No cipher suites in common when firefox tries to establish a connection via camel-websocket
Issue
When firefox tries to establish a connection with camel-websocket, I get the following error from jetty :
*** ClientHello, TLSv1
RandomCookie: GMT: 1322574359 bytes = { 1, 105, 77, 29, 32, 118, 178, 229, 123, 19, 219, 199, 29, 92, 97, 124, 43, 190, 52, 250, 232, 60, 193, 97, 1, 222, 94, 205 }
Session ID: {}
Cipher Suites: [TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, Unknown 0x0:0x88,
TLS_DHE_RSA_WITH_AES_256_CBC_SHA, TLS_ECDH_RSA_WITH_AES_256_CBC_SHA,
TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA, Unknown 0x0:0x84, TLS_RSA_WITH_AES_256_CBC_SHA,
SSL_RSA_WITH_3DES_EDE_CBC_SHA]
Compression Methods: { 0 }
Unsupported extension server_name, [host_name: localhost]
Extension renegotiation_info, renegotiated_connection: <empty>
Extension elliptic_curves, curve names: {secp256r1, secp384r1, secp521r1}
Extension ec_point_formats, formats: [uncompressed]
Unsupported extension type_35, data:
***
qtp449856710-36, fatal error: 40: no cipher suites in common
javax.net.ssl.SSLHandshakeException: no cipher suites in common
qtp449856710-36, SEND TLSv1 ALERT: fatal, description = handshake_failure
qtp449856710-36, WRITE: TLSv1 Alert, length = 2
[ qtp449856710-36] ssl DEBUG [Session-1, SSL_NULL_WITH_NULL_NULL]
SslConnection@78c0dc2 SSL NEED_WRAP i/o/u=0/0/0 ishut=false oshut=false
{AsyncHttpConnection@7bdb3f6c,g=HttpGenerator{s=0,h=-1,b=-1,c=-1},
p=HttpParser{s=-14,l=0,c=0},r=0} NEED_WRAP filled=0/0 flushed=0/0
qtp449856710-36, fatal: engine already closed.
Rethrowing javax.net.ssl.SSLHandshakeException: no cipher suites in common
[ qtp449856710-36] ssl DEBUG SCEP@5284b8f9{l(/127.0.0.1:50896)<-
>r(/127.0.0.1:8443),d=true,open=true,ishut=false,oshut=false,rb=false,wb=false,w=true,i=0r}-
{SslConnection@78c0dc2 SSL NEED_WRAP i/o/u=0/0/0 ishut=false oshut=false
{AsyncHttpConnection@7bdb3f6c,g=HttpGenerator{s=0,h=-1,b=-1,c=-1},
p=HttpParser{s=-14,l=0,c=0},r=0}}
javax.net.ssl.SSLHandshakeException: no cipher suites in common
Remark : That works fine with Google Chrome and Safari
Cipher Suites: [TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, Unknown 0x0:0x88, Unknown 0x0:0x87,
TLS_DHE_RSA_WITH_AES_256_CBC_SHA, TLS_DHE_DSS_WITH_AES_256_CBC_SHA,
TLS_ECDH_RSA_WITH_AES_256_CBC_SHA, TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA, Unknown
0x0:0x84, TLS_RSA_WITH_AES_256_CBC_SHA, TLS_ECDHE_ECDSA_WITH_RC4_128_SHA,
TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, TLS_ECDHE_RSA_WITH_RC4_128_SHA,
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, Unknown 0x0:0x45, Unknown 0x0:0x44,
SSL_DHE_DSS_WITH_RC4_128_SHA, TLS_DHE_RSA_WITH_AES_128_CBC_SHA,
TLS_DHE_DSS_WITH_AES_128_CBC_SHA, TLS_ECDH_RSA_WITH_RC4_128_SHA,
TLS_ECDH_RSA_WITH_AES_128_CBC_SHA, TLS_ECDH_ECDSA_WITH_RC4_128_SHA,
TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA, Unknown 0x0:0x96, Unknown 0x0:0x41,
SSL_RSA_WITH_RC4_128_SHA, SSL_RSA_WITH_RC4_128_MD5, TLS_RSA_WITH_AES_128_CBC_SHA,
TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA,
SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA,
TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA,
SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA, SSL_RSA_WITH_3DES_EDE_CBC_SHA]
Compression Methods: { 1, 0 }
[ss/jquery-ui-1.8.19.custom.css] ssl DEBUG [Session-1, SSL_NULL_WITH_NULL_NULL] unwrap OK NOT_HANDSHAKING consumed=37 produced=1
Unsupported extension server_name, [host_name: localhost]
Extension renegotiation_info, renegotiated_connection: <empty>
Extension elliptic_curves, curve names: {secp256r1, secp384r1, secp521r1}
Extension ec_point_formats, formats: [uncompressed]
Unsupported extension type_35, data:
Unsupported extension type_13172, data:
***
qtp194173719-48, WRITE: TLSv1 Change Cipher Spec, length = 1
[ qtp194173719-49] ssl DEBUG [Session-1, SSL_NULL_WITH_NULL_NULL]
SslConnection@23053693 SSL NOT_HANDSHAKING i/o/u=746/0/0 ishut=false oshut=false
{AsyncHttpConnection@2b41fedb,g=HttpGenerator{s=0,h=-1,b=-1,c=-1},
p=HttpParser{s=-14,l=0,c=-3},r=5} NOT_HANDSHAKING filled=746/746 flushed=0/0
%% Resuming [Session-3, TLS_DHE_DSS_WITH_AES_256_CBC_SHA]
Environment
- Fuse Message Broker 5.x
Subscriber exclusive content
A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.