[jetty-users] Issue with Jetty 7.5.4 / 8.1.3 - SSL and Firefox 12.0

classic Classic list List threaded Threaded
1 message Options
Reply | Threaded
Open this post in threaded view
|

[jetty-users] Issue with Jetty 7.5.4 / 8.1.3 - SSL and Firefox 12.0

Charles Moulliard
Hi,

I use Jetty WebSocket with SSL and when I try connect to the SSL address https://localhost:8443 of my Jetty Application Server (7.5.4 or 8.1.3), I get the following error from Firefox 12

*** ClientHello, TLSv1
RandomCookie:  GMT: 1322641391 bytes = { 185, 81, 146, 11, 172, 15, 154, 172, 211, 186, 248, 5, 124, 220, 4, 26, 177, 30, 22, 147, 23, 153, 58, 109, 209, 96, 106, 47 }
Session ID:  {}
Cipher Suites: [TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, Unknown 0x0:0x88, TLS_DHE_RSA_WITH_AES_256_CBC_SHA, TLS_ECDH_RSA_WITH_AES_256_CBC_SHA, TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA, Unknown 0x0:0x84, TLS_RSA_WITH_AES_256_CBC_SHA, SSL_RSA_WITH_3DES_EDE_CBC_SHA]
Compression Methods:  { 0 }
Unsupported extension server_name, [host_name: localhost]
Extension renegotiation_info, renegotiated_connection: <empty>
Extension elliptic_curves, curve names: {secp256r1, secp384r1, secp521r1}
Extension ec_point_formats, formats: [uncompressed]
Unsupported extension type_35, data: 
***
qtp1295075195-37, fatal error: 40: no cipher suites in common
javax.net.ssl.SSLHandshakeException: no cipher suites in common
qtp1295075195-37, SEND TLSv1 ALERT:  fatal, description = handshake_failure
qtp1295075195-37, WRITE: TLSv1 Alert, length = 2
qtp1295075195-37, fatal: engine already closed.  Rethrowing javax.net.ssl.SSLHandshakeException: no cipher suites in common
[              qtp1295075195-37] ssl                            WARN  127.0.0.1:55319 
javax.net.ssl.SSLHandshakeException: no cipher suites in common
at com.sun.net.ssl.internal.ssl.Handshaker.checkThrown(Handshaker.java:1015)[:1.6]
at com.sun.net.ssl.internal.ssl.SSLEngineImpl.checkTaskThrown(SSLEngineImpl.java:485)[:1.6]
at com.sun.net.ssl.internal.ssl.SSLEngineImpl.writeAppRecord(SSLEngineImpl.java:1128)[:1.6]
at com.sun.net.ssl.internal.ssl.SSLEngineImpl.wrap(SSLEngineImpl.java:1100)[:1.6]
at javax.net.ssl.SSLEngine.wrap(SSLEngine.java:452)[:1.6]
at org.eclipse.jetty.io.nio.SslSelectChannelEndPoint.wrap(SslSelectChannelEndPoint.java:642)[jetty-io-7.5.4.v20111024.jar:7.5.4.v20111024]
at org.eclipse.jetty.io.nio.SslSelectChannelEndPoint.process(SslSelectChannelEndPoint.java:309)[jetty-io-7.5.4.v20111024.jar:7.5.4.v20111024]
at org.eclipse.jetty.io.nio.SslSelectChannelEndPoint.fill(SslSelectChannelEndPoint.java:398)[jetty-io-7.5.4.v20111024.jar:7.5.4.v20111024]
at org.eclipse.jetty.http.HttpParser.fill(HttpParser.java:949)[jetty-http-7.5.4.v20111024.jar:7.5.4.v20111024]


Remarks :
- The certificate used is created using openssl and keytool on a Mac OS machine. 
- I can access to my server using Google Chrome or Safari. In this case, I can use the cipher
- JDK = 1.6.0_31 

***
{79, 214, 232, 192, 54, 177, 254, 131, 145, 44, 31, 240, 172, 161, 8, 240, 163, 176, 154, 85, 138, 34, 187, 54, 101, 200, 204, 231, 51, 185, 13, 175}
Cipher Suite: TLS_DHE_DSS_WITH_AES_256_CBC_SHA
Compression Method: 0
Extension renegotiation_info, renegotiated_connection: <empty>
***
Cipher suite:  TLS_DHE_DSS_WITH_AES_256_CBC_SHA
qtp1295075195-96, WRITE: TLSv1 Handshake, length = 48
[5-51 - /js/jquery-1.7.2-min.js] Server                         DEBUG REQUEST /js/jquery-1.7.2-min.js on org.eclipse.jetty.server.nio.SelectChannelConnector$SelectChannelHttpConnection@2a6a4b6@127.0.0.1:8443<->127.0.0.1:55504


Regards,

Charles Moulliard

Apache Committer

Blog : http://cmoulliard.blogspot.com
Twitter : http://twitter.com/cmoulliard
Linkedin : http://www.linkedin.com/in/charlesmoulliard
Skype: cmoulliard

_______________________________________________
jetty-users mailing list
[hidden email]
https://dev.eclipse.org/mailman/listinfo/jetty-users