SSLHandshakeException: no common cipher suites - SSL spray configuration

Question

SSLHandshakeException: no common cipher suites - SSL spray configuration

I try to install my SSL certificate, which I purchased for my domain, from Comodo, but I get

SSLHandshakeException: no shared cipher suites

I read a few questions on this topic, but none of the suggested answers have yet helped me.

Comodo has provided four certificates:

AddTrustExternalCARoot.crt
COMODORSAAddTrustCA.crt
COMODORSADomainValidationSecureServerCA.crt
STAR_example_com.crt

I configure the server in a Docker file to isolate the problem from the local development environment:

from google/debian:wheezy # Server binary and certificates are copied in before this RUN apt-get update && apt-get install -y openjdk-7-jre ADD UnlimitedJCEPolicyJDK7.zip / RUN unzip UnlimitedJCEPolicyJDK7.zip && cp UnlimitedJCEPolicy/*.jar /usr/lib/jvm/java-1.7.0-openjdk-amd64/jre/lib/security/ RUN keytool -import -trustcacerts -alias root -file AddTrustExternalCARoot.crt -keystore /example.com.jks -storepass changeit -noprompt RUN keytool -import -trustcacerts -alias int-1 -file COMODORSAAddTrustCA.crt -keystore /example.com.jks -storepass changeit -noprompt RUN keytool -import -trustcacerts -alias int-2 -file COMODORSADomainValidationSecureServerCA.crt -keystore /example.com.jks -storepass changeit -noprompt RUN keytool -import -trustcacerts -alias mykey -file STAR_example_com.crt -keystore /example.com.jks -storepass changeit -noprompt

The output of keytool commands in Docker:

 Step 10 : RUN keytool -import -trustcacerts -alias root -file AddTrustExternalCARoot.crt -keystore /example.com.jks -storepass changeit -noprompt ---> Running in 949afa47c891 Certificate was added to keystore ---> 1df5ff85c32a Removing intermediate container 949afa47c891 Step 11 : RUN keytool -import -trustcacerts -alias int-1 -file COMODORSAAddTrustCA.crt -keystore /example.com.jks -storepass changeit -noprompt ---> Running in 6cc802ee61f9 Certificate was added to keystore ---> f6eee577e7d5 Removing intermediate container 6cc802ee61f9 Step 12 : RUN keytool -import -trustcacerts -alias int-2 -file COMODORSADomainValidationSecureServerCA.crt -keystore /example.com.jks -storepass changeit -noprompt ---> Running in 22e6bc1e70a6 Certificate was added to keystore ---> d7a0472a9e1f Removing intermediate container 22e6bc1e70a6 Step 13 : RUN keytool -import -trustcacerts -alias mykey -file STAR_example_com.crt -keystore /example.com.jks -storepass changeit -noprompt ---> Running in 9a812b1182ca Certificate was added to keystore

Comodos instructions say that this last "certificate was added to the keystore" should be "The certificate response was installed to the keystore." What should I do differently when installing a domain certificate?

The SSL configuration in Spray looks like this:

 trait SslConfiguration { implicit def sslContext: SSLContext = { val password = "changeit" val keyStoreResource = "/example.com.jks" val keyStore = KeyStore.getInstance("jks") keyStore.load(new FileInputStream(keyStoreResource), password.toCharArray) val keyManagerFactory = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm) keyManagerFactory.init(keyStore, password.toCharArray) val trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm) trustManagerFactory.init(keyStore) val context = SSLContext.getInstance("TLS") context.init(keyManagerFactory.getKeyManagers, null, new SecureRandom) context } implicit def sslEngineProvider: ServerSSLEngineProvider = { ServerSSLEngineProvider { engine => engine.setEnabledCipherSuites(Array("TLS_RSA_WITH_AES_256_CBC_SHA")) engine.setEnabledProtocols(Array("SSLv3", "TLSv1")) engine } } }

Server loading:

 object Server extends SimpleRoutingApp with SprayJsonSupport with SslConfiguration { def apply(config: Configuration, router: ActorRef)(implicit actorSystem: ActorSystem) = { val settings = ServerSettings(actorSystem).copy(sslEncryption = true) startServer("0.0.0.0", config.notifyPort, serviceActorName = "notify-server", settings = Some(settings)) { path("ping") { complete("OK") } } } }

