Friday, January 20, 2017

javax.net.ssl.SSLHandshakeException: no cipher suites in common

When you are trying to connect your SSL client to your SSL server through SSL Socket connection, the following exception occurs.

javax.net.ssl.SSLHandshakeException: no cipher suites in common
        at sun.security.ssl.Alerts.getSSLException(Alerts.java:192)
        at sun.security.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1884)
        at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:276)
        at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:266)
        at sun.security.ssl.ServerHandshaker.chooseCipherSuite(ServerHandshaker.java:894)
        at sun.security.ssl.ServerHandshaker.clientHello(ServerHandshaker.java:622)
        at sun.security.ssl.ServerHandshaker.processMessage(ServerHandshaker.java:167)
        at sun.security.ssl.Handshaker.processLoop(Handshaker.java:878)
        at sun.security.ssl.Handshaker.process_record(Handshaker.java:814)
        at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1016)
        at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1312)
        at sun.security.ssl.SSLSocketImpl.readDataRecord(SSLSocketImpl.java:882)
        at sun.security.ssl.AppInputStream.read(AppInputStream.java:102)
        at sun.nio.cs.StreamDecoder.readBytes(StreamDecoder.java:283)
        at sun.nio.cs.StreamDecoder.implRead(StreamDecoder.java:325)
        at sun.nio.cs.StreamDecoder.read(StreamDecoder.java:177)
        at java.io.InputStreamReader.read(InputStreamReader.java:184)
        at java.io.BufferedReader.fill(BufferedReader.java:154)
        at java.io.BufferedReader.readLine(BufferedReader.java:317)
        at java.io.BufferedReader.readLine(BufferedReader.java:382)

The exception is thrown because the SSL server socket could not find the private key to use.

1. Ensure your keystore (the jks file used by the server) has the private key
    >keytool -list -keystore <path>/<keystore name>

2. Ensure the algorithm such as RSA used to generate the certificate is supported by your system.

3. Ensure the SSLContext is initialized correctly to use the keystore
3.1 Create a TrustManager that trust the certificate
    TrustManager[] trustManagers = new TrustManager[]{new X509TrustManager() {
           public void checkClientTrusted(java.security.cert.X509Certificate[] certs, String authType) {}
           public void checkServerTrusted(java.security.cert.X509Certificate[] certs, String authType) {}
           public java.security.cert.X509Certificate[] getAcceptedIssuers() {
                 return null;
           }
     }};

3.2 Load the key store.
     KeyStore ks = KeyStore.getInstance("JKS");
     InputStream readCert = new FileInputStream("<path>/<keystore name>");
     try {
           ks.load(readCert, "<keystore password>".toCharArray());                  
      } finally {
           readCert.close();
      }

3.3 Initialize the KeyManagerFactory with the key store
      KeyManagerFactory kmf = KeyManagerFactory.getInstance(
             KeyManagerFactory.getDefaultAlgorithm());
      kmf.init(ks, "<keystore password>".toCharArray());

3.4 Initialize the SSLContext
     SSLContext sslContext = SSLContext.getInstance("TLSv1.2");
     sslContext.init(kmf.getKeyManagers(), trustManagers, new SecureRandom());

-----------------------------------------------------------------------------------------------------------------
Watch the blessing and loving online channel: SupremeMasterTV live




If you have ever asked yourself these questions, this is the book for you. What is the meaning of life? Why do people suffer? What is in control of my life? Why is life the way it is? How can I stop suffering and be happy? How can I have a successful life? How can I have a life I like to have? How can I be the person I like to be? How can I be wiser and smarter? How can I have good and harmonious relations with others? Why do people meditate to achieve enlightenment? What is the true meaning of spiritual practice? Why all beings are one? Read the book for free here.

No comments:

Post a Comment