Java SSLHandshakeException no cipher suites in common

Question

I m using an SSLServerSocket to accept client connections on my openSUSE server  but none of them can connect  I always get an SSLHandshakeException saying no cipher suites in common  I ve activated all of the possible suites  enabled multiple protocols  tried with the newest oracle JRE and the openjdk  Also I followed several other posts on forums and stuff and  unlocked  all the cipher suites in the jre of oracle and I changed the settings of the openjdk jre like this   disabled   security provider 10 sun security pkcs11 SunPKCS11   java home  lib security nss cfg and enabled  security provider 9 sun security ec SunEC  This is how I initialize my SSLServerSocket       System setProperty  javax net ssl keyStore      keystore        System setProperty  javax net ssl keyStorePassword    nopassword        java lang System setProperty  sun security ssl allowUnsafeRenegotiation    true        Create a trust manager that does not validate certificate chains     TrustManager   trustAllCerts   new TrustManager                 new X509TrustManager                     public void checkClientTrusted java security cert X509Certificate   certs  String authType                                       public void checkServerTrusted java security cert X509Certificate   certs  String authType                                       public java security cert X509Certificate   getAcceptedIssuers                         return null                                                 Install the all-trusting trust manager     SSLContext sc   SSLContext getInstance  TLSv1 2        sc init null  trustAllCerts  new SecureRandom         SSLServerSocket ssl    SSLServerSocket  sc getServerSocketFactory   createServerSocket              DownloadFilelist PORT          Got rid of        ssl setEnabledCipherSuites sc getServerSocketFactory   getSupportedCipherSuites         ssl setEnabledProtocols new String     TLSv1    TLSv1 1    TLSv1 2    SSLv3             System out println Arrays toString ssl getEnabledCipherSuites           s   ssl         s   new ServerSocket DownloadFilelist PORT       s setSoTimeout TIMEOUT     The Problem is that I can t find out what cipher suites the clients want neither can I influence it  I started the program with -Djavax net debug ssl handshake  here is the result  Can someone of you figure out what the problem is   EDIT The keystore was generated with  keytool -genkey -keyalg RSA -keystore   keystore  Here s the code on this page  if that helps  seems like the formatting is not messed up    trigger seeding of SecureRandom trigger seeding of SecureRandom done seeding SecureRandom done seeding SecureRandom Ignoring unavailable cipher suite  TLS ECDHE RSA WITH AES 256 CBC SHA Ignoring unavailable cipher suite  TLS ECDH ECDSA WITH AES 128 CBC SHA Ignoring unavailable cipher suite  TLS ECDHE RSA WITH AES 256 CBC SHA Ignoring unavailable cipher suite  TLS ECDH ECDSA WITH AES 128 CBC SHA Ignoring unavailable cipher suite  TLS ECDH RSA WITH AES 256 CBC SHA Ignoring unavailable cipher suite  TLS ECDH RSA WITH AES 256 CBC SHA Ignoring unsupported cipher suite  TLS DHE DSS WITH AES 128 CBC SHA256 Ignoring unavailable cipher suite  TLS ECDH ECDSA WITH 3DES EDE CBC SHA Ignoring unsupported cipher suite  TLS DHE DSS WITH AES 256 CBC SHA256 Ignoring unavailable cipher suite  TLS ECDH ECDSA WITH 3DES EDE CBC SHA Ignoring unavailable cipher suite  TLS ECDH RSA WITH AES 128 CBC SHA256 Ignoring