Debug output:

curl https: // localhost: 9082 / ping

 Using SSLEngineImpl. Using SSLEngineImpl. Using SSLEngineImpl. Using SSLEngineImpl. Allow unsafe renegotiation: false Allow legacy hello messages: true Is initial handshake: true Is secure renegotiation: false Ignoring unsupported cipher suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 for SSLv2Hello Ignoring unsupported cipher suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 for SSLv2Hello Ignoring unsupported cipher suite: TLS_RSA_WITH_AES_256_CBC_SHA256 for SSLv2Hello Ignoring unsupported cipher suite: TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384 for SSLv2Hello Ignoring unsupported cipher suite: TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384 for SSLv2Hello Ignoring unsupported cipher suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 for SSLv2Hello Ignoring unsupported cipher suite: TLS_DHE_DSS_WITH_AES_256_CBC_SHA256 for SSLv2Hello Ignoring unsupported cipher suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 for TLSv1 Ignoring unsupported cipher suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 for TLSv1 Ignoring unsupported cipher suite: TLS_RSA_WITH_AES_256_CBC_SHA256 for TLSv1 Ignoring unsupported cipher suite: TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384 for TLSv1 Ignoring unsupported cipher suite: TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384 for TLSv1 Ignoring unsupported cipher suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 for TLSv1 Ignoring unsupported cipher suite: TLS_DHE_DSS_WITH_AES_256_CBC_SHA256 for TLSv1 Ignoring unsupported cipher suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 for TLSv1.1 Ignoring unsupported cipher suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 for TLSv1.1 Ignoring unsupported cipher suite: TLS_RSA_WITH_AES_256_CBC_SHA256 for TLSv1.1 Ignoring unsupported cipher suite: TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384 for TLSv1.1 Ignoring unsupported cipher suite: TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384 for TLSv1.1 Ignoring unsupported cipher suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 for TLSv1.1 Ignoring unsupported cipher suite: TLS_DHE_DSS_WITH_AES_256_CBC_SHA256 for TLSv1.1 [Raw read]: length = 5 0000: 16 03 01 00 BF ..... [Raw read]: length = 191 0000: 01 00 00 BB 03 03 55 9C 69 B9 0E 94 CA 61 A4 3C ......Ui...a.< 0010: 95 0B A5 81 B6 BA D4 90 3D 4B 8C 4E BB 35 17 8F ........=KN5.. 0020: 19 9E B6 D0 2E BB 00 00 5E 00 FF C0 24 C0 23 C0 ........^...$.#. 0030: 0A C0 09 C0 07 C0 08 C0 28 C0 27 C0 14 C0 13 C0 ........(.'..... 0040: 11 C0 12 C0 26 C0 25 C0 2A C0 29 C0 05 C0 04 C0 ....&.%.*.)..... 0050: 02 C0 03 C0 0F C0 0E C0 0C C0 0D 00 3D 00 3C 00 ............=.<. 0060: 2F 00 05 00 04 00 35 00 0A 00 67 00 6B 00 33 00 /.....5...gk3. 0070: 39 00 16 00 AF 00 AE 00 8D 00 8C 00 8A 00 8B 00 9............... 0080: B1 00 B0 00 2C 00 3B 01 00 00 34 00 00 00 0E 00 ....,.;...4..... 0090: 0C 00 00 09 6C 6F 63 61 6C 68 6F 73 74 00 0A 00 ....localhost... 00A0: 08 00 06 00 17 00 18 00 19 00 0B 00 02 01 00 00 ................ 00B0: 0D 00 0C 00 0A 05 01 04 01 02 01 04 03 02 03 ............... notify-server-akka.actor.default-dispatcher-6, READ: TLSv1 Handshake, length = 191 *** ClientHello, TLSv1.2 RandomCookie: GMT: 1419536569 bytes = { 14, 148, 202, 97, 164, 60, 149, 11, 165, 129, 182, 186, 212, 144, 61, 75, 140, 78, 187, 53, 23, 143, 25, 158, 182, 208, 46, 187 } Session ID: {} Cipher Suites: [TLS_EMPTY_RENEGOTIATION_INFO_SCSV, TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384, TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256, TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, TLS_ECDHE_ECDSA_WITH_RC4_128_SHA, TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, TLS_ECDHE_RSA_WITH_RC4_128_SHA, TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384, TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256, TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384, TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256, TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA, TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA, TLS_ECDH_ECDSA_WITH_RC4_128_SHA, TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDH_RSA_WITH_AES_256_CBC_SHA, TLS_ECDH_RSA_WITH_AES_128_CBC_SHA, TLS_ECDH_RSA_WITH_RC4_128_SHA, TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA, TLS_RSA_WITH_AES_256_CBC_SHA256, TLS_RSA_WITH_AES_128_CBC_SHA256, TLS_RSA_WITH_AES_128_CBC_SHA, SSL_RSA_WITH_RC4_128_SHA, SSL_RSA_WITH_RC4_128_MD5, TLS_RSA_WITH_AES_256_CBC_SHA, SSL_RSA_WITH_3DES_EDE_CBC_SHA, TLS_DHE_RSA_WITH_AES_128_CBC_SHA256, TLS_DHE_RSA_WITH_AES_256_CBC_SHA256, TLS_DHE_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_RSA_WITH_AES_256_CBC_SHA, SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA, TLS_PSK_WITH_AES_256_CBC_SHA384, TLS_PSK_WITH_AES_128_CBC_SHA256, TLS_PSK_WITH_AES_256_CBC_SHA, TLS_PSK_WITH_AES_128_CBC_SHA, TLS_PSK_WITH_RC4_128_SHA, TLS_PSK_WITH_3DES_EDE_CBC_SHA, TLS_PSK_WITH_NULL_SHA384, TLS_PSK_WITH_NULL_SHA256, TLS_PSK_WITH_NULL_SHA, TLS_RSA_WITH_NULL_SHA256] Compression Methods: { 0 } Extension server_name, server_name: [host_name: localhost] Extension elliptic_curves, curve names: {secp256r1, secp384r1, secp521r1} Extension ec_point_formats, formats: [uncompressed] Extension signature_algorithms, signature_algorithms: SHA384withRSA, SHA256withRSA, SHA1withRSA, SHA256withECDSA, SHA1withECDSA *** [read] MD5 and SHA1 hashes: len = 191 0000: 01 00 00 BB 03 03 55 9C 69 B9 0E 94 CA 61 A4 3C ......Ui...a.< 0010: 95 0B A5 81 B6 BA D4 90 3D 4B 8C 4E BB 35 17 8F ........=KN5.. 0020: 19 9E B6 D0 2E BB 00 00 5E 00 FF C0 24 C0 23 C0 ........^...$.#. 0030: 0A C0 09 C0 07 C0 08 C0 28 C0 27 C0 14 C0 13 C0 ........(.'..... 0040: 11 C0 12 C0 26 C0 25 C0 2A C0 29 C0 05 C0 04 C0 ....&.%.*.)..... 0050: 02 C0 03 C0 0F C0 0E C0 0C C0 0D 00 3D 00 3C 00 ............=.<. 0060: 2F 00 05 00 04 00 35 00 0A 00 67 00 6B 00 33 00 /.....5...gk3. 0070: 39 00 16 00 AF 00 AE 00 8D 00 8C 00 8A 00 8B 00 9............... 0080: B1 00 B0 00 2C 00 3B 01 00 00 34 00 00 00 0E 00 ....,.;...4..... 0090: 0C 00 00 09 6C 6F 63 61 6C 68 6F 73 74 00 0A 00 ....localhost... 00A0: 08 00 06 00 17 00 18 00 19 00 0B 00 02 01 00 00 ................ 00B0: 0D 00 0C 00 0A 05 01 04 01 02 01 04 03 02 03 ............... %% Initialized: [Session-1, SSL_NULL_WITH_NULL_NULL] notify-server-akka.actor.default-dispatcher-6, fatal error: 40: no cipher suites in common javax.net.ssl.SSLHandshakeException: no cipher suites in common %% Invalidated: [Session-1, SSL_NULL_WITH_NULL_NULL] notify-server-akka.actor.default-dispatcher-6, SEND TLSv1.2 ALERT: fatal, description = handshake_failure notify-server-akka.actor.default-dispatcher-6, WRITE: TLSv1.2 Alert, length = 2 notify-server-akka.actor.default-dispatcher-6, fatal: engine already closed. Rethrowing javax.net.ssl.SSLHandshakeException: no cipher suites in common [ERROR] [07/08/2015 00:07:22.230] [notify-server-akka.actor.default-dispatcher-6] [akka://notify-server/user/IO-HTTP/listener-0/0] Aborting encrypted connection to 10.0.2.2/10.0.2.2:50790 due to [SSLHandshakeException:no cipher suites in common] -> [SSLHandshakeException:no cipher suites in common] TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256, TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, TLS_ECDHE_ECDSA_WITH_RC4_128_SHA, TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, TLS_ECDHE_RSA_WITH_RC4_128_SHA, TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384, TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256, TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384, TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256, TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA, TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA, TLS_ECDH_ECDSA_WITH_RC4_128_SHA, TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDH_RSA_WITH_AES_256_CBC_SHA, TLS_ECDH_RSA_WITH_AES_128_CBC_SHA, Using