Tomcat-SSL: "no cipher suites in common" Exception

[Dor Perl <pe...@yahoo.com>]

Hi All, 

Our site is running on Tomcat 3.3/Windows2k stand alone and we want to create a secured page on the Tomcat server (can be a different machine). 
We bought an SSL certificate from "Comodo" (after sending them our CSR that was created using keytool) afterwards we imported the received certificate to the keystore. 
The server starts ok, but when a web browser access it on the SSL port, we get the following exception: 
%% Created: [Session-1, SSL_NULL_WITH_NULL_NULL]
Thread-56, SEND SSL v3.0 ALERT: fatal, description = handshake_failure
Thread-56, WRITE: SSL v3.0 Alert, length = 2
PoolTcpEndpoint: Handshake failed
javax.net.ssl.SSLException: no cipher suites in common
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(DashoA6275)
at com.sun.net.ssl.internal.ssl.ServerHandshaker.a(DashoA6275)
at com.sun.net.ssl.internal.ssl.ServerHandshaker.b(DashoA6275)
at com.sun.net.ssl.internal.ssl.ServerHandshaker.processMessage(DashoA62
75)
at com.sun.net.ssl.internal.ssl.Handshaker.process_record(DashoA6275)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(DashoA6275)
PoolTcpEndpoint: Handshake failed
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(DashoA6275)
at com.sun.net.ssl.internal.ssl.AppOutputStream.write(DashoA6275)
at java.io.OutputStream.write(OutputStream.java:61)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(DashoA6275) 
at org.apache.tomcat.util.net.JSSESocketFactory.handshake(JSSESocketFact
ory.java:270)
at org.apache.tomcat.util.net.TcpWorkerThread.runIt(PoolTcpEndpoint.java
:479)
at org.apache.tomcat.util.threads.ThreadPool$ControlRunnable.run(ThreadP
ool.java:516)
at java.lang.Thread.run(Thread.java:484)
ThreadPool: Caught exception executing org.apache.tomcat.util.net.TcpWorkerThrea
d@19e15c, terminating thread
javax.net.ssl.SSLException: Unsupported SSL v2.0 ClientHello
at com.sun.net.ssl.internal.ssl.InputRecord.read(DashoA6275)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(DashoA6275)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(DashoA6275)
at com.sun.net.ssl.internal.ssl.AppOutputStream.write(DashoA6275)
at java.io.OutputStream.write(OutputStream.java:61)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(DashoA6275) 
at org.apache.tomcat.util.net.JSSESocketFactory.handshake(JSSESocketFact
ory.java:270)
at org.apache.tomcat.util.net.TcpWorkerThread.runIt(PoolTcpEndpoint.java
:479)
at org.apache.tomcat.util.threads.ThreadPool$ControlRunnable.run(ThreadP
ool.java:516)
at java.lang.Thread.run(Thread.java:484)
java.lang.NullPointerException
at org.apache.tomcat.util.net.TcpWorkerThread.runIt(PoolTcpEndpoint.java
:498)
at org.apache.tomcat.util.threads.ThreadPool$ControlRunnable.run(ThreadP
ool.java:516)
at java.lang.Thread.run(Thread.java:484)
ThreadPool: Caught exception executing org.apache.tomcat.util.net.TcpWorkerThrea
d@19e15c, terminating thread
java.lang.NullPointerException
at org.apache.tomcat.util.net.TcpWorkerThread.runIt(PoolTcpEndpoint.java
:498)
at org.apache.tomcat.util.threads.ThreadPool$ControlRunnable.run(ThreadP
ool.java:516)
at java.lang.Thread.run(Thread.java:484) 

I also did the following: 
* added "javax.net.debug=all" to the System properties to see the Debug information. 
* generated my own certificate using keytool (and it works ok. But the certificate is, of course, invalid) 
* Tried to access the server with different SSL protocols. 
* Searched every possible thing in the net.... ;-( 
I dedicated alot of time for this thing but no good. I would be grateful if somenoe could help us. Is it possible that the problem is in the certificate we got from the SSL provider? 

