: true
Is initial handshake: true
Is secure renegotiation: false
Ignoring disabled protocol: SSLv3
NflDbApiActorSystemConfig-akka.actor.default-dispatcher-41, READ: TLSv1 Handshake, length = 208
*** ClientHello, TLSv1.2
RandomCookie: GMT: -1327152795 bytes = { 83, 242, 3, 179, 176, 55, 11, 121, 181, 163, 83, 1, 237, 23, 101, 140, 177, 179, 40, 128, 77, 190, 63, 204, 162, 105, 4, 57 }
Session ID: {}
Cipher Suites: [TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, TLS_DHE_RSA_WITH_AES_128_GCM_SHA256, TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, TLS_ECDHE_ECDSA_WITH_RC4_128_SHA, TLS_ECDHE_RSA_WITH_RC4_128_SHA, TLS_DHE_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_RSA_WITH_AES_256_CBC_SHA, TLS_RSA_WITH_AES_128_GCM_SHA256, TLS_RSA_WITH_AES_128_CBC_SHA, TLS_RSA_WITH_AES_256_CBC_SHA, SSL_RSA_WITH_3DES_EDE_CBC_SHA, SSL_RSA_WITH_RC4_128_SHA, SSL_RSA_WITH_RC4_128_MD5]
Compression Methods: { 0 }
Extension server_name, server_name: [type=host_name (0), value=api.extrapoint.io]
Extension renegotiation_info, renegotiated_connection: <empty>
Extension elliptic_curves, curve names: {secp256r1, secp384r1, secp521r1}
Extension ec_point_formats, formats: [uncompressed]
Unsupported extension type_35, data:
Unsupported extension type_13172, data:
Unsupported extension type_16, data: 00:1b:08:73:70:64:79:2f:33:2e:31:05:68:32:2d:31:34:02:68:32:08:68:74:74:70:2f:31:2e:31
Unsupported extension status_request, data: 01:00:00:00:00
Unsupported extension type_18, data:
Extension signature_algorithms, signature_algorithms: SHA256withRSA, SHA384withRSA, SHA512withRSA, SHA1withRSA, SHA256withECDSA, SHA384withECDSA, SHA512withECDSA, SHA1withECDSA, Unknown (hash:0x4, signature:0x2), SHA1withDSA
***
%% Initialized: [Session-871, SSL_NULL_WITH_NULL_NULL]
NflDbApiActorSystemConfig-akka.actor.default-dispatcher-41, fatal error: 40: no cipher suites in common
javax.net.ssl.SSLHandshakeException: no cipher suites in common
%% Invalidated: [Session-871, SSL_NULL_WITH_NULL_NULL]
NflDbApiActorSystemConfig-akka.actor.default-dispatcher-41, SEND TLSv1.2 ALERT: fatal, description = handshake_failure
NflDbApiActorSystemConfig-akka.actor.default-dispatcher-41, WRITE: TLSv1.2 Alert, length = 2
NflDbApiActorSystemConfig-akka.actor.default-dispatcher-41, fatal: engine already closed. Rethrowing javax.net.ssl.SSLHandshakeException: no cipher suites in common
Using SSLEngineImpl.
