| |
|
RSS Feed - WebSphere MQ Support
|
RSS Feed - Message Broker Support
|
  |
|
| No cipher suites in common error in IIB 10.0.0.4 |
« View previous topic :: View next topic » |
| Author |
Message
|
| nukalas2010 |
 Posted: Mon Jun 20, 2016 2:53 am Post subject: No cipher suites in common error in IIB 10.0.0.4 |
 |
|
Master
Joined: 04 Oct 2010
Posts: 220
Location: Somewhere in the World....
|
Dears,
| Quote: |
Environment:
BIP8996I: Version: 10004
BIP8997I: Product: IBM Integration Bus
BIP8999I: Build Type: Production, 64 bit, rios_aix_4
|
We are working on a webservice call (Soap Input -> Compute -> Soap Reply)with SSL (self signed certificate) configured at Executiongroup in above mentioned environment and getting below SSL handshake exception.
| Quote: |
2016-06-20 13:57:03.500 57 http-bio-7811-Acceptor-0, setSoTimeout(60000) called
2016-06-20 13:57:03.500 86 Ignoring unsupported cipher suite: SSL_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256
2016-06-20 13:57:03.501 86 Ignoring unsupported cipher suite: SSL_ECDHE_RSA_WITH_AES_128_CBC_SHA256
2016-06-20 13:57:03.501 86 Ignoring unsupported cipher suite: SSL_RSA_WITH_AES_128_CBC_SHA256
2016-06-20 13:57:03.501 86 Ignoring unsupported cipher suite: SSL_ECDH_ECDSA_WITH_AES_128_CBC_SHA256
2016-06-20 13:57:03.501 86 Ignoring unsupported cipher suite: SSL_ECDH_RSA_WITH_AES_128_CBC_SHA256
2016-06-20 13:57:03.501 86 Ignoring unsupported cipher suite: SSL_DHE_RSA_WITH_AES_128_CBC_SHA256
2016-06-20 13:57:03.501 86 Ignoring unsupported cipher suite: SSL_DHE_DSS_WITH_AES_128_CBC_SHA256
2016-06-20 13:57:03.509 86 [Raw read]: length = 5
2016-06-20 13:57:03.510 86 0000: 16 03 01 00 95 .....
2016-06-20 13:57:03.511 86 [Raw read]: length = 149
2016-06-20 13:57:03.517 86 0000: 01 00 00 91 03 01 57 67 be e4 8b 71 13 26 d4 a6 ......Wg...q....
0010: cd 44 3c 6d 38 96 bb 49 86 24 92 0e 22 e6 16 db .D.m8..I........
0020: cf e3 2c e2 cf 1d 00 00 2a c0 09 c0 13 00 2f c0 ................
0030: 04 c0 0e 00 33 00 32 c0 07 c0 11 00 05 c0 02 c0 ....3.2.........
0040: 0c c0 08 c0 12 00 0a c0 03 c0 0d 00 16 00 13 00 ................
0050: 04 00 ff 01 00 00 3e 00 0a 00 34 00 32 00 17 00 ..........4.2...
0060: 01 00 03 00 13 00 15 00 06 00 07 00 09 00 0a 00 ................
0070: 18 00 0b 00 0c 00 19 00 0d 00 0e 00 0f 00 10 00 ................
0080: 11 00 02 00 12 00 04 00 05 00 14 00 08 00 16 00 ................
0090: 0b 00 02 01 00 .....
