Ich benutze einen SSLServerSocket, um Client-Verbindungen auf meinem openSUSE-Server zu akzeptieren, aber keiner von ihnen kann eine Verbindung herstellen. Ich bekomme immer eine SSLHandshakeException no cipher suites in common
. Ich habe alle möglichen Suiten aktiviert, mehrere Protokolle aktiviert, mit dem neuesten Oracle JRE und dem Openjdk versucht. Auch folgte ich mehrere andere Beiträge in Foren und Sachen und „entriegelt“ alle Chiffriersätze im jre von Oracle und ich änderte die Einstellungen der openjdk jre wie folgt aus:Java SSLHandshakeException "keine Cipher Suites im Common"
Behinderte: #security.provider.10=sun.security.pkcs11.SunPKCS11 ${java.home}/lib/security/nss.cfg
und aktiviert: security.provider.9=sun.security.ec.SunEC
Dies ist, wie ich meine SSLServerSocket initialisieren:
System.setProperty("javax.net.ssl.keyStore", "./keystore");
System.setProperty("javax.net.ssl.keyStorePassword", "nopassword");
java.lang.System.setProperty("sun.security.ssl.allowUnsafeRenegotiation", "true");
// Create a trust manager that does not validate certificate chains
TrustManager[] trustAllCerts = new TrustManager[] {
new X509TrustManager() {
public void checkClientTrusted(java.security.cert.X509Certificate[] certs, String authType) {
}
public void checkServerTrusted(java.security.cert.X509Certificate[] certs, String authType) {
}
public java.security.cert.X509Certificate[] getAcceptedIssuers() {
return null;
}
}
};
// Install the all-trusting trust manager
SSLContext sc = SSLContext.getInstance("TLSv1.2");
sc.init(null, trustAllCerts, new SecureRandom());
SSLServerSocket ssl = (SSLServerSocket) sc.getServerSocketFactory().createServerSocket(
DownloadFilelist.PORT);
// Got rid of:
//ssl.setEnabledCipherSuites(sc.getServerSocketFactory().getSupportedCipherSuites());
ssl.setEnabledProtocols(new String[] {"TLSv1", "TLSv1.1", "TLSv1.2", "SSLv3"});
// System.out.println(Arrays.toString(ssl.getEnabledCipherSuites()));
s = ssl;
// s = new ServerSocket(DownloadFilelist.PORT);
s.setSoTimeout(TIMEOUT);
Das Problem ist, dass ich nicht das, was weder Chiffriersätze die Kunden wollen herausfinden kann, kann ich es beeinflussen. Ich habe das Programm mit -Djavax.net.debug=ssl,handshake
gestartet, here ist das Ergebnis. Kann jemand von Ihnen herausfinden, was das Problem ist?
EDIT Der Schlüsselspeicher wurde mit erstellt: keytool -genkey -keyalg RSA -keystore ./keystore
Hier ist der Code auf dieser Seite, wenn das hilft (scheint, wie die Formatierung nicht vermasselt wird):
trigger seeding of SecureRandom
trigger seeding of SecureRandom
done seeding SecureRandom
done seeding SecureRandom
Ignoring unavailable cipher suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
Ignoring unavailable cipher suite: TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA
Ignoring unavailable cipher suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
Ignoring unavailable cipher suite: TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA
Ignoring unavailable cipher suite: TLS_ECDH_RSA_WITH_AES_256_CBC_SHA
Ignoring unavailable cipher suite: TLS_ECDH_RSA_WITH_AES_256_CBC_SHA
Ignoring unsupported cipher suite: TLS_DHE_DSS_WITH_AES_128_CBC_SHA256
Ignoring unavailable cipher suite: TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA
Ignoring unsupported cipher suite: TLS_DHE_DSS_WITH_AES_256_CBC_SHA256
Ignoring unavailable cipher suite: TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA
Ignoring unavailable cipher suite: TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256
Ignoring unavailable cipher suite: TLS_ECDHE_RSA_WITH_RC4_128_SHA
Ignoring unavailable cipher suite: TLS_ECDH_ECDSA_WITH_RC4_128_SHA
Ignoring unavailable cipher suite: TLS_ECDHE_ECDSA_WITH_RC4_128_SHA
Ignoring unavailable cipher suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
Ignoring unavailable cipher suite: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
Ignoring unavailable cipher suite: TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA
Ignoring unavailable cipher suite: TLS_ECDH_RSA_WITH_RC4_128_SHA
Ignoring unavailable cipher suite: TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384
