Skip to main content

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [List Home]
Re: [jetty-users] ERR_SSL_VERSION_OR_CIPHER_MISMATCH

Hi,

On Fri, Feb 24, 2017 at 2:49 PM, Lou DeGenaro <lou.degenaro@xxxxxxxxx> wrote:
> 2017-02-24 08:05:25.900:INFO:oejs.Server:main: jetty-9.4.2.v20170220
>
> I created a folder for my webapp called "test" and put my "Hello World"
> index.html in it.  http serves it just fine, thank you.  https no so much.
>
> Chromium says: ERR_SSL_VERSION_OR_CIPHER_MISMATCH
> FireFox says:  SSL_ERROR_NO_CYPHER_OVERLAP
>
> I created the keystore like so:
>
> keytool -keystore keystore -import -alias jetty -file ducc.crt
>
> I edited the start.ini file with the keystore password for both
> jetty.keystore.password and jetty.truststore.password.
>
> I've made no other changes to the jetty that I downloaded.
>
> I'm a bit out of my comfort zone here, so it's likely that I'm doing
> something wrong.  Please advise.

You have no ciphers in common between the client and the server.
Browsers are quite aggressive at not using obsolete ciphers, and you
are using an old JVM on the server, or you have configured the server
in a way that it uses obsoleted ciphers.

Use -Djavax.net.debug=all on the server to see that there are no
ciphers, but updating to the latest JVM and paying attention to TLS
configuration will solve your issue.

-- 
Simone Bordet
----
http://cometd.org
http://webtide.com
Developer advice, training, services and support
from the Jetty & CometD experts.


Back to the top