2016-06-20 13:57:03.518 86 http-bio-7811-exec-9, READ: TLSv1 Handshake, length = 149
2016-06-20 13:57:03.518 86 *** ClientHello, TLSv1
2016-06-20 13:57:03.518 86 RandomCookie: GMT: 1466351076 bytes = { 139, 113, 19, 38, 212, 166, 205, 68, 60, 109, 56, 150, 187, 73, 134, 36, 146, 14, 34, 230, 22, 219, 207, 227, 44, 226, 207, 29
}
2016-06-20 13:57:03.519 86 Session ID: {}
2016-06-20 13:57:03.519 86 Cipher Suites: [SSL_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,
SSL_ECDHE_RSA_WITH_AES_128_CBC_SHA,
SSL_RSA_WITH_AES_128_CBC_SHA,
SSL_ECDH_ECDSA_WITH_AES_128_CBC_SHA,
SSL_ECDH_RSA_WITH_AES_128_CBC_SHA,
SSL_DHE_RSA_WITH_AES_128_CBC_SHA,
SSL_DHE_DSS_WITH_AES_128_CBC_SHA,
SSL_ECDHE_ECDSA_WITH_RC4_128_SHA,
SSL_ECDHE_RSA_WITH_RC4_128_SHA,
SSL_RSA_WITH_RC4_128_SHA,
SSL_ECDH_ECDSA_WITH_RC4_128_SHA,
SSL_ECDH_RSA_WITH_RC4_128_SHA,
SSL_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA,
SSL_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA,
SSL_RSA_WITH_3DES_EDE_CBC_SHA,
SSL_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA,
SSL_ECDH_RSA_WITH_3DES_EDE_CBC_SHA,
SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA,
SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA,
SSL_RSA_WITH_RC4_128_MD5,
TLS_EMPTY_RENEGOTIATION_INFO_SCSV]
2016-06-20 13:57:03.519 86 Compression Methods: { 0 }
2016-06-20 13:57:03.519 86 Extension elliptic_curves, curve names: {secp256r1, sect163k1, sect163r2, secp192r1, secp224r1, sect233k1, sect233r1, sect283k1, sect283r1, secp384r1, sect409k1, sect4
09r1, secp521r1, sect571k1, sect571r1, secp160k1, secp160r1, secp160r2, sect163r1, secp192k1, sect193r1, sect193r2, secp224k1, sect239k1, secp256k1}
2016-06-20 13:57:03.519 86 Extension ec_point_formats, formats: [uncompressed]
2016-06-20 13:57:03.519 86 ***
2016-06-20 13:57:03.520 86 [read] MD5 and SHA1 hashes: len = 149
2016-06-20 13:57:03.520 86 0000: 01 00 00 91 03 01 57 67 be e4 8b 71 13 26 d4 a6 ......Wg...q....
0010: cd 44 3c 6d 38 96 bb 49 86 24 92 0e 22 e6 16 db .D.m8..I........
0020: cf e3 2c e2 cf 1d 00 00 2a c0 09 c0 13 00 2f c0 ................
0030: 04 c0 0e 00 33 00 32 c0 07 c0 11 00 05 c0 02 c0 ....3.2.........
0040: 0c c0 08 c0 12 00 0a c0 03 c0 0d 00 16 00 13 00 ................
0050: 04 00 ff 01 00 00 3e 00 0a 00 34 00 32 00 17 00 ..........4.2...
0060: 01 00 03 00 13 00 15 00 06 00 07 00 09 00 0a 00 ................
0070: 18 00 0b 00 0c 00 19 00 0d 00 0e 00 0f 00 10 00 ................
0080: 11 00 02 00 12 00 04 00 05 00 14 00 08 00 16 00 ................
0090: 0b 00 02 01 00 .....
2016-06-20 13:57:03.521 86 JsseJCE: Using MessageDigest MD5 from provider IBMJCE version 1.7
2016-06-20 13:57:03.521 86 JsseJCE: Using MessageDigest SHA from provider IBMJCE version 1.7
2016-06-20 13:57:03.521 86 %% Initialized: [Session-3, SSL_NULL_WITH_NULL_NULL]
2016-06-20 13:57:03.521 86 ssl: ServerHandshaker.setupPrivateKeyAndChain EC_EC
2016-06-20 13:57:03.521 86 ssl: ServerHandshaker.setupPrivateKeyAndChain, chooseServerAlias null
2016-06-20 13:57:03.521 86 ssl: ServerHandshaker.setupPrivateKeyAndChain RSA
2016-06-20 13:57:03.522 86 ssl: Ignoring alias brokerkey: signature does not conform to negotiated signature algorithms
2016-06-20 13:57:03.522 86 ssl: ServerHandshaker.setupPrivateKeyAndChain, chooseServerAlias null
2016-06-20 13:57:03.522 86 ssl: ServerHandshaker.setupPrivateKeyAndChain RSA
2016-06-20 13:57:03.522 86 ssl: Ignoring alias brokerkey: signature does not conform to negotiated signature algorithms
2016-06-20 13:57:03.522 86 ssl: ServerHandshaker.setupPrivateKeyAndChain, chooseServerAlias null
2016-06-20 13:57:03.522 86 ssl: ServerHandshaker.setupPrivateKeyAndChain EC_EC
2016-06-20 13:57:03.522 86 ssl: ServerHandshaker.setupPrivateKeyAndChain, chooseServerAlias null
2016-06-20 13:57:03.522 86 ssl: ServerHandshaker.setupPrivateKeyAndChain EC_RSA
2016-06-20 13:57:03.523 86 ssl: ServerHandshaker.setupPrivateKeyAndChain, chooseServerAlias null
2016-06-20 13:57:03.523 86 ssl: ServerHandshaker.setupPrivateKeyAndChain RSA