unavailable cipher suite  TLS ECDHE RSA WITH RC4 128 SHA Ignoring unavailable cipher suite  TLS ECDH ECDSA WITH RC4 128 SHA Ignoring unavailable cipher suite  TLS ECDHE ECDSA WITH RC4 128 SHA Ignoring unavailable cipher suite  TLS ECDHE RSA WITH AES 256 CBC SHA384 Ignoring unavailable cipher suite  TLS ECDHE RSA WITH AES 128 CBC SHA Ignoring unavailable cipher suite  TLS ECDHE ECDSA WITH 3DES EDE CBC SHA Ignoring unavailable cipher suite  TLS ECDH RSA WITH RC4 128 SHA Ignoring unavailable cipher suite  TLS ECDH ECDSA WITH AES 256 CBC SHA384 Ignoring unavailable cipher suite  TLS ECDH RSA WITH 3DES EDE CBC SHA Ignoring unavailable cipher suite  TLS ECDH RSA WITH AES 128 CBC SHA Ignoring unavailable cipher suite  TLS ECDHE ECDSA WITH AES 256 CBC SHA Ignoring unavailable cipher suite  TLS ECDHE ECDSA WITH AES 128 CBC SHA Ignoring unavailable cipher suite  TLS ECDHE RSA WITH AES 128 CBC SHA256 Ignoring unavailable cipher suite  TLS ECDHE ECDSA WITH AES 256 CBC SHA384 Ignoring unavailable cipher suite  TLS ECDH RSA WITH AES 256 CBC SHA384 Ignoring unavailable cipher suite  TLS ECDHE ECDSA WITH AES 128 CBC SHA256 Ignoring unavailable cipher suite  TLS ECDH ECDSA WITH AES 128 CBC SHA256 Ignoring unavailable cipher suite  TLS ECDH ECDSA WITH AES 256 CBC SHA Ignoring unavailable cipher suite  TLS ECDHE RSA WITH 3DES EDE CBC SHA Ignoring unavailable cipher suite  TLS ECDHE RSA WITH AES 256 CBC SHA Ignoring unavailable cipher suite  TLS ECDH ECDSA WITH AES 128 CBC SHA Ignoring unavailable cipher suite  TLS ECDH RSA WITH AES 256 CBC SHA Ignoring unavailable cipher suite  TLS ECDH ECDSA WITH 3DES EDE CBC SHA Ignoring unavailable cipher suite  TLS ECDH RSA WITH AES 128 CBC SHA256 Ignoring unavailable cipher suite  TLS ECDHE RSA WITH RC4 128 SHA Ignoring unavailable cipher suite  TLS ECDH ECDSA WITH RC4 128 SHA Ignoring unavailable cipher suite  TLS ECDHE ECDSA WITH RC4 128 SHA Ignoring unavailable cipher suite  TLS ECDHE RSA WITH AES 256 CBC SHA384 Ignoring unavailable cipher suite  TLS ECDHE RSA WITH AES 128 CBC SHA Ignoring unavailable cipher suite  TLS ECDHE ECDSA WITH 3DES EDE CBC SHA Ignoring unavailable cipher suite  TLS ECDH RSA WITH RC4 128 SHA Ignoring unavailable cipher suite  TLS ECDH ECDSA WITH AES 256 CBC SHA384 Ignoring unavailable cipher suite  TLS ECDH RSA WITH 3DES EDE CBC SHA Ignoring unavailable cipher suite  TLS ECDH RSA WITH AES 128 CBC SHA Ignoring unavailable cipher suite  TLS ECDHE ECDSA WITH AES 256 CBC SHA Ignoring unavailable cipher suite  TLS ECDHE ECDSA WITH AES 128 CBC SHA Ignoring unavailable cipher suite  TLS ECDHE RSA WITH AES 128 CBC SHA256 Ignoring unavailable cipher suite  TLS ECDHE ECDSA WITH AES 256 CBC SHA384 Ignoring unavailable cipher suite  TLS ECDH RSA WITH AES 256 CBC SHA384 Ignoring unavailable cipher suite  TLS ECDHE ECDSA WITH AES 128 CBC SHA256 Ignoring unavailable cipher suite  TLS ECDH ECDSA WITH AES 128 CBC SHA256 Ignoring unavailable cipher suite  TLS ECDH ECDSA WITH AES 256 CBC SHA Ignoring unsupported cipher suite  TLS DHE RSA WITH AES 128 CBC SHA256 Ignoring unavailable cipher suite  TLS ECDHE RSA WITH 3DES EDE CBC SHA Ignoring unsupported cipher suite  TLS ECDH RSA WITH AES 128 CBC SHA256 Ignoring unavailable cipher suite  TLS ECDHE RSA WITH RC4 128 SHA Ignoring unavailable cipher suite  TLS ECDH ECDSA WITH RC4 128 SHA Ignoring unsupported cipher suite  TLS DHE RSA WITH AES 256 CBC SHA256 Ignoring unavailable cipher suite  TLS ECDHE ECDSA WITH RC4 128 SHA Ignoring unsupported cipher suite  