- Notifications
You must be signed in to change notification settings - Fork1.2k
Add cipher suites to JSSE provider#1967
-
Hi, i managed to run Bouncy Castle JSSE with Spring Boot. Problem: If i run the application with org.bouncycastle.tls.TlsFatalAlert:handshake_failure(40); [server #1@3fb651da]foundnoselectableciphersuiteamongthe18offered: [{0x13,0x02}(TLS_AES_256_GCM_SHA384), {0x13,0x03}(TLS_CHACHA20_POLY1305_SHA256), {0x13,0x01}(TLS_AES_128_GCM_SHA256), {0xc0,0x2c}(TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384), {0xc0,0x30}(TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384), {0xc0,0x2b}(TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256), {0xc0,0x2f}(TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256), {0xcc,0xa9}(TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256), {0xcc,0xa8}(TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256), {0xc0,0x24}(TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384), {0xc0,0x28}(TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384), {0xc0,0x23}(TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256), {0xc0,0x27}(TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256), {0x00,0x9f}(TLS_DHE_RSA_WITH_AES_256_GCM_SHA384), {0x00,0x9e}(TLS_DHE_RSA_WITH_AES_128_GCM_SHA256), {0x00,0x6b}(TLS_DHE_RSA_WITH_AES_256_CBC_SHA256), {0x00,0x67}(TLS_DHE_RSA_WITH_AES_128_CBC_SHA256), {0x00,0xff}(TLS_EMPTY_RENEGOTIATION_INFO_SCSV)]atorg.bouncycastle.tls.AbstractTlsServer.getSelectedCipherSuite(UnknownSource)atorg.bouncycastle.jsse.provider.ProvTlsServer.getSelectedCipherSuite(UnknownSource)atorg.bouncycastle.tls.TlsServerProtocol.generate13ServerHello(UnknownSource)atorg.bouncycastle.tls.TlsServerProtocol.generateServerHello(UnknownSource)atorg.bouncycastle.tls.TlsServerProtocol.handleHandshakeMessage(UnknownSource)atorg.bouncycastle.tls.TlsProtocol.processHandshakeQueue(UnknownSource)atorg.bouncycastle.tls.TlsProtocol.processRecord(UnknownSource)atorg.bouncycastle.tls.RecordStream.readFullRecord(UnknownSource)atorg.bouncycastle.tls.TlsProtocol.safeReadFullRecord(UnknownSource)atorg.bouncycastle.tls.TlsProtocol.offerInput(UnknownSource)atorg.bouncycastle.jsse.provider.ProvSSLEngine.unwrap(UnknownSource)atjava.base/javax.net.ssl.SSLEngine.unwrap(SSLEngine.java:679)atorg.apache.tomcat.util.net.SecureNioChannel.handshakeUnwrap(SecureNioChannel.java:480)atorg.apache.tomcat.util.net.SecureNioChannel.handshake(SecureNioChannel.java:214)atorg.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1716)atorg.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:52)atorg.apache.tomcat.util.threads.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1190)atorg.apache.tomcat.util.threads.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:659)atorg.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:63)atjava.base/java.lang.Thread.run(Thread.java:1583) If I run this application with the default JSSE provider ( |
BetaWas this translation helpful?Give feedback.
All reactions
Replies: 1 comment
-
I doubt the ciphers are missing. The error message is saying none of the cipher suites can beselected. By far the most common reason for that is misconfiguration of the server's key store (KeyManagerFactory) - so no cipher suite can be selected because no suitable server credentials can be located. The first thing to check is that you have the |
BetaWas this translation helpful?Give feedback.