2016-06-20 13:57:03.523 86 ssl: Ignoring alias brokerkey: signature does not conform to negotiated signature algorithms
2016-06-20 13:57:03.523 86 ssl: ServerHandshaker.setupPrivateKeyAndChain, chooseServerAlias null
2016-06-20 13:57:03.523 86 ssl: ServerHandshaker.setupPrivateKeyAndChain DSA
2016-06-20 13:57:03.523 86 ssl: ServerHandshaker.setupPrivateKeyAndChain, chooseServerAlias null
2016-06-20 13:57:03.523 86 ssl: ServerHandshaker.setupPrivateKeyAndChain EC_EC
2016-06-20 13:57:03.523 86 ssl: ServerHandshaker.setupPrivateKeyAndChain, chooseServerAlias null
2016-06-20 13:57:03.523 86 ssl: ServerHandshaker.setupPrivateKeyAndChain RSA
2016-06-20 13:57:03.523 86 ssl: Ignoring alias brokerkey: signature does not conform to negotiated signature algorithms
2016-06-20 13:57:03.524 86 ssl: ServerHandshaker.setupPrivateKeyAndChain, chooseServerAlias null
2016-06-20 13:57:03.524 86 ssl: ServerHandshaker.setupPrivateKeyAndChain RSA
2016-06-20 13:57:03.524 86 ssl: Ignoring alias brokerkey: signature does not conform to negotiated signature algorithms
2016-06-20 13:57:03.524 86 ssl: ServerHandshaker.setupPrivateKeyAndChain, chooseServerAlias null
2016-06-20 13:57:03.524 86 ssl: ServerHandshaker.setupPrivateKeyAndChain EC_EC
2016-06-20 13:57:03.524 86 ssl: ServerHandshaker.setupPrivateKeyAndChain, chooseServerAlias null
2016-06-20 13:57:03.524 86 ssl: ServerHandshaker.setupPrivateKeyAndChain EC_RSA
2016-06-20 13:57:03.524 86 ssl: ServerHandshaker.setupPrivateKeyAndChain, chooseServerAlias null
2016-06-20 13:57:03.524 86 ssl: ServerHandshaker.setupPrivateKeyAndChain RSA
2016-06-20 13:57:03.524 86 ssl: Ignoring alias brokerkey: signature does not conform to negotiated signature algorithms
2016-06-20 13:57:03.525 86 ssl: ServerHandshaker.setupPrivateKeyAndChain, chooseServerAlias null
2016-06-20 13:57:03.525 86 ssl: ServerHandshaker.setupPrivateKeyAndChain DSA
2016-06-20 13:57:03.525 86 ssl: ServerHandshaker.setupPrivateKeyAndChain, chooseServerAlias null
2016-06-20 13:57:03.527 86 ssl: ServerHandshaker.setupPrivateKeyAndChain DSA
2016-06-20 13:57:03.527 86 ssl: ServerHandshaker.setupPrivateKeyAndChain, chooseServerAlias null
2016-06-20 13:57:03.527 86 ssl: ServerHandshaker.setupPrivateKeyAndChain DSA
2016-06-20 13:57:03.527 86 ssl: ServerHandshaker.setupPrivateKeyAndChain, chooseServerAlias null
2016-06-20 13:57:03.527 86 %% Invalidated: [Session-3, SSL_NULL_WITH_NULL_NULL]
2016-06-20 13:57:03.527 86 http-bio-7811-exec-9, SEND TLSv1 ALERT: fatal, description = handshake_failure
2016-06-20 13:57:03.527 86 http-bio-7811-exec-9, WRITE: TLSv1 Alert, length = 2
2016-06-20 13:57:03.527 86 [Raw write]: length = 7
2016-06-20 13:57:03.528 86 0000: 15 03 01 00 02 02 28 .......
2016-06-20 13:57:03.528 86 http-bio-7811-exec-9, called closeSocket()
2016-06-20 13:57:03.528 86 http-bio-7811-exec-9, handling exception: javax.net.ssl.SSLHandshakeException: no cipher suites in common
2016-06-20 13:57:03.528 86 http-bio-7811-exec-9, IOException in getSession(): javax.net.ssl.SSLHandshakeException: no cipher suites in common
2016-06-20 13:57:03.528 86 http-bio-7811-exec-9, called close()
2016-06-20 13:57:03.528 86 http-bio-7811-exec-9, called closeInternal(true)
|
As per the above error, we can understand that this issue is related to cipher suites, but with the same certificate we tried in another environment of 10.0.0.3 and it's working fine.
And the same was working(10.0.0.3) in the same environment before upgrading to 10.0.0.4.
Can someone throw some light on this issue ? 
Thanks in advance..!! |
|
| Back to top |
|
 |
| fjb_saper |
| Posted: Mon Jun 20, 2016 4:39 am Post subject: |
|
|
Grand High Poobah
Joined: 18 Nov 2003
Posts: 20696
Location: LI,NY
|
So what are the characterisitics of your self signed cert?
In particular key size, algorithms etc...
_________________
MQ & Broker admin |
|
| Back to top |
|
|
|
|
|
| |
|
Page 1 of 1 |
|
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
|
|
|
|