TLS ECDHE RSA WITH AES 256 CBC SHA384 Ignoring unavailable cipher suite  TLS ECDHE RSA WITH AES 128 CBC SHA Ignoring unavailable cipher suite  TLS ECDHE ECDSA WITH 3DES EDE CBC SHA Ignoring unavailable cipher suite  TLS ECDH RSA WITH RC4 128 SHA Ignoring unsupported cipher suite  TLS ECDH ECDSA WITH AES 256 CBC SHA384 Ignoring unavailable cipher suite  TLS ECDH RSA WITH 3DES EDE CBC SHA Ignoring unavailable cipher suite  TLS ECDH RSA WITH AES 128 CBC SHA Ignoring unsupported cipher suite  TLS RSA WITH AES 256 CBC SHA256 Ignoring unavailable cipher suite  TLS ECDHE ECDSA WITH AES 256 CBC SHA Ignoring unavailable cipher suite  TLS ECDHE ECDSA WITH AES 128 CBC SHA Ignoring unsupported cipher suite  TLS ECDHE RSA WITH AES 128 CBC SHA256 Ignoring unsupported cipher suite  TLS ECDHE ECDSA WITH AES 256 CBC SHA384 Ignoring unsupported cipher suite  TLS ECDH RSA WITH AES 256 CBC SHA384 Ignoring unsupported cipher suite  TLS ECDHE ECDSA WITH AES 128 CBC SHA256 Ignoring unsupported cipher suite  TLS ECDH ECDSA WITH AES 128 CBC SHA256 Ignoring unavailable cipher suite  TLS ECDH ECDSA WITH AES 256 CBC SHA Ignoring unsupported cipher suite  TLS RSA WITH AES 128 CBC SHA256 Ignoring unavailable cipher suite  TLS ECDHE RSA WITH 3DES EDE CBC SHA main  setSoTimeout 2000  called Allow unsafe renegotiation  true Allow legacy hello messages  true Is initial handshake  true Is secure renegotiation  false    No cached client session     ClientHello  TLSv1 RandomCookie   GMT  1361763651 bytes     159  113  250  254  103  37  66  234  127  4  36  240  60  252  55  112  6  224  192  181  146  163  63  148  152  255  77  8   Session ID      Cipher Suites   TLS RSA WITH AES 256 CBC SHA  TLS DHE RSA WITH AES 256 CBC SHA  TLS DHE DSS WITH AES 256 CBC SHA  TLS RSA WITH AES 128 CBC SHA  TLS DHE RSA WITH AES 128 CBC SHA  TLS DHE DSS WITH AES 128 CBC SHA  SSL RSA WITH RC4 128 SHA  SSL RSA WITH 3DES EDE CBC SHA  SSL DHE RSA WITH 3DES EDE CBC SHA  SSL DHE DSS WITH 3DES EDE CBC SHA  SSL RSA WITH RC4 128 MD5  TLS EMPTY RENEGOTIATION INFO SCSV  Compression Methods     0       main  WRITE  TLSv1 Handshake  length   67 main  READ  TLSv1 Handshake  length   81     ServerHello  TLSv1 RandomCookie   GMT  1361763767 bytes     249  20  120  68  76  110  168  235  47  91  119  64  151  242  169  191  111  105  146  90  173  223  55  127  133  12  1  247   Session ID    246  66  250  209  13  188  190  246  14  49  113  183  192  202  68  246  121  162  165  71  242  220  233  223  245  47  250  215  203  94  255  148  Cipher Suite  TLS RSA WITH AES 256 CBC SHA Compression Method  0 Extension renegotiation info  renegotiated connection   lt empty gt         Initialized    Session-1  TLS RSA WITH AES 256 CBC SHA     TLS RSA WITH AES 256 CBC SHA main  READ  TLSv1 Handshake  length   933     Certificate chain chain  0          Version  V3   Subject  CN dc hadiko de  O hadiko dc  L town  ST land of the free  C de   Signature Algorithm  SHA1withRSA  OID   1 2 840 113549 1 1 5    Key   Sun RSA public key  2048 bits   modulus  22613010171436639614880560956464961031555258188367451246658444583390999370970098210909007150132692078653881042731046316239498513359691936582885343174669796075601988313858262934995935649363223919652108615287224220030023261629874169998331654587246748976585212101810697310529416436829153514374554242128947092694064999520197281527578067183301918060451970607703466399571245107774569719996572643148013190800713656468629158991997127544540177983174906099325217344868710319256330960086862269228933938482311029685238274537823670267001618579382801319470736924423550865055775144486750164961588873175599114046362924859400297960451   