Ignoring unavailable cipher suite: TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA
Ignoring unavailable cipher suite: TLS_ECDH_RSA_WITH_AES_128_CBC_SHA
Ignoring unavailable cipher suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA
Ignoring unavailable cipher suite: TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA
Ignoring unavailable cipher suite: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
Ignoring unavailable cipher suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384
Ignoring unavailable cipher suite: TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384
Ignoring unavailable cipher suite: TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256
Ignoring unavailable cipher suite: TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256
Ignoring unavailable cipher suite: TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA
Ignoring unavailable cipher suite: TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA
Ignoring unavailable cipher suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
Ignoring unavailable cipher suite: TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA
Ignoring unavailable cipher suite: TLS_ECDH_RSA_WITH_AES_256_CBC_SHA
Ignoring unavailable cipher suite: TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA
Ignoring unavailable cipher suite: TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256
Ignoring unavailable cipher suite: TLS_ECDHE_RSA_WITH_RC4_128_SHA
Ignoring unavailable cipher suite: TLS_ECDH_ECDSA_WITH_RC4_128_SHA
Ignoring unavailable cipher suite: TLS_ECDHE_ECDSA_WITH_RC4_128_SHA
Ignoring unavailable cipher suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
Ignoring unavailable cipher suite: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
Ignoring unavailable cipher suite: TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA
Ignoring unavailable cipher suite: TLS_ECDH_RSA_WITH_RC4_128_SHA
Ignoring unavailable cipher suite: TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384
Ignoring unavailable cipher suite: TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA
Ignoring unavailable cipher suite: TLS_ECDH_RSA_WITH_AES_128_CBC_SHA
Ignoring unavailable cipher suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA
Ignoring unavailable cipher suite: TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA
Ignoring unavailable cipher suite: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
Ignoring unavailable cipher suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384
Ignoring unavailable cipher suite: TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384
Ignoring unavailable cipher suite: TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256
Ignoring unavailable cipher suite: TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256
Ignoring unavailable cipher suite: TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA
Ignoring unsupported cipher suite: TLS_DHE_RSA_WITH_AES_128_CBC_SHA256
Ignoring unavailable cipher suite: TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA
Ignoring unsupported cipher suite: TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256
Ignoring unavailable cipher suite: TLS_ECDHE_RSA_WITH_RC4_128_SHA
Ignoring unavailable cipher suite: TLS_ECDH_ECDSA_WITH_RC4_128_SHA
Ignoring unsupported cipher suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA256
Ignoring unavailable cipher suite: TLS_ECDHE_ECDSA_WITH_RC4_128_SHA
Ignoring unsupported cipher suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
Ignoring unavailable cipher suite: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
Ignoring unavailable cipher suite: TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA
Ignoring unavailable cipher suite: TLS_ECDH_RSA_WITH_RC4_128_SHA
Ignoring unsupported cipher suite: TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384
Ignoring unavailable cipher suite: TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA
Ignoring unavailable cipher suite: TLS_ECDH_RSA_WITH_AES_128_CBC_SHA
Ignoring unsupported cipher suite: TLS_RSA_WITH_AES_256_CBC_SHA256