SSLEngineImpl. Using SSLEngineImpl. Using SSLEngineImpl. Using SSLEngineImpl. Allow unsafe renegotiation: false Allow legacy hello messages: true Is initial handshake: true Is secure renegotiation: false Ignoring unsupported cipher suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 for SSLv2Hello Ignoring unsupported cipher suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 for SSLv2Hello Ignoring unsupported cipher suite: TLS_RSA_WITH_AES_256_CBC_SHA256 for SSLv2Hello Ignoring unsupported cipher suite: TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384 for SSLv2Hello Ignoring unsupported cipher suite: TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384 for SSLv2Hello Ignoring unsupported cipher suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 for SSLv2Hello Ignoring unsupported cipher suite: TLS_DHE_DSS_WITH_AES_256_CBC_SHA256 for SSLv2Hello Ignoring unsupported cipher suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 for TLSv1 Ignoring unsupported cipher suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 for TLSv1 Ignoring unsupported cipher suite: TLS_RSA_WITH_AES_256_CBC_SHA256 for TLSv1 Ignoring unsupported cipher suite: TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384 for TLSv1 Ignoring unsupported cipher suite: TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384 for TLSv1 Ignoring unsupported cipher suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 for TLSv1 Ignoring unsupported cipher suite: TLS_DHE_DSS_WITH_AES_256_CBC_SHA256 for TLSv1 Ignoring unsupported cipher suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 for TLSv1.1 Ignoring unsupported cipher suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 for TLSv1.1 Ignoring unsupported cipher suite: TLS_RSA_WITH_AES_256_CBC_SHA256 for TLSv1.1 Ignoring unsupported cipher suite: TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384 for TLSv1.1 Ignoring unsupported cipher suite: TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384 for TLSv1.1 Ignoring unsupported cipher suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 for TLSv1.1 Ignoring unsupported cipher suite: TLS_DHE_DSS_WITH_AES_256_CBC_SHA256 for TLSv1.1 [Raw read]: length = 5 0000: 16 03 01 00 BF ..... [Raw read]: length = 191 0000: 01 00 00 BB 03 03 55 9C 69 B9 0E 94 CA 61 A4 3C ......Ui...a.< 0010: 95 0B A5 81 B6 BA D4 90 3D 4B 8C 4E BB 35 17 8F ........=KN5.. 0020: 19 9E B6 D0 2E BB 00 00 5E 00 FF C0 24 C0 23 C0 ........^...$.#. 0030: 0A C0 09 C0 07 C0 08 C0 28 C0 27 C0 14 C0 13 C0 ........(.'..... 0040: 11 C0 12 C0 26 C0 25 C0 2A C0 29 C0 05 C0 04 C0 ....&.%.*.)..... 0050: 02 C0 03 C0 0F C0 0E C0 0C C0 0D 00 3D 00 3C 00 ............=.<. 0060: 2F 00 05 00 04 00 35 00 0A 00 67 00 6B 00 33 00 /.....5...gk3. 0070: 39 00 16 00 AF 00 AE 00 8D 00 8C 00 8A 00 8B 00 9............... 0080: B1 00 B0 00 2C 00 3B 01 00 00 34 00 00 00 0E 00 ....,.;...4..... 0090: 0C 00 00 09 6C 6F 63 61 6C 68 6F 73 74 00 0A 00 ....localhost... 00A0: 08 00 06 00 17 00 18 00 19 00 0B 00 02 01 00 00 ................ 