Allow unsafe renegotiation: false
Allow legacy hello messages: true
Is initial handshake: true
Is secure renegotiation: false
Ignoring disabled protocol: SSLv3
NflDbApiActorSystemConfig-akka.actor.default-dispatcher-43, READ: TLSv1 Handshake, length = 167
*** ClientHello, TLSv1
RandomCookie: GMT: -300410757 bytes = { 151, 231, 251, 170, 239, 146, 191, 87, 5, 9, 151, 64, 86, 10, 220, 175, 228, 71, 112, 41, 250, 35, 36, 140, 114, 28, 8, 130 }
Session ID: {}
Cipher Suites: [Unknown 0x56:0x0, TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, TLS_ECDHE_ECDSA_WITH_RC4_128_SHA, TLS_ECDHE_RSA_WITH_RC4_128_SHA, TLS_DHE_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_RSA_WITH_AES_256_CBC_SHA, TLS_RSA_WITH_AES_128_CBC_SHA, TLS_RSA_WITH_AES_256_CBC_SHA, SSL_RSA_WITH_3DES_EDE_CBC_SHA, SSL_RSA_WITH_RC4_128_SHA, SSL_RSA_WITH_RC4_128_MD5]
Compression Methods: { 0 }
Extension server_name, server_name: [type=host_name (0), value=api.extrapoint.io]
Extension renegotiation_info, renegotiated_connection: <empty>
Extension elliptic_curves, curve names: {secp256r1, secp384r1, secp521r1}
Extension ec_point_formats, formats: [uncompressed]
Unsupported extension type_35, data:
Unsupported extension type_13172, data:
Unsupported extension type_16, data: 00:12:08:73:70:64:79:2f:33:2e:31:08:68:74:74:70:2f:31:2e:31
Unsupported extension status_request, data: 01:00:00:00:00
Unsupported extension type_18, data:
***
%% Initialized: [Session-872, SSL_NULL_WITH_NULL_NULL]
NflDbApiActorSystemConfig-akka.actor.default-dispatcher-43, fatal error: 40: no cipher suites in common
javax.net.ssl.SSLHandshakeException: no cipher suites in common
%% Invalidated: [Session-872, SSL_NULL_WITH_NULL_NULL]
NflDbApiActorSystemConfig-akka.actor.default-dispatcher-43, SEND TLSv1 ALERT: fatal, description = handshake_failure
NflDbApiActorSystemConfig-akka.actor.default-dispatcher-43, WRITE: TLSv1 Alert, length = 2
NflDbApiActorSystemConfig-akka.actor.default-dispatcher-43, fatal: engine already closed. Rethrowing javax.net.ssl.SSLHandshakeException: no cipher suites in common
Using SSLEngineImpl.
Using SSLEngineImpl.
Using SSLEngineImpl.
Using SSLEngineImpl.
Allow unsafe renegotiation: false
Allow legacy hello messages: true
Is initial handshake: true
Is secure renegotiation: false
Ignoring disabled protocol: SSLv3
NflDbApiActorSystemConfig-akka.actor.default-dispatcher-43, READ: TLSv1 Handshake, length = 167
*** ClientHello, TLSv1.1
RandomCookie: GMT: -1944581904 bytes = { 65, 211, 112, 212, 209, 223, 205, 60, 175, 177, 83, 168, 139, 174, 78, 221, 40, 69, 103, 105, 117, 231, 103, 50, 53, 237, 22, 58 }
Session ID: {}
Cipher Suites: [Unknown 0x56:0x0, TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, TLS_ECDHE_ECDSA_WITH_RC4_128_SHA, TLS_ECDHE_RSA_WITH_RC4_128_SHA, TLS_DHE_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_RSA_WITH_AES_256_CBC_SHA, TLS_RSA_WITH_AES_128_CBC_SHA, TLS_RSA_WITH_AES_256_CBC_SHA, SSL_RSA_WITH_3DES_EDE_CBC_SHA, SSL_RSA_WITH_RC4_128_SHA, SSL_RSA_WITH_RC4_128_MD5]
Compression Methods: { 0 }
Extension server_name, server_name: [type=host_name (0), value=api.extrapoint.io]
Extension renegotiation_info, renegotiated_connection: <empty>
Extension elliptic_curves, curve names: {secp256r1, secp384r1, secp521r1}
Extension ec_point_formats, formats: [uncompressed]
Unsupported extension type_35, data:
Unsupported extension type_13172, data:
Unsupported extension type_16, data: 00:12:08:73:70:64:79:2f:33:2e:31:08:68:74:74:70:2f:31:2e:31
Unsupported extension status_request, data: 01:00:00:00:00
Unsupported extension type_18, data:
***
%% Initialized: [Session-873, SSL_NULL_WITH_NULL_NULL]
NflDbApiActorSystemConfig-akka.actor.default-dispatcher-43, fatal error: 40: no cipher suites in common
javax.net.ssl.SSLHandshakeException: no cipher suites in common
%% Invalidated: [Session-873, SSL_NULL_WITH_NULL_NULL]
NflDbApiActorSystemConfig-akka.actor.default-dispatcher-43, SEND TLSv1.1 ALERT: fatal, description = handshake_failure
NflDbApiActorSystemConfig-akka.actor.default-dispatcher-43, WRITE: TLSv1.1 Alert, length = 2
NflDbApiActorSystemConfig-akka.actor.default-dispatcher-43, fatal: engine already closed. Rethrowing javax.net.ssl.SSLHandshakeException: no cipher suites in common
Using SSLEngineImpl.
