> Cipher Suites: [Unknown 0xa:0xa, SSL_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, SSL_ECDHE_RSA_WITH_AES_128_GCM_SHA256, SSL_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, SSL_EC
S_256_GCM_SHA384, Unknown 0xcc:0xa9, Unknown 0xcc:0xa8, SSL_ECDHE_RSA_WITH_AES_128_CBC_SHA, SSL_ECDHE_RSA_WITH_AES_256_CBC_SHA, SSL_RSA_WITH_AES_128_GCM_SHA256, ES_256_GCM_SHA384, SSL_RSA_WITH_AES_128_CBC_SHA, SSL_RSA_WITH_AES_256_CBC_SHA, SSL_RSA_WITH_3DES_EDE_CBC_SHA] You seem to be using an IBM JVM with the non-RFC Cipher Suite names. The updated default excludes are likely causing problems with your choice of JVM. The updated Cipher Suites excludes issue: https://github.com/eclipse/jetty.project/issues/2807 See IBM j9 JVM specific issue: https://github.com/eclipse/jetty.project/issues/2921 Joakim Erdfelt / [email protected] On Tue, Oct 16, 2018 at 11:37 PM Eze Ikonne <[email protected]> wrote: > Hi all, > > > > We have noticed an odd behavior when we upgraded from jetty-9.4.11 to > jetty-9.4.12. The same cipher suites and private key that works with > jetty-9.4.11 is failing with jetty-9.4.12. The browser clients are exactly > the same, it fails with Chrome, FF, and IE. Here are the TLS/SSL debug info > that we see when the browser client comes in. We would like to know if > anyone has encountered the same issue: > > > > Is initial handshake: true > > qtp1065544782-23, READ: TLSv1 Handshake, length = 181 > > *** ClientHello, TLSv1.2 > > RandomCookie: GMT: 2126030534 bytes = { 27, 197, 135, 255, 107, 39, 249, > 101, 178, 205, 70, 191, 220, 146, 188, 170, 240, 23, 116, 17, 190, 32, 240, > 102, 164, > > Session ID: {} > > Cipher Suites: [Unknown 0xa:0xa, SSL_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, > SSL_ECDHE_RSA_WITH_AES_128_GCM_SHA256, > SSL_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, SSL_EC > > S_256_GCM_SHA384, Unknown 0xcc:0xa9, Unknown 0xcc:0xa8, > SSL_ECDHE_RSA_WITH_AES_128_CBC_SHA, SSL_ECDHE_RSA_WITH_AES_256_CBC_SHA, > SSL_RSA_WITH_AES_128_GCM_SHA256, > > ES_256_GCM_SHA384, SSL_RSA_WITH_AES_128_CBC_SHA, > SSL_RSA_WITH_AES_256_CBC_SHA, SSL_RSA_WITH_3DES_EDE_CBC_SHA] > > Compression Methods: { 0 } > > Unsupported extension type_51914, data: > > Extension renegotiation_info, ri_length: 0, ri_connection_data: { null } > > Extension extended_master_secret > > Unsupported extension type_35, data: > > Extension signature_algorithms, signature_algorithms: SHA256withECDSA, > Unknown (hash:0x8, signature:0x4), SHA256withRSA, SHA384withECDSA, Unknown > (hash:0x8, sig > > A384withRSA, Unknown (hash:0x8, signature:0x6), SHA512withRSA, SHA1withRSA > > Unsupported extension status_request, data: 01:00:00:00:00 > > Unsupported extension type_18, data: > > Extension application_layer_protocol_negotiation, protocol names: > [h2][http/1.1] > > Unsupported extension type_30032, data: > > Extension ec_point_formats, formats: [uncompressed] > > Extension elliptic_curves, curve names: {unknown curve 35466, unknown > curve 29, secp256r1, secp384r1} > > Unsupported extension type_27, data: 02:00:02 > > Unsupported extension type_10794, data: 00 > > *** > > [read] MD5 and SHA1 hashes: len = 181 > > 0000: 01 00 00 b1 03 03 7f b9 a7 c6 1b c5 87 ff 6b 27 ..............k. > > 0010: f9 65 b2 cd 46 bf dc 92 bc aa f0 17 74 11 be 20 .e..F.......t... > > 0020: f0 66 a4 97 44 e7 00 00 1c 0a 0a c0 2b c0 2f c0 .f..D........... > > 0030: 2c c0 30 cc a9 cc a8 c0 13 c0 14 00 9c 00 9d 00 ..0............. > > 0040: 2f 00 35 00 0a 01 00 00 6c ca ca 00 00 ff 01 00 ..5.....l....... > > 0050: 01 00 00 17 00 00 00 23 00 00 00 0d 00 14 00 12 ................ > > 0060: 04 03 08 04 04 01 05 03 08 05 05 01 08 06 06 01 ................ > > 0070: 02 01 00 05 00 05 01 00 00 00 00 00 12 00 00 00 ................ > > 0080: 10 00 0e 00 0c 02 68 32 08 68 74 74 70 2f 31 2e ......h2.http.1. > > 0090: 31 75 50 00 00 00 0b 00 02 01 00 00 0a 00 0a 00 1uP............. > > 00a0: 08 8a 8a 00 1d 00 17 00 18 00 1b 00 03 02 00 02 ................ > > 00b0: 2a 2a 00 01 00 ..... > > > > ALPNJSSEExt not initialized for Server > > ALPN will not be negotiated2c04dae7[SSLEngine[hostname=10.120.136.135 > port=60235] SSL_NULL_WITH_NULL_NULL] > > %% Initialized: [Session-6, SSL_NULL_WITH_NULL_NULL] > > qtp1065544782-23, fatal error: 40: no cipher suites in common > > javax.net.ssl.SSLHandshakeException: no cipher suites in common > > %% Invalidated: [Session-6, SSL_NULL_WITH_NULL_NULL] > > qtp1065544782-23, SEND TLSv1.2 ALERT: fatal, description = > handshake_failure > > qtp1065544782-23, WRITE: TLSv1.2 Alert, length = 2 > > qtp1065544782-23, fatal: engine already closed. Rethrowing > javax.net.ssl.SSLHandshakeException: no cipher suites in common > > qtp1065544782-23, called closeOutbound() > > qtp1065544782-23, closeOutboundInternal() > > Using SSLEngineImpl. > > Using SSLEngineImpl. > ===================================================== > Please refer to http://www.aricent.com/email-disclaimer > for important disclosures regarding this electronic communication. > ===================================================== > _______________________________________________ > jetty-users mailing list > [email protected] > To change your delivery options, retrieve your password, or unsubscribe > from this list, visit > https://dev.eclipse.org/mailman/listinfo/jetty-users
_______________________________________________ jetty-users mailing list [email protected] To change your delivery options, retrieve your password, or unsubscribe from this list, visit https://dev.eclipse.org/mailman/listinfo/jetty-users