Ignoring unavailable cipher suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA
Ignoring unavailable cipher suite: TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA
Ignoring unsupported cipher suite: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
Ignoring unsupported cipher suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384
Ignoring unsupported cipher suite: TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384
Ignoring unsupported cipher suite: TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256
Ignoring unsupported cipher suite: TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256
Ignoring unavailable cipher suite: TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA
Ignoring unsupported cipher suite: TLS_RSA_WITH_AES_128_CBC_SHA256
Ignoring unavailable cipher suite: TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA
main, setSoTimeout(2000) called
Allow unsafe renegotiation: true
Allow legacy hello messages: true
Is initial handshake: true
Is secure renegotiation: false
%% No cached client session
*** ClientHello, TLSv1
RandomCookie: GMT: 1361763651 bytes = { 159, 113, 250, 254, 103, 37, 66, 234, 127, 4, 36, 240, 60, 252, 55, 112, 6, 224, 192, 181, 146, 163, 63, 148, 152, 255, 77, 8 }
Session ID: {}
Cipher Suites: [TLS_RSA_WITH_AES_256_CBC_SHA, TLS_DHE_RSA_WITH_AES_256_CBC_SHA, TLS_DHE_DSS_WITH_AES_256_CBC_SHA, TLS_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_DSS_WITH_AES_128_CBC_SHA, SSL_RSA_WITH_RC4_128_SHA, SSL_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA, SSL_RSA_WITH_RC4_128_MD5, TLS_EMPTY_RENEGOTIATION_INFO_SCSV]
Compression Methods: { 0 }
***
main, WRITE: TLSv1 Handshake, length = 67
main, READ: TLSv1 Handshake, length = 81
*** ServerHello, TLSv1
RandomCookie: GMT: 1361763767 bytes = { 249, 20, 120, 68, 76, 110, 168, 235, 47, 91, 119, 64, 151, 242, 169, 191, 111, 105, 146, 90, 173, 223, 55, 127, 133, 12, 1, 247 }
Session ID: {246, 66, 250, 209, 13, 188, 190, 246, 14, 49, 113, 183, 192, 202, 68, 246, 121, 162, 165, 71, 242, 220, 233, 223, 245, 47, 250, 215, 203, 94, 255, 148}
Cipher Suite: TLS_RSA_WITH_AES_256_CBC_SHA
Compression Method: 0
Extension renegotiation_info, renegotiated_connection: <empty>
***
%% Initialized: [Session-1, TLS_RSA_WITH_AES_256_CBC_SHA]
** TLS_RSA_WITH_AES_256_CBC_SHA
main, READ: TLSv1 Handshake, length = 933
*** Certificate chain
chain [0] = [
[
Version: V3
Subject: CN=dc.hadiko.de, O=hadiko dc, L=town, ST=land of the free, C=de
Signature Algorithm: SHA1withRSA, OID = 1.2.840.113549.1.1.5
Key: Sun RSA public key, 2048 bits
modulus: 22613010171436639614880560956464961031555258188367451246658444583390999370970098210909007150132692078653881042731046316239498513359691936582885343174669796075601988313858262934995935649363223919652108615287224220030023261629874169998331654587246748976585212101810697310529416436829153514374554242128947092694064999520197281527578067183301918060451970607703466399571245107774569719996572643148013190800713656468629158991997127544540177983174906099325217344868710319256330960086862269228933938482311029685238274537823670267001618579382801319470736924423550865055775144486750164961588873175599114046362924859400297960451
public exponent: 65537
Validity: [From: Sat Jul 07 12:56:23 CEST 2012,
To: Tue Jul 07 12:56:23 CEST 2015]
Issuer: CN=dc.hadiko.de, O=hadiko dc, L=town, ST=land of the free, C=de
SerialNumber: [ 8682354f f94fbbb5]
Certificate Extensions: 3
[1]: ObjectId: 2.5.29.35 Criticality=false
AuthorityKeyIdentifier [
KeyIdentifier [
0000: 43 1D D9 A7 CF 21 2E 17 F3 4E EE F6 6C 6C 88 16 C....!...N..ll..
0010: 08 3C 67 8E .<g.
]
]
[2]: ObjectId: 2.5.29.19 Criticality=false
BasicConstraints:[
CA:true
PathLen:2147483647
]
[3]: ObjectId: 2.5.29.14 Criticality=false
SubjectKeyIdentifier [
KeyIdentifier [
0000: 43 1D D9 A7 CF 21 2E 17 F3 4E EE F6 6C 6C 88 16 C....!...N..ll..
0010: 08 3C 67 8E .<g.
]
]
]
Algorithm: [SHA1withRSA]
Signature:
0000: 14 83 48 D3 EC 39 49 E3 9C BC 20 F5 BF E4 32 33 ..H..9I... ...23
0010: 5F 09 8F 2D F2 C3 82 80 79 93 9A C1 97 93 92 D9 _..-....y.......
0020: D0 DA 4D B2 FC A1 43 60 1F B9 EA 4C 29 D7 79 D0 ..M...C`...L).y.