public exponent  65537   Validity   From  Sat Jul 07 12 56 23 CEST 2012                 To  Tue Jul 07 12 56 23 CEST 2015    Issuer  CN dc hadiko de  O hadiko dc  L town  ST land of the free  C de   SerialNumber       8682354f f94fbbb5   Certificate Extensions  3  1   ObjectId  2 5 29 35 Criticality false AuthorityKeyIdentifier   KeyIdentifier   0000  43 1D D9 A7 CF 21 2E 17   F3 4E EE F6 6C 6C 88 16  C        N  ll   0010  08 3C 67 8E                                          lt g        2   ObjectId  2 5 29 19 Criticality false BasicConstraints     CA true   PathLen 2147483647     3   ObjectId  2 5 29 14 Criticality false SubjectKeyIdentifier   KeyIdentifier   0000  43 1D D9 A7 CF 21 2E 17   F3 4E EE F6 6C 6C 88 16  C        N  ll   0010  08 3C 67 8E                                          lt g           Algorithm   SHA1withRSA    Signature  0000  14 83 48 D3 EC 39 49 E3   9C BC 20 F5 BF E4 32 33    H  9I       23 0010  5F 09 8F 2D F2 C3 82 80   79 93 9A C1 97 93 92 D9     -    y        0020  D0 DA 4D B2 FC A1 43 60   1F B9 EA 4C 29 D7 79 D0    M   C    L  y  0030  66 8C 25 14 EB 9D 60 94   D7 F4 15 33 8B 17 24 24  f          3     0040  5C 65 26 3D C3 B0 8A 51   B6 27 01 D1 A6 A3 68 87   e amp     Q      h  0050  2D 6F 0B E6 00 96 B6 CF   BC E9 D2 9C 7E 19 9E E1  -o               0060  3A 96 42 2E B7 E8 C0 70   01 99 20 39 89 6D 94 2B    B    p   9 m   0070  76 2F F1 0E 6D 2D 9B 52   77 D3 63 6A 11 DC A3 E6  v   m- Rw cj     0080  4E 0E 64 6D FA 77 BC 1E   4F C3 91 AD 21 F7 5D 31  N dm w  O      1 0090  F9 04 A5 FA 34 EF 43 61   F1 42 32 5A 9B D1 16 84      4 Ca B2Z     00A0  07 2B CA 01 AF 84 54 D2   A9 C4 3A 7A EA D1 2A 95        T    z     00B0  47 30 03 BA 48 C4 57 1F   78 58 6C 7A 56 60 40 2C  G0  H W xXlzV    00C0  6A 17 15 3F 43 A5 FB 81   4D 9D 1B DC A7 CE 78 D1  j   C   M     x  00D0  5A 66 97 79 04 55 DA 34   3C B2 CD 9A 62 EE 32 22  Zf y U 4 lt    b 2  00E0  70 84 0E 3E 5D 7F 91 0D   A5 D4 84 6B F3 E9 40 E9  p   gt        k     00F0  E8 69 D7 E5 FC B6 0A 4C   35 66 CC BA E5 38 12 A0   i     L5f   8          main  READ  TLSv1 Handshake  length   4     ServerHelloDone     ClientKeyExchange  RSA PreMasterSecret  TLSv1 main  WRITE  TLSv1 Handshake  length   262 SESSION KEYGEN  PreMaster Secret  0000  03 01 59 D3 0F F9 95 E8   DC E2 C2 4A 2B 93 79 55    Y        J  yU 0010  0B 1A 43 5E F4 0A 73 F1   13 E1 00 DF 78 55 F6 52    C   s     xU R 0020  4E 6A D3 2C F8 08 A1 B3   03 DF C9 5E 8C 14 8D 4E  Nj             N CONNECTION KEYGEN  Client Nonce  0000  51 2B DD 43 9F 71 FA FE   67 25 42 EA 7F 04 24 F0  Q  C q  g B      0010  3C FC 37 70 06 E0 C0 B5   92 A3 3F 94 98 FF 4D 08   lt  7p          M  Server Nonce  0000  51 2B DE B7 F9 14 78 44   4C 6E A8 EB 2F 5B 77 40  Q     xDLn    w  0010  97 F2 A9 BF 6F 69 92 5A   AD DF 37 7F 85 0C 01 F7      oi Z  7      Master Secret  0000  3E 9E 24 42 3D E4 82 AF   AD 97 76 EF 06 EF FB FD   gt   B      v      0010  C8 1A D5 7E 8E A2 74 4D   E8 E7 B9 1E 60 E9 E0 6F        tM       o 0020  09 E3 56 81 FC 2D 20 D9   69 6B 26 C3 0B C5 53 5F    V  -  ik amp    S  Client MAC write Secret  0000  04 30 70 7E A9 4A 1F 88   55 F8 31 31 75 36 40 35   0p  J  U 11u6 5 0010  25 65 24 5D                                         e   Server MAC write Secret  0000  8B C1 65 50 6D 11 21 32   CD 50 3A AB 0F 2E A5 FC    ePm  2 P       0010  C7 30 E6 