00B0: 0D 00 0C 00 0A 05 01 04 01 02 01 04 03 02 03 ............... notify-server-akka.actor.default-dispatcher-6, READ: TLSv1 Handshake, length = 191 *** ClientHello, TLSv1.2 RandomCookie: GMT: 1419536569 bytes = { 14, 148, 202, 97, 164, 60, 149, 11, 165, 129, 182, 186, 212, 144, 61, 75, 140, 78, 187, 53, 23, 143, 25, 158, 182, 208, 46, 187 } Session ID: {} Cipher Suites: [TLS_EMPTY_RENEGOTIATION_INFO_SCSV, TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384, TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256, TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, TLS_ECDHE_ECDSA_WITH_RC4_128_SHA, TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, TLS_ECDHE_RSA_WITH_RC4_128_SHA, TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384, TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256, TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384, TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256, TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA, TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA, TLS_ECDH_ECDSA_WITH_RC4_128_SHA, TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDH_RSA_WITH_AES_256_CBC_SHA, TLS_ECDH_RSA_WITH_AES_128_CBC_SHA, TLS_ECDH_RSA_WITH_RC4_128_SHA, TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA, TLS_RSA_WITH_AES_256_CBC_SHA256, TLS_RSA_WITH_AES_128_CBC_SHA256, TLS_RSA_WITH_AES_128_CBC_SHA, SSL_RSA_WITH_RC4_128_SHA, SSL_RSA_WITH_RC4_128_MD5, TLS_RSA_WITH_AES_256_CBC_SHA, SSL_RSA_WITH_3DES_EDE_CBC_SHA, TLS_DHE_RSA_WITH_AES_128_CBC_SHA256, TLS_DHE_RSA_WITH_AES_256_CBC_SHA256, TLS_DHE_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_RSA_WITH_AES_256_CBC_SHA, SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA, TLS_PSK_WITH_AES_256_CBC_SHA384, TLS_PSK_WITH_AES_128_CBC_SHA256, TLS_PSK_WITH_AES_256_CBC_SHA, TLS_PSK_WITH_AES_128_CBC_SHA, TLS_PSK_WITH_RC4_128_SHA, TLS_PSK_WITH_3DES_EDE_CBC_SHA, TLS_PSK_WITH_NULL_SHA384, TLS_PSK_WITH_NULL_SHA256, TLS_PSK_WITH_NULL_SHA, TLS_RSA_WITH_NULL_SHA256] Compression Methods: { 0 } Extension server_name, server_name: [host_name: localhost] Extension elliptic_curves, curve names: {secp256r1, secp384r1, secp521r1} Extension ec_point_formats, formats: [uncompressed] Extension signature_algorithms, signature_algorithms: SHA384withRSA, SHA256withRSA, SHA1withRSA, SHA256withECDSA, SHA1withECDSA *** [read] MD5 and SHA1 hashes: len = 191 0000: 01 00 00 BB 03 03 55 9C 69 B9 0E 94 CA 61 A4 3C ......Ui...a.< 0010: 95 0B A5 81 B6 BA D4 90 3D 4B 8C 4E BB 35 17 8F ........=KN5.. 0020: 19 9E B6 D0 2E BB 00 00 5E 00 FF C0 24 C0 23 C0 ........^...$.#. 0030: 0A C0 09 C0 07 C0 08 C0 28 C0 27 C0 14 C0 13 C0 ........(.'..... 0040: 11 C0 12 C0 26 C0 25 C0 2A C0 29 C0 05 C0 04 C0 ....&.%.*.)..... 0050: 02 C0 03 C0 0F C0 0E C0 0C C0 0D 00 3D 00 3C 00 ............=.<. 0060: 2F 00 05 00 04 00 35 00 0A 00 67 00 6B 00 33 00 /.....5...gk3. 0070: 39 00 16 00 AF 00 AE 00 8D 00 8C 00 8A 00 8B 00 9............... 0080: B1 00 B0 00 2C 00 3B 01 00 00 34 00 00 00 0E 00 ....,.;...4..... 0090: 0C 00 00 09 6C 6F 63 61 6C 68 6F 73 74 00 0A 00 ....localhost... 00A0: 08 00 06 00 17 00 18 00 19 00 0B 00 02 01 00 00 ................ 00B0: 0D 00 0C 00 0A 05 01 04 01 02 01 04 03 02 03 ............... %% Initialized: [Session-1, SSL_NULL_WITH_NULL_NULL] notify-server-akka.actor.default-dispatcher-6, fatal error: 40: no cipher suites in common javax.net.ssl.SSLHandshakeException: no cipher suites in common %% Invalidated: [Session-1, SSL_NULL_WITH_NULL_NULL] notify-server-akka.actor.default-dispatcher-6, SEND TLSv1.2 ALERT: fatal, description = handshake_failure notify-server-akka.actor.default-dispatcher-6, WRITE: TLSv1.2 Alert, length = 2 notify-server-akka.actor.default-dispatcher-6, fatal: engine already closed. Rethrowing javax.net.ssl.SSLHandshakeException: no cipher suites in common [ERROR] [07/08/2015 00:07:22.230] [notify-server-akka.actor.default-dispatcher-6] [akka://notify-server/user/IO-HTTP/listener-0/0] Aborting encrypted connection to 10.0.2.2/10.0.2.2:50790 due to [SSLHandshakeException:no cipher suites in common] -> [SSLHandshakeException:no cipher suites in