SSL handshake fails by "no cipher suites in common" error even though not limiting cipher suites
Issue
I configured JBoss-EAP to handle https protocol directly, but the communication ends with "no cipher suites in common" error.
The sslscan
utility provided by https://access.redhat.com/solutions/3922591 returns following result:
$ java SslScan -p TLSv1.2 -k localhost 8443
Testing TLSv1.2 with method socket:
-> TLS_AES_256_GCM_SHA384: KO (No appropriate protocol (protocol is disabled or cipher suites are inappropriate))
-> TLS_AES_128_GCM_SHA256: KO (No appropriate protocol (protocol is disabled or cipher suites are inappropriate))
-> TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384: KO (Received fatal alert: handshake_failure)
-> TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256: KO (Received fatal alert: handshake_failure)
-> TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384: KO (Received fatal alert: handshake_failure)
-> TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256: KO (Received fatal alert: handshake_failure)
-> TLS_DHE_RSA_WITH_AES_256_GCM_SHA384: KO (Received fatal alert: handshake_failure)
-> TLS_DHE_RSA_WITH_AES_128_GCM_SHA256: KO (Received fatal alert: handshake_failure)
-> TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384: KO (Received fatal alert: handshake_failure)
-> TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384: KO (Received fatal alert: handshake_failure)
-> TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256: KO (Received fatal alert: handshake_failure)
-> TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256: KO (Received fatal alert: handshake_failure)
-> TLS_DHE_RSA_WITH_AES_256_CBC_SHA256: KO (Received fatal alert: handshake_failure)
-> TLS_DHE_RSA_WITH_AES_128_CBC_SHA256: KO (Received fatal alert: handshake_failure)
-> TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA: KO (Received fatal alert: handshake_failure)
-> TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA: KO (Received fatal alert: handshake_failure)
-> TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA: KO (Received fatal alert: handshake_failure)
-> TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA: KO (Received fatal alert: handshake_failure)
-> TLS_DHE_RSA_WITH_AES_256_CBC_SHA: KO (Received fatal alert: handshake_failure)
-> TLS_DHE_RSA_WITH_AES_128_CBC_SHA: KO (Received fatal alert: handshake_failure)
-> TLS_RSA_WITH_AES_256_GCM_SHA384: KO (Received fatal alert: handshake_failure)
-> TLS_RSA_WITH_AES_128_GCM_SHA256: KO (Received fatal alert: handshake_failure)
-> TLS_RSA_WITH_AES_256_CBC_SHA256: KO (Received fatal alert: handshake_failure)
-> TLS_RSA_WITH_AES_128_CBC_SHA256: KO (Received fatal alert: handshake_failure)
-> TLS_RSA_WITH_AES_256_CBC_SHA: KO (Received fatal alert: handshake_failure)
-> TLS_RSA_WITH_AES_128_CBC_SHA: KO (Received fatal alert: handshake_failure)
-> TLS_EMPTY_RENEGOTIATION_INFO_SCSV: KO (No negotiable cipher suite)
-> TLS_RSA_WITH_NULL_SHA256: KO (Received fatal alert: handshake_failure)
-> TLS_ECDHE_ECDSA_WITH_NULL_SHA: KO (Received fatal alert: handshake_failure)
-> TLS_ECDHE_RSA_WITH_NULL_SHA: KO (Received fatal alert: handshake_failure)
-> SSL_RSA_WITH_NULL_SHA: KO (Received fatal alert: handshake_failure)
Environment
- Red Hat JBoss Enterprise Application Platform (EAP)
- 7.1 or later
- Red Hat Single Sign-On (RH-SSO)
- 7.x
Subscriber exclusive content
A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.