EC                                         0   Client write key  0000  25 D7 96 B0 9A 1F 49 95   06 4D 05 36 2E D0 38 04        I  M 6  8  0010  0F 32 15 2E 8F 0A 6C 79   F8 ED E8 9B FE 5C 2C D8   2    ly         Server write key  0000  4A 91 5D DF B2 FE 6F 35   3E 8A 21 DF 17 E0 35 F0  J     o5 gt      5  0010  DB 97 4C 7E 18 07 7E 27   DD AD BC C4 C4 28 C5 E1    L              Client write IV  0000  B6 C1 98 05 9B 37 F9 0F   4E 0C 0F 6E 08 8A 26 C9       7  N  n   amp   Server write IV  0000  0E 83 27 3E 3B 40 E8 BE   4C 58 C4 5F EF E4 D3 4C      gt     LX     L main  WRITE  TLSv1 Change Cipher Spec  length   1     Finished verify data     23  181  134  191  68  30  119  81  239  135  238  80       main  WRITE  TLSv1 Handshake  length   48 main  READ  TLSv1 Change Cipher Spec  length   1 main  READ  TLSv1 Handshake  length   48     Finished verify data     254  182  228  50  121  214  35  175  100  128  102  152          Cached client session   Session-1  TLS RSA WITH AES 256 CBC SHA  main  WRITE  TLSv1 Application Data  length   48 HSent  HSUP ADBASE ADTIGR ADBLOM main  READ  TLSv1 Application Data  length   32 main  READ  TLSv1 Application Data  length   48 main  READ  TLSv1 Application Data  length   32 main  READ  TLSv1 Application Data  length   32 main  WRITE  TLSv1 Application Data  length   32 main  WRITE  TLSv1 Application Data  length   288 ClientManager  READ  TLSv1 Application Data  length   32 ClientManager  READ  TLSv1 Application Data  length   96         Cut out becauseI exceeded body limit    ClientManager  READ  TLSv1 Application Data  length   80 ClientManager  READ  TLSv1 Application Data  length   32 ClientManager  READ  TLSv1 Application Data  length   80 main  WRITE  TLSv1 Application Data  length   32 main  WRITE  TLSv1 Application Data  length   64 Allow unsafe renegotiation  true Allow legacy hello messages  true Is initial handshake  true Is secure renegotiation  false Ignoring unavailable cipher suite  TLS ECDHE RSA WITH AES 256 CBC SHA Ignoring unavailable cipher suite  TLS ECDH ECDSA WITH AES 128 CBC SHA Ignoring unsupported cipher suite  TLS RSA WITH AES 256 CBC SHA256 for SSLv3 Ignoring unsupported cipher suite  TLS DHE RSA WITH AES 256 CBC SHA256 for SSLv3 Ignoring unsupported cipher suite  TLS DHE DSS WITH AES 256 CBC SHA256 for SSLv3 Ignoring unsupported cipher suite  TLS RSA WITH AES 256 CBC SHA256 for TLSv1 Ignoring unsupported cipher suite  TLS DHE RSA WITH AES 256 CBC SHA256 for TLSv1 Ignoring unsupported cipher suite  TLS DHE DSS WITH AES 256 CBC SHA256 for TLSv1 Ignoring unsupported cipher suite  TLS RSA WITH AES 256 CBC SHA256 for TLSv1 1 Ignoring unsupported cipher suite  TLS DHE RSA WITH AES 256 CBC SHA256 for TLSv1 1 Ignoring unsupported cipher suite  TLS DHE DSS WITH AES 256 CBC SHA256 for TLSv1 1 Ignoring unavailable cipher suite  TLS ECDH RSA WITH AES 256 CBC SHA Ignoring unavailable cipher suite  TLS ECDH ECDSA WITH 3DES EDE CBC SHA Ignoring unavailable cipher suite  TLS ECDH RSA WITH AES 128 CBC SHA256 Ignoring unavailable cipher suite  TLS ECDHE RSA WITH RC4 128 SHA Ignoring unavailable cipher suite  TLS ECDH ECDSA WITH RC4 128 SHA Ignoring unavailable cipher suite  TLS ECDHE ECDSA WITH RC4 128 SHA Ignoring unavailable cipher suite  TLS ECDHE RSA WITH AES 256 CBC SHA384 Ignoring unavailable cipher suite  TLS ECDHE RSA WITH AES 128 CBC SHA Ignoring unavailable cipher suite  TLS ECDHE ECDSA WITH 3DES EDE CBC SHA Ignoring unavailable cipher suite  TLS ECDH RSA WITH RC4 128 SHA Ignoring unavailable cipher