0030: 66 8C 25 14 EB 9D 60 94 D7 F4 15 33 8B 17 24 24 f.%...`....3..$$
0040: 5C 65 26 3D C3 B0 8A 51 B6 27 01 D1 A6 A3 68 87 \e&=...Q.'....h.
0050: 2D 6F 0B E6 00 96 B6 CF BC E9 D2 9C 7E 19 9E E1 -o..............
0060: 3A 96 42 2E B7 E8 C0 70 01 99 20 39 89 6D 94 2B :.B....p.. 9.m.+
0070: 76 2F F1 0E 6D 2D 9B 52 77 D3 63 6A 11 DC A3 E6 v/..m-.Rw.cj....
0080: 4E 0E 64 6D FA 77 BC 1E 4F C3 91 AD 21 F7 5D 31 N.dm.w..O...!.]1
0090: F9 04 A5 FA 34 EF 43 61 F1 42 32 5A 9B D1 16 84 ....4.Ca.B2Z....
00A0: 07 2B CA 01 AF 84 54 D2 A9 C4 3A 7A EA D1 2A 95 .+....T...:z..*.
00B0: 47 30 03 BA 48 C4 57 1F 78 58 6C 7A 56 60 40 2C G0..H.W.xXlzV`@,
00C0: 6A 17 15 3F 43 A5 FB 81 4D 9D 1B DC A7 CE 78 D1 j..?C...M.....x.
00D0: 5A 66 97 79 04 55 DA 34 3C B2 CD 9A 62 EE 32 22 Zf.y.U.4<...b.2"
00E0: 70 84 0E 3E 5D 7F 91 0D A5 D4 84 6B F3 E9 40 E9 p..>][email protected]
00F0: E8 69 D7 E5 FC B6 0A 4C 35 66 CC BA E5 38 12 A0 .i.....L5f...8..
]
***
main, READ: TLSv1 Handshake, length = 4
*** ServerHelloDone
*** ClientKeyExchange, RSA PreMasterSecret, TLSv1
main, WRITE: TLSv1 Handshake, length = 262
SESSION KEYGEN:
PreMaster Secret:
0000: 03 01 59 D3 0F F9 95 E8 DC E2 C2 4A 2B 93 79 55 ..Y........J+.yU
0010: 0B 1A 43 5E F4 0A 73 F1 13 E1 00 DF 78 55 F6 52 ..C^..s.....xU.R
0020: 4E 6A D3 2C F8 08 A1 B3 03 DF C9 5E 8C 14 8D 4E Nj.,.......^...N
CONNECTION KEYGEN:
Client Nonce:
0000: 51 2B DD 43 9F 71 FA FE 67 25 42 EA 7F 04 24 F0 Q+.C.q..g%B...$.
0010: 3C FC 37 70 06 E0 C0 B5 92 A3 3F 94 98 FF 4D 08 <.7p......?...M.
Server Nonce:
0000: 51 2B DE B7 F9 14 78 44 4C 6E A8 EB 2F 5B 77 40 Q+....xDLn../[[email protected]
0010: 97 F2 A9 BF 6F 69 92 5A AD DF 37 7F 85 0C 01 F7 ....oi.Z..7.....
Master Secret:
0000: 3E 9E 24 42 3D E4 82 AF AD 97 76 EF 06 EF FB FD >.$B=.....v.....
0010: C8 1A D5 7E 8E A2 74 4D E8 E7 B9 1E 60 E9 E0 6F ......tM....`..o
0020: 09 E3 56 81 FC 2D 20 D9 69 6B 26 C3 0B C5 53 5F ..V..- .ik&...S_
Client MAC write Secret:
0000: 04 30 70 7E A9 4A 1F 88 55 F8 31 31 75 36 40 35 [email protected]
0010: 25 65 24 5D %e$]
Server MAC write Secret:
0000: 8B C1 65 50 6D 11 21 32 CD 50 3A AB 0F 2E A5 FC ..ePm.!2.P:.....
0010: C7 30 E6 EC .0..
Client write key:
0000: 25 D7 96 B0 9A 1F 49 95 06 4D 05 36 2E D0 38 04 %.....I..M.6..8.
0010: 0F 32 15 2E 8F 0A 6C 79 F8 ED E8 9B FE 5C 2C D8 .2....ly.....\,.
Server write key:
0000: 4A 91 5D DF B2 FE 6F 35 3E 8A 21 DF 17 E0 35 F0 J.]...o5>.!...5.