common] , SSL_RSA_WITH_3DES_EDE_CBC_SHA, TLS_DHE_RSA_WITH_AES_128_CBC_SHA256, TLS_DHE_RSA_WITH_AES_256_CBC_SHA256, TLS_DHE_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_RSA_WITH_AES_256_CBC_SHA, SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA, TLS_PSK_WITH_AES_256_CBC_SHA384, TLS_PSK_WITH_AES_128_CBC_SHA256, TLS_PSK_WITH_AES_256_CBC_SHA, TLS_PSK_WITH_AES_128_CBC_SHA, TLS_PSK_WITH_RC4_128_SHA, TLS_PSK_WITH_3DES_EDE_CBC_SHA, TLS_PSK_WITH_NULL_SHA384, TLS_PSK_WITH_NULL_SHA256, TLS_PSK_WITH_NULL_SHA, TLS_RSA_WITH_NULL_SHA256] Using SSLEngineImpl. Using SSLEngineImpl. Using SSLEngineImpl. Using SSLEngineImpl. Allow unsafe renegotiation: false Allow legacy hello messages: true Is initial handshake: true Is secure renegotiation: false Ignoring unsupported cipher suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 for SSLv2Hello Ignoring unsupported cipher suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 for SSLv2Hello Ignoring unsupported cipher suite: TLS_RSA_WITH_AES_256_CBC_SHA256 for SSLv2Hello Ignoring unsupported cipher suite: TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384 for SSLv2Hello Ignoring unsupported cipher suite: TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384 for SSLv2Hello Ignoring unsupported cipher suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 for SSLv2Hello Ignoring unsupported cipher suite: TLS_DHE_DSS_WITH_AES_256_CBC_SHA256 for SSLv2Hello Ignoring unsupported cipher suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 for TLSv1 Ignoring unsupported cipher suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 for TLSv1 Ignoring unsupported cipher suite: TLS_RSA_WITH_AES_256_CBC_SHA256 for TLSv1 Ignoring unsupported cipher suite: TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384 for TLSv1 Ignoring unsupported cipher suite: TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384 for TLSv1 Ignoring unsupported cipher suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 for TLSv1 Ignoring unsupported cipher suite: TLS_DHE_DSS_WITH_AES_256_CBC_SHA256 for TLSv1 Ignoring unsupported cipher suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 for TLSv1.1 Ignoring unsupported cipher suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 for TLSv1.1 Ignoring unsupported cipher suite: TLS_RSA_WITH_AES_256_CBC_SHA256 for TLSv1.1 Ignoring unsupported cipher suite: TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384 for TLSv1.1 Ignoring unsupported cipher suite: TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384 for TLSv1.1 Ignoring unsupported cipher suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 for TLSv1.1 Ignoring unsupported cipher suite: TLS_DHE_DSS_WITH_AES_256_CBC_SHA256 for TLSv1.1 [Raw read]: length = 5 0000: 16 03 01 00 BF ..... [Raw read]: length = 191 0000: 01 00 00 BB 03 03 55 9C 69 B9 0E 94 CA 61 A4 3C ......Ui...a.< 0010: 95 0B A5 81 B6 BA D4 90 3D 4B 8C 4E BB 35 17 8F ........=KN5.. 0020: 19 9E B6 D0 2E BB 00 00 5E 00 FF C0 24 C0 23 C0 ........^...$.#. 0030: 0A C0 09 C0 07 C0 08 C0 28 C0 27 C0 14 C0 13 C0 ........(.'..... 0040: 11 C0 12 C0 26 C0 25 C0 2A C0 29 C0 05 C0 04 C0 ....&.%.*.)..... 0050: 02 C0 03 C0 0F C0 0E C0 0C C0 0D 00 3D 00 3C 00 ............=.<. 0060: 2F 00 05 00 04 00 35 00 0A 00 67 00 6B 00 33 00 /.....5...gk3. 0070: 39 00 16 00 AF 00 AE 00 8D 00 8C 00 8A 00 8B 00 9............... 0080: B1 00 B0 00 2C 00 3B 01 00 00 34 00 00 00 0E 00 ....,.;...4..... 0090: 0C 00 00 09 6C 6F 63 61 6C 68 6F 73 74 00 0A 00 ....localhost... 00A0: 08 00 06 00 17 00 18 00 19 00 0B 00 02 01 00 00 ................ 