suite  TLS ECDH ECDSA WITH AES 256 CBC SHA384 Ignoring unavailable cipher suite  TLS ECDH RSA WITH 3DES EDE CBC SHA Ignoring unavailable cipher suite  TLS ECDH RSA WITH AES 128 CBC SHA Ignoring unavailable cipher suite  TLS ECDHE ECDSA WITH AES 256 CBC SHA Ignoring unavailable cipher suite  TLS ECDHE ECDSA WITH AES 128 CBC SHA Ignoring unavailable cipher suite  TLS ECDHE RSA WITH AES 128 CBC SHA256 Ignoring unavailable cipher suite  TLS ECDHE ECDSA WITH AES 256 CBC SHA384 Ignoring unavailable cipher suite  TLS ECDH RSA WITH AES 256 CBC SHA384 A client  READ  SSLv3 Handshake  length   112 Ignoring unavailable cipher suite  TLS ECDHE ECDSA WITH AES 128 CBC SHA256 Ignoring unavailable cipher suite  TLS ECDH ECDSA WITH AES 128 CBC SHA256 Ignoring unavailable cipher suite  TLS ECDH ECDSA WITH AES 256 CBC SHA Ignoring unavailable cipher suite  TLS ECDHE RSA WITH 3DES EDE CBC SHA     ClientHello  TLSv1 2 RandomCookie   GMT  1361763651 bytes     47  7  95  146  25  28  95  191  146  159  184  47  149  220  67  169  121  123  252  98  0  253  108  88  108  188  52  76   Session ID      Cipher Suites   TLS DHE RSA WITH AES 128 CBC SHA  TLS DHE RSA WITH AES 128 CBC SHA256  TLS DHE RSA WITH CAMELLIA 128 CBC SHA  TLS DHE RSA WITH AES 256 CBC SHA  TLS DHE RSA WITH AES 256 CBC SHA256  TLS DHE RSA WITH CAMELLIA 256 CBC SHA  SSL DHE RSA WITH 3DES EDE CBC SHA  TLS DHE DSS WITH AES 128 CBC SHA  TLS DHE DSS WITH AES 128 CBC SHA256  TLS DHE DSS WITH CAMELLIA 128 CBC SHA  TLS DHE DSS WITH AES 256 CBC SHA  TLS DHE DSS WITH AES 256 CBC SHA256  TLS DHE DSS WITH CAMELLIA 256 CBC SHA  SSL DHE DSS WITH 3DES EDE CBC SHA  SSL DHE DSS WITH RC4 128 SHA  TLS RSA WITH AES 128 CBC SHA  TLS RSA WITH AES 128 CBC SHA256  TLS RSA WITH CAMELLIA 128 CBC SHA  TLS RSA WITH AES 256 CBC SHA  TLS RSA WITH AES 256 CBC SHA256  TLS RSA WITH CAMELLIA 256 CBC SHA  SSL RSA WITH 3DES EDE CBC SHA  SSL RSA WITH RC4 128 SHA  SSL RSA WITH RC4 128 MD5  Compression Methods     0   Extension renegotiation info  renegotiated connection   lt empty gt  Extension signature algorithms  signature algorithms  Unknown  hash 0x4  signature 0x2   SHA256withRSA  SHA1withRSA  SHA1withDSA        Initialized    Session-2  SSL NULL WITH NULL NULL     Invalidated    Session-2  SSL NULL WITH NULL NULL  A client  SEND TLSv1 2 ALERT   fatal  description   handshake failure A client  WRITE  TLSv1 2 Alert  length   2 A client  called closeSocket   A client  handling exception  javax net ssl SSLHandshakeException  no cipher suites in common   The output contains one connect to another server that works and then the connection to my server  I can t remove the other connect  because I m getting the information on how to connect over this connection  I could enable debugging after the first connect  if that s possible  but I don t know how     I removed all not related output  Output that I created    UPDATE   I can t even connect to myself  When I create a SSLServerSocket and an SSLSocket to connect to it in the same application  I get the same error  But when I compare the lists of enabled cipher suites  There are a bunch of suites that are supported by both sockets  I ve tested that on Windows 7 64bit with the newest JDK   UPDATE   I just started the server part of my program from scratch using a tutorial  and magically it worked    I have no idea why  but it seems like I should have just used as much standard implementations as possible  I give the reputation to Bruno  since he put the most effort in his post

User · Answer

In my case  I got this no cipher suites in common error because I ve loaded a p12 format file to the keystore of the server  instead of a jks file

User · Answer

Having had this exception myself  I delved into the JRE source code  It became apparent that the message is rather misleading  It could mean what it says  but it more generally means that the server doesn t have the data it needs to respond to the client in the requested way  This can happen  for example  if certificates are missing from the keystore  or haven t been generated with the an appropriate algoritm  Indeed  given the cipher suites that are installed by default  one would have to go to some lengths to really get this exception because of lack of common cipher suites  In my particular case I d generated the certificates with the default algorithm of DSA  when what I needed to get the server to work with Firefox was RSA

User · Answer

For debugging when I start java add like mentioned   -Djavax net debug ssl   then you can see that the browser tried to use TLSv1 and Jetty 9 1 3 was talking TLSv1 2 so they were not communicating  That s Firefox  Chrome wanted SSLv3 so I added that also   sslContextFactory setIncludeProtocols   TLSv1    SSLv3       lt -- Fix sslContextFactory setRenegotiationAllowed true      lt -- added don t know if helps anything    I did not do most of the other stuff the orig poster did      Create a trust manager that does not validate certificate chains TrustManager   trustAllCerts   new TrustManager       or this answer   KeyManagerFactory kmf   KeyManagerFactory getInstance KeyManagerFactory          getDefaultAlgorithm       or    setEnabledCipherSuites     I created one self signed cert like this   but I added  jks to filename  and read that in my jetty java code  http   www eclipse org jetty documentation current configuring-ssl html  keytool -keystore keystore jks -alias jetty -genkey -keyalg RSA        first  amp  lastname     mywebdomain com

User · Answer

Server  import java net    import java io    import java util    import javax net ssl    import javax net    class Test    public static void main String   args       try        SSLContext context   SSLContext getInstance  TLSv1 2          context init null null null         SSLServerSocketFactory serverSocketFactory   context getServerSocketFactory          SSLServerSocket server    SSLServerSocket serverSocketFactory createServerSocket 1024         server setEnabledCipherSuites server getSupportedCipherSuites           SSLSocket socket    SSLSocket server accept          DataInputStream in   new DataInputStream socket getInputStream           DataOutputStream out   new DataOutputStream socket getOutputStream           System out println in readInt          catch Exception e  e printStackTrace             Client  import java net    import java io    import java util    import javax net ssl    import javax net    class Test2    public static void main String   args       try        SSLContext context   SSLContext getInstance  TLSv1 2          context init null null null         SSLSocketFactory socketFactory   context getSocketFactory          SSLSocket socket    SSLSocket socketFactory createSocket  localhost   1024         socket setEnabledCipherSuites socket getSupportedCipherSuites           DataInputStream in   new DataInputStream socket getInputStream           DataOutputStream out   new DataOutputStream socket getOutputStream           out writeInt 1337             catch Exception e  e printStackTrace             server setEnabledCipherSuites server getSupportedCipherSuites     socket setEnabledCipherSuites socket getSupportedCipherSuites