Using SSLEngineImpl.
Using SSLEngineImpl.
Using SSLEngineImpl.
Allow unsafe renegotiation: false
Allow legacy hello messages: true
Is initial handshake: true
Is secure renegotiation: false
Ignoring disabled protocol: SSLv3
NflDbApiActorSystemConfig-akka.actor.default-dispatcher-41, READ: TLSv1 Handshake, length = 167
*** ClientHello, TLSv1
RandomCookie: GMT: 584450856 bytes = { 254, 198, 84, 40, 79, 119, 157, 34, 77, 19, 234, 180, 195, 251, 21, 69, 247, 233, 184, 117, 184, 4, 179, 104, 68, 102, 84, 232 }
Session ID: {}
Cipher Suites: [Unknown 0x56:0x0, TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, TLS_ECDHE_ECDSA_WITH_RC4_128_SHA, TLS_ECDHE_RSA_WITH_RC4_128_SHA, TLS_DHE_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_RSA_WITH_AES_256_CBC_SHA, TLS_RSA_WITH_AES_128_CBC_SHA, TLS_RSA_WITH_AES_256_CBC_SHA, SSL_RSA_WITH_3DES_EDE_CBC_SHA, SSL_RSA_WITH_RC4_128_SHA, SSL_RSA_WITH_RC4_128_MD5]
Compression Methods: { 0 }
Extension server_name, server_name: [type=host_name (0), value=api.extrapoint.io]
Extension renegotiation_info, renegotiated_connection: <empty>
Extension elliptic_curves, curve names: {secp256r1, secp384r1, secp521r1}
Extension ec_point_formats, formats: [uncompressed]
Unsupported extension type_35, data:
Unsupported extension type_13172, data:
Unsupported extension type_16, data: 00:12:08:73:70:64:79:2f:33:2e:31:08:68:74:74:70:2f:31:2e:31
Unsupported extension status_request, data: 01:00:00:00:00
Unsupported extension type_18, data:
***
%% Initialized: [Session-874, SSL_NULL_WITH_NULL_NULL]
NflDbApiActorSystemConfig-akka.actor.default-dispatcher-41, fatal error: 40: no cipher suites in common
javax.net.ssl.SSLHandshakeException: no cipher suites in common
%% Invalidated: [Session-874, SSL_NULL_WITH_NULL_NULL]
NflDbApiActorSystemConfig-akka.actor.default-dispatcher-41, SEND TLSv1 ALERT: fatal, description = handshake_failure
NflDbApiActorSystemConfig-akka.actor.default-dispatcher-41, WRITE: TLSv1 Alert, length = 2
NflDbApiActorSystemConfig-akka.actor.default-dispatcher-41, fatal: engine already closed. Rethrowing javax.net.ssl.SSLHandshakeException: no cipher suites in common
TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 is a TLSv1.2 cipher suite. It can not be used with SSLv3 or TLSv1. Also, it might not be even available for the unknown version of Java you are using.
Edit: since it is now known that Java 1.7 is used:
According to the documentation from Oracle no GCM ciphers are available in Java 1.7 but they only got added to Java 1.8. Which explains the message about unsupported cipher.
The issue with this was that the key was generated incorrectly. I had to go on to support with COMODO and get help with the key generation.
来源:https://stackoverflow.com/questions/32576646/unsupported-ciphersuite-tls-ecdhe-ecdsa-with-aes-128-gcm-sha256