Thanks in advance for your help,

Dor Perl




---------------------------------
With Yahoo! Mail you can get a bigger mailbox -- choose a size that fits your needs

Re: Tomcat-SSL: "no cipher suites in common" Exception

[ningr <ni...@api-jpn.co.jp>]

Dor Perl wrote:

>Hi All, 
>
>Our site is running on Tomcat 3.3/Windows2k stand alone and we want to create a secured page on the Tomcat server (can be a different machine). 
>We bought an SSL certificate from "Comodo" (after sending them our CSR that was created using keytool) afterwards we imported the received certificate to the keystore. 
>The server starts ok, but when a web browser access it on the SSL port, we get the following exception: 
>%% Created: [Session-1, SSL_NULL_WITH_NULL_NULL]
>Thread-56, SEND SSL v3.0 ALERT: fatal, description = handshake_failure
>Thread-56, WRITE: SSL v3.0 Alert, length = 2
>PoolTcpEndpoint: Handshake failed
>javax.net.ssl.SSLException: no cipher suites in common
>at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(DashoA6275)
>at com.sun.net.ssl.internal.ssl.ServerHandshaker.a(DashoA6275)
>at com.sun.net.ssl.internal.ssl.ServerHandshaker.b(DashoA6275)
>at com.sun.net.ssl.internal.ssl.ServerHandshaker.processMessage(DashoA62
>75)
>at com.sun.net.ssl.internal.ssl.Handshaker.process_record(DashoA6275)
>at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(DashoA6275)
>PoolTcpEndpoint: Handshake failed
>at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(DashoA6275)
>at com.sun.net.ssl.internal.ssl.AppOutputStream.write(DashoA6275)
>at java.io.OutputStream.write(OutputStream.java:61)
>at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(DashoA6275) 
>at org.apache.tomcat.util.net.JSSESocketFactory.handshake(JSSESocketFact
>ory.java:270)
>at org.apache.tomcat.util.net.TcpWorkerThread.runIt(PoolTcpEndpoint.java
>:479)
>at org.apache.tomcat.util.threads.ThreadPool$ControlRunnable.run(ThreadP
>ool.java:516)
>at java.lang.Thread.run(Thread.java:484)
>ThreadPool: Caught exception executing org.apache.tomcat.util.net.TcpWorkerThrea
>d@19e15c, terminating thread
>javax.net.ssl.SSLException: Unsupported SSL v2.0 ClientHello
>at com.sun.net.ssl.internal.ssl.InputRecord.read(DashoA6275)
>at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(DashoA6275)
>at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(DashoA6275)
>at com.sun.net.ssl.internal.ssl.AppOutputStream.write(DashoA6275)
>at java.io.OutputStream.write(OutputStream.java:61)
>at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(DashoA6275) 
>at org.apache.tomcat.util.net.JSSESocketFactory.handshake(JSSESocketFact
>ory.java:270)
>at org.apache.tomcat.util.net.TcpWorkerThread.runIt(PoolTcpEndpoint.java
>:479)
>at org.apache.tomcat.util.threads.ThreadPool$ControlRunnable.run(ThreadP
>ool.java:516)
>at java.lang.Thread.run(Thread.java:484)
>java.lang.NullPointerException
>at org.apache.tomcat.util.net.TcpWorkerThread.runIt(PoolTcpEndpoint.java
>:498)
>at org.apache.tomcat.util.threads.ThreadPool$ControlRunnable.run(ThreadP
>ool.java:516)
>at java.lang.Thread.run(Thread.java:484)
>ThreadPool: Caught exception executing org.apache.tomcat.util.net.TcpWorkerThrea
>d@19e15c, terminating thread
>java.lang.NullPointerException
>at org.apache.tomcat.util.net.TcpWorkerThread.runIt(PoolTcpEndpoint.java
>:498)
>at org.apache.tomcat.util.threads.ThreadPool$ControlRunnable.run(ThreadP
>ool.java:516)
>at java.lang.Thread.run(Thread.java:484) 
>
>I also did the following: 
>* added "javax.net.debug=all" to the System properties to see the Debug information. 
>* generated my own certificate using keytool (and it works ok. But the certificate is, of course, invalid) 
>* Tried to access the server with different SSL protocols. 
>* Searched every possible thing in the net.... ;-( 
>I dedicated alot of time for this thing but no good. I would be grateful if somenoe could help us. Is it possible that the problem is in the certificate we got from the SSL provider? 
>
>Thanks in advance for your help,
>
>Dor Perl
>
>
>
>
>---------------------------------
>With Yahoo! Mail you can get a bigger mailbox -- choose a size that fits your needs
>
When you use keytool to generate the keys and CSR, you should use the 
algoritm RSA  ,   not the default DSA. and then the exception will dispear.
keytool ...... -keyalg RSA




--
To unsubscribe, e-mail:   <ma...@jakarta.apache.org>
For additional commands, e-mail: <ma...@jakarta.apache.org>