00B0: 0D 00 0C 00 0A 05 01 04 01 02 01 04 03 02 03 ............... notify-server-akka.actor.default-dispatcher-6, READ: TLSv1 Handshake, length = 191 *** ClientHello, TLSv1.2 RandomCookie: GMT: 1419536569 bytes = { 14, 148, 202, 97, 164, 60, 149, 11, 165, 129, 182, 186, 212, 144, 61, 75, 140, 78, 187, 53, 23, 143, 25, 158, 182, 208, 46, 187 } Session ID: {} Cipher Suites: [TLS_EMPTY_RENEGOTIATION_INFO_SCSV, TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384, TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256, TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, TLS_ECDHE_ECDSA_WITH_RC4_128_SHA, TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, TLS_ECDHE_RSA_WITH_RC4_128_SHA, TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384, TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256, TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384, TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256, TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA, TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA, TLS_ECDH_ECDSA_WITH_RC4_128_SHA, TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDH_RSA_WITH_AES_256_CBC_SHA, TLS_ECDH_RSA_WITH_AES_128_CBC_SHA, TLS_ECDH_RSA_WITH_RC4_128_SHA, TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA, TLS_RSA_WITH_AES_256_CBC_SHA256, TLS_RSA_WITH_AES_128_CBC_SHA256, TLS_RSA_WITH_AES_128_CBC_SHA, SSL_RSA_WITH_RC4_128_SHA, SSL_RSA_WITH_RC4_128_MD5, TLS_RSA_WITH_AES_256_CBC_SHA, SSL_RSA_WITH_3DES_EDE_CBC_SHA, TLS_DHE_RSA_WITH_AES_128_CBC_SHA256, TLS_DHE_RSA_WITH_AES_256_CBC_SHA256, TLS_DHE_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_RSA_WITH_AES_256_CBC_SHA, SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA, TLS_PSK_WITH_AES_256_CBC_SHA384, TLS_PSK_WITH_AES_128_CBC_SHA256, TLS_PSK_WITH_AES_256_CBC_SHA, TLS_PSK_WITH_AES_128_CBC_SHA, TLS_PSK_WITH_RC4_128_SHA, TLS_PSK_WITH_3DES_EDE_CBC_SHA, TLS_PSK_WITH_NULL_SHA384, TLS_PSK_WITH_NULL_SHA256, TLS_PSK_WITH_NULL_SHA, TLS_RSA_WITH_NULL_SHA256] Compression Methods: { 0 } Extension server_name, server_name: [host_name: localhost] Extension elliptic_curves, curve names: {secp256r1, secp384r1, secp521r1} Extension ec_point_formats, formats: [uncompressed] Extension signature_algorithms, signature_algorithms: SHA384withRSA, SHA256withRSA, SHA1withRSA, SHA256withECDSA, SHA1withECDSA *** [read] MD5 and SHA1 hashes: len = 191 0000: 01 00 00 BB 03 03 55 9C 69 B9 0E 94 CA 61 A4 3C ......Ui...a.< 0010: 95 0B A5 81 B6 BA D4 90 3D 4B 8C 4E BB 35 17 8F ........=KN5.. 0020: 19 9E B6 D0 2E BB 00 00 5E 00 FF C0 24 C0 23 C0 ........^...$.#. 0030: 0A C0 09 C0 07 C0 08 C0 28 C0 27 C0 14 C0 13 C0 ........(.'..... 0040: 11 C0 12 C0 26 C0 25 C0 2A C0 29 C0 05 C0 04 C0 ....&.%.*.)..... 0050: 02 C0 03 C0 0F C0 0E C0 0C C0 0D 00 3D 00 3C 00 ............=.<. 0060: 2F 00 05 00 04 00 35 00 0A 00 67 00 6B 00 33 00 /.....5...gk3. 0070: 39 00 16 00 AF 00 AE 00 8D 00 8C 00 8A 00 8B 00 9............... 0080: B1 00 B0 00 2C 00 3B 01 00 00 34 00 00 00 0E 00 ....,.;...4..... 0090: 0C 00 00 09 6C 6F 63 61 6C 68 6F 73 74 00 0A 00 ....localhost... 00A0: 08 00 06 00 17 00 18 00 19 00 0B 00 02 01 00 00 ................ 00B0: 0D 00 0C 00 0A 05 01 04 01 02 01 04 03 02 03 ............... %% Initialized: [Session-1, SSL_NULL_WITH_NULL_NULL] notify-server-akka.actor.default-dispatcher-6, fatal error: 40: no cipher suites in common javax.net.ssl.SSLHandshakeException: no cipher suites in common %% Invalidated: [Session-1, SSL_NULL_WITH_NULL_NULL] notify-server-akka.actor.default-dispatcher-6, SEND TLSv1.2 ALERT: fatal, description = handshake_failure notify-server-akka.actor.default-dispatcher-6, WRITE: TLSv1.2 Alert, length = 2 notify-server-akka.actor.default-dispatcher-6, fatal: engine already closed. Rethrowing javax.net.ssl.SSLHandshakeException: no cipher suites in common [ERROR] [07/08/2015 00:07:22.230] [notify-server-akka.actor.default-dispatcher-6] [akka://notify-server/user/IO-HTTP/listener-0/0] Aborting encrypted connection to 10.0.2.2/10.0.2.2:50790 due to [SSLHandshakeException:no cipher suites in common] -> [SSLHandshakeException:no cipher suites in common]