0010: DB 97 4C 7E 18 07 7E 27 DD AD BC C4 C4 28 C5 E1 ..L....'.....(..
Client write IV:
0000: B6 C1 98 05 9B 37 F9 0F 4E 0C 0F 6E 08 8A 26 C9 .....7..N..n..&.
Server write IV:
0000: 0E 83 27 3E 3B 40 E8 BE 4C 58 C4 5F EF E4 D3 4C ..'>;@..LX._...L
main, WRITE: TLSv1 Change Cipher Spec, length = 1
*** Finished
verify_data: { 23, 181, 134, 191, 68, 30, 119, 81, 239, 135, 238, 80 }
***
main, WRITE: TLSv1 Handshake, length = 48
main, READ: TLSv1 Change Cipher Spec, length = 1
main, READ: TLSv1 Handshake, length = 48
*** Finished
verify_data: { 254, 182, 228, 50, 121, 214, 35, 175, 100, 128, 102, 152 }
***
%% Cached client session: [Session-1, TLS_RSA_WITH_AES_256_CBC_SHA]
main, WRITE: TLSv1 Application Data, length = 48
HSent: HSUP ADBASE ADTIGR ADBLOM
main, READ: TLSv1 Application Data, length = 32
main, READ: TLSv1 Application Data, length = 48
main, READ: TLSv1 Application Data, length = 32
main, READ: TLSv1 Application Data, length = 32
main, WRITE: TLSv1 Application Data, length = 32
main, WRITE: TLSv1 Application Data, length = 288
ClientManager, READ: TLSv1 Application Data, length = 32
ClientManager, READ: TLSv1 Application Data, length = 96
[...] (Cut out becauseI exceeded body limit.)
ClientManager, READ: TLSv1 Application Data, length = 80
ClientManager, READ: TLSv1 Application Data, length = 32
ClientManager, READ: TLSv1 Application Data, length = 80
main, WRITE: TLSv1 Application Data, length = 32
main, WRITE: TLSv1 Application Data, length = 64
Allow unsafe renegotiation: true
Allow legacy hello messages: true
Is initial handshake: true
Is secure renegotiation: false
Ignoring unavailable cipher suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
Ignoring unavailable cipher suite: TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA
Ignoring unsupported cipher suite: TLS_RSA_WITH_AES_256_CBC_SHA256 for SSLv3
Ignoring unsupported cipher suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 for SSLv3
Ignoring unsupported cipher suite: TLS_DHE_DSS_WITH_AES_256_CBC_SHA256 for SSLv3
Ignoring unsupported cipher suite: TLS_RSA_WITH_AES_256_CBC_SHA256 for TLSv1
Ignoring unsupported cipher suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 for TLSv1
Ignoring unsupported cipher suite: TLS_DHE_DSS_WITH_AES_256_CBC_SHA256 for TLSv1
Ignoring unsupported cipher suite: TLS_RSA_WITH_AES_256_CBC_SHA256 for TLSv1.1
Ignoring unsupported cipher suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 for TLSv1.1
Ignoring unsupported cipher suite: TLS_DHE_DSS_WITH_AES_256_CBC_SHA256 for TLSv1.1
Ignoring unavailable cipher suite: TLS_ECDH_RSA_WITH_AES_256_CBC_SHA
Ignoring unavailable cipher suite: TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA
Ignoring unavailable cipher suite: TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256
Ignoring unavailable cipher suite: TLS_ECDHE_RSA_WITH_RC4_128_SHA
Ignoring unavailable cipher suite: TLS_ECDH_ECDSA_WITH_RC4_128_SHA
Ignoring unavailable cipher suite: TLS_ECDHE_ECDSA_WITH_RC4_128_SHA
Ignoring unavailable cipher suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
Ignoring unavailable cipher suite: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
Ignoring unavailable cipher suite: TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA
Ignoring unavailable cipher suite: TLS_ECDH_RSA_WITH_RC4_128_SHA
Ignoring unavailable cipher suite: TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384
Ignoring unavailable cipher suite: TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA
Ignoring unavailable cipher suite: TLS_ECDH_RSA_WITH_AES_128_CBC_SHA
Ignoring unavailable cipher suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA
Ignoring unavailable cipher suite: TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA
Ignoring unavailable cipher suite: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
Ignoring unavailable cipher suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384
Ignoring unavailable cipher suite: TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384
A client, READ: SSLv3 Handshake, length = 112
Ignoring unavailable cipher suite: TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256
Ignoring unavailable cipher suite: TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256
Ignoring unavailable cipher suite: TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA
Ignoring unavailable cipher suite: TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA
*** ClientHello, TLSv1.2
RandomCookie: GMT: 1361763651 bytes = { 47, 7, 95, 146, 25, 28, 95, 191, 146, 159, 184, 47, 149, 220, 67, 169, 121, 123, 252, 98, 0, 253, 108, 88, 108, 188, 52, 76 }
Session ID: {}
Cipher Suites: [TLS_DHE_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_RSA_WITH_AES_128_CBC_SHA256, TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA, TLS_DHE_RSA_WITH_AES_256_CBC_SHA, TLS_DHE_RSA_WITH_AES_256_CBC_SHA256, TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA, SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA, TLS_DHE_DSS_WITH_AES_128_CBC_SHA, TLS_DHE_DSS_WITH_AES_128_CBC_SHA256, TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA, TLS_DHE_DSS_WITH_AES_256_CBC_SHA, TLS_DHE_DSS_WITH_AES_256_CBC_SHA256, TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA, SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA, SSL_DHE_DSS_WITH_RC4_128_SHA, TLS_RSA_WITH_AES_128_CBC_SHA, TLS_RSA_WITH_AES_128_CBC_SHA256, TLS_RSA_WITH_CAMELLIA_128_CBC_SHA, TLS_RSA_WITH_AES_256_CBC_SHA, TLS_RSA_WITH_AES_256_CBC_SHA256, TLS_RSA_WITH_CAMELLIA_256_CBC_SHA, SSL_RSA_WITH_3DES_EDE_CBC_SHA, SSL_RSA_WITH_RC4_128_SHA, SSL_RSA_WITH_RC4_128_MD5]
Compression Methods: { 0 }
Extension renegotiation_info, renegotiated_connection: <empty>
Extension signature_algorithms, signature_algorithms: Unknown (hash:0x4, signature:0x2), SHA256withRSA, SHA1withRSA, SHA1withDSA
***
%% Initialized: [Session-2, SSL_NULL_WITH_NULL_NULL]
%% Invalidated: [Session-2, SSL_NULL_WITH_NULL_NULL]
A client, SEND TLSv1.2 ALERT: fatal, description = handshake_failure
A client, WRITE: TLSv1.2 Alert, length = 2
A client, called closeSocket()
A client, handling exception: javax.net.ssl.SSLHandshakeException: no cipher suites in common
Die Ausgabe enthält ein Verbindung zu einem anderen Server, der funktioniert und dann die Verbindung zu meinem Server. Ich kann die andere Verbindung nicht entfernen, weil ich Informationen darüber erhalte, wie man sich über diese Verbindung verbindet. Ich könnte das Debugging nach der ersten Verbindung aktivieren, wenn das möglich ist, aber ich weiß nicht wie ...
Ich entfernte alle nicht verwandte Ausgabe (Ausgabe, die ich erstellt habe).
UPDATE:
Ich kann nicht einmal mir selbst verbinden. Wenn ich eine SSLServerSocket und eine SSLSocket für die Verbindung mit derselben Anwendung erstelle, erhalte ich denselben Fehler. Aber wenn ich die Listen der aktivierten Cipher-Suites vergleiche, gibt es eine Reihe von Suites, die von beiden Sockets unterstützt werden. Ich habe das unter Windows 7 64bit mit dem neuesten JDK getestet.
UPDATE:
ich den Server-Teil meines Programms von Grund auf mit einem Tutorial gerade erst begonnen, und magisch es funktionierte ... Ich habe keine Ahnung, warum, aber es scheint, wie ich gerade verwendet haben sollte viele Standard-Implementierungen wie möglich. Ich gebe Bruno den Ruf, da er sich am meisten Mühe gegeben hat.
Es sieht so aus, als ob mehrere Verbindungen in Ihrer SSL-Ablaufverfolgung vorhanden sind, möglicherweise von anderen Threads. – Bruno
Jep, genau zwei, wie ich darunter geschrieben habe. – Sibbo