User · Answer

This problem can be caused by undue manipulation of the enabled cipher suites at the client or the server  but I suspect the most common cause is the server not having a private key and certificate at all   NB   ssl setEnabledCipherSuites sc getServerSocketFactory   getSupportedCipherSuites       Get rid of this line  Your server is insecure enough already with that insecure TrustManager  Then run your server with -Djavax net debug SSL handshake  try one connect  and post the resulting output here

User · Answer

You re initialising your SSLContext with a null KeyManager array   The key manager is what handles the server certificate  on the server side   and this is what you re probably aiming to set when using javax net ssl keyStore   However  as described in the JSSE Reference Guide  using null for the first parameter doesn t do what you seem to think it does      If the KeyManager   parameter is null  then an empty KeyManager will   be defined for this context  If the TrustManager   parameter is null    the installed security providers will be searched for the   highest-priority implementation of the TrustManagerFactory  from which   an appropriate TrustManager will be obtained  Likewise  the   SecureRandom parameter may be null  in which case a default   implementation will be used    An empty KeyManager doesn t contain any RSA or DSA certificates  Therefore  all the default cipher suites that would rely on such a certificate are disabled  This is why you get all these  Ignoring unavailable cipher suite  messages  which ultimately result in a  no cipher suites in common  message   If you want your keystore to be used as a keystore  you ll need to load it and initialise a KeyManagerFactory with it       KeyStore ks   KeyStore getInstance  JKS        InputStream ksIs   new FileInputStream             try           ks load ksIs   password  toCharArray           finally           if  ksIs    null                ksIs close                         KeyManagerFactory kmf   KeyManagerFactory getInstance KeyManagerFactory              getDefaultAlgorithm         kmf init ks   keypassword  toCharArray       The use kmf getKeyManagers   as the first parameter to SSLContext init     For the other two parameters  since you re visibly not requesting client-certificate authentication  you should leave the trust manager to its default value  null  instead of copying pasting a trust manager that s a potential cause of vulnerability  and you can also use the default null SecureRandom

User · Answer

It looks like you are trying to connect using TLSv1 2  which isn t widely implemented on servers  Does your destination support tls1 2

User · Answer

I got this error with this     unfortunate    package I have to use and I don t have source for   After much digging  thank you  Stack Overflow  and trying endless combinations  I finally got things running by    Creating the JKS with the entire certificate chain  Making sure the key in the JKS had the alias of the FQDN of the machine  Renaming the alias of the certificate for my machine   FQDN  cert   This took endless experimentation with the java command line options   -Djavax net debug ssl handshake verbose keymanager trustmanager  -Djava security debug access stack   My key and CSR were produced in OpenSSL so I had to import the key with   openssl pkcs12 -export -in  cert pem -inkey  cert key -CAfile fullChain pem -name   FQDN  -out cert p12 keytool -importkeystore -destkeystore cert jks -srckeystore cert p12 -srcstoretype PKCS12   keytool complains about the format so I converted the format followed by adding my cert chain   keytool -importkeystore -srckeystore cert jks -destkeystore cert p12 jks -deststoretype pkcs12 keytool -import -trustcacerts -alias  DigiCert Global Root G2 IntermediateCA  -keystore cert p12 jks -file cert2 pem -storepass   STOREPASS  -keypass   KEYPASS   keytool -import -trustcacerts -alias  DigiCert Global Root G2                 -keystore cert p12 jks -file cert3 pem -storepass   STOREPASS  -keypass   KEYPASS     where cert2 pem and cert3 pem were downloaded from the DigiCert web site and converted to PEM format   When I restarted the application with the resulting jks file  things started to work   Something else I figured out as part of this   You can check the certificate chain by using   openssl x509 -in cert2 pem -noout -text   for all your certificates and studying the output  paying attention to the X509v3 Authority Key Identifier  and X509v3 Authority Key Identifier  lines   The X509v3 Authority Key Identifier  of one level matches the X509v3 Subject Key Identifier  of the next higher level   You found the top of chain when the Issuer  string matches the Subject  string   I hope this can save somebody some of the time it took me

[java] Java SSLHandshakeException "no cipher suites in common"

Examples related to java

Examples related to ssl

Examples related to sslhandshakeexception