I followed Comodos instructions in the EXCEPT tag to set up an alias. I am not 100% sure if I need to set the domain alias to "mykey" or something else. Could this be a problem?

Any help with this issue would be greatly appreciated!

+5

java https ssl-certificate spray

Upio Jul 08 '15 at 0:22

source share

3 answers

I had the same issue and this was due to the lack of a Java cryptography extension. You can download and install it here http://www.oracle.com/technetwork/java/javase/downloads/jce-7-download-432124.html

Usually the JDK (not the JRE) comes with some libraries already installed.

+1

mericano1 Jul 08 '15 at 9:28

source share

For me, this was caused by the wrong repository storage.

I had two modules in one application, and another initialized javax.net.ssl to my liking, and the part that chose the above exception appeared only after that.

And once javax.net.ssl is initialized once, changing the properties of the key- and truststore system no longer affects anything.

I figured this out by putting -Djavax.net.debug = ssl on the command line invocation of the source application server to make sure the parameter was set before anyone else turned around. Then you can see on STDOUT, which initializes the stores and with what.

0

Zds Nov 13 '17 at 8:44

source share

Upio · Accepted Answer · 2015-07-08T23:45:12+0000

The problem was resolved when I followed these instructions to install the certificate and private key in the keystore. I followed instructions that suggested that this step was already taken.

SSLHandshakeException: no common cipher suites - SSL spray configuration

More articles: