Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.

Dismiss

No shared ciphers exception.

1 view

Skip to first unread message

Sanjay

unread,

Aug 20, 2001, 10:33:35 PM8/20/01

Hi,

I am trying to use SSL (with server only authentication) between my client program
(built using RSA BSAFE SSL-J V3.1 Library) and Weblogic V5.1 service pack 9 (using
a 14 day test certificate from Verisign). I am getting the following exception
on the client side for missing server cipher suites :

[SSLClient] Caught an exception.
com.rsa.ssl.AlertedException: No shared ciphers
at com.rsa.ssl.common.ClientProtocol.sendHello(ClientProtocol.java:261)
at com.rsa.ssl.SSLSocket.startHandshake(SSLSocket.java:403)
at com.rsa.ssl.SSLSocket.getInputStream(SSLSocket.java:192)
at SSLClient.go(../source/SSLClient.java:184)
at SSLClient.main(../source/SSLClient.java:88)

The test certificate, private key and the test CA certificate have been copied
in the myserver directory of weblogic and the test CA certificate has also been
loaded on the client side.

The weblogic properties are set as follows :

# Server certificates for SSL
# ------------------------------------------------
#weblogic.security.certificate.server=democert.pem
#weblogic.security.key.server=demokey.pem
#weblogic.security.certificate.authority=ca.pem
weblogic.security.certificate.server=cwindows77cert.pem
weblogic.security.key.server=cwindows77key.der
weblogic.security.certificate.authority=getcacert.cer
weblogic.security.SSL.ciphersuites=SSL_NULL_WITH_NULL_NULL,SSL_RSA_WITH_NULL_SHA,SSL_RSA_WITH_NULL_MD5,SSL_RSA_EXPORT_WITH_RC4_40_MD5,SSL_RSA_EXPORT_WITH_DES_40_CBC_SHA,SSL_RSA_WITH_DES_CBC_SHA

The cipher suites enabled on the Client side are :
RSA_With_3DES_EDE_CBC_SHA,
RSA_With_3DES_EDE_CBC_MD5,
RSA_With_RC4_SHA,
RSA_With_RC4_MD5,
RSA_With_RC2_CBC_MD5,
RSA_With_DES_CBC_SHA,
RSA_With_DES_CBC_MD5,
DH_RSA_With_3DES_EDE_CBC_SHA,
DH_RSA_With_DES_CBC_SHA,
DH_DSS_With_3DES_EDE_CBC_SHA,
DH_DSS_With_DES_CBC_SHA,
RSA_Export_With_DES_40_CBC_SHA,
RSA_Export_With_RC2_40_CBC_MD5,
RSA_Export_With_RC4_40_MD5,
DH_DSS_Export_With_DES_40_CBC_SHA,
DH_RSA_Export_With_DES_40_CBC_SHA,
DHE_RSA_With_3DES_EDE_CBC_SHA,
DHE_RSA_With_DES_CBC_SHA,
DHE_DSS_With_3DES_EDE_CBC_SHA,
DHE_DSS_With_DES_CBC_SHA,
DHE_RSA_Export_With_DES_40_CBC_SHA,
DHE_DSS_Export_With_DES_40_CBC_SHA,
DH_Anon_With_3DES_EDE_CBC_SHA,
DH_Anon_With_DES_CBC_SHA,
DH_Anon_With_RC4_MD5,
DH_Anon_Export_With_DES_40_CBC_SHA,
DH_Anon_Export_With_RC4_40_MD5,
RSA_With_Null_SHA,
RSA_With_Null_MD5

The log on weblogic side when starting weblogic is as follows:

火 8 21 09:59:56 JST 2001:<W> <SSLListenThread> Notice - certificate expires
in-9 days: fingerprint = 81391f6cd6086c384112f2407476e4e, not before = Thu Aug
16
09:00:00 JST 2001, not after = Fri Aug 31 08:59:59 JST 2001, holder = C=JP SP=Kanto
L=Tokyo O=JCN, Inc. OU=JCN CN=cwindows77 , issuer = O=VeriSign, Inc OU=For
VeriSign authorized testing only. No assurances (C)VS1997 , key = modulus length=65
exponent length=3
火 8 21 09:59:56 JST 2001:<I> <Security> 2 certificate(s):
fingerprint = e81391f6cd6086c384112f2407476e4e, not before = Thu Aug 16 09:00:
00 JST 2001, not after = Fri Aug 31 08:59:59 JST 2001, holder = C=JP SP=Kanto
L=Tokyo O=JCN, Inc. OU=JCN CN=cwindows77 , issuer = O=VeriSign, Inc OU=For VeriSign
authorized testing only. No assurances (C)VS1997 , key = modulus length=65 exponent
length=3
fingerprint = 40065311fdb33e880a6f7dd14e229187, not before = Sun Jun 07 09:00:
00 JST 1998, not after = Wed Jun 07 08:59:59 JST 2006, holder = O=VeriSign, Inc
OU=For VeriSign authorized testing only. No assurances (C)VS1997 , issuer = O=VeriSign,
Inc OU=For VeriSign authorized testing only. No assurances (C)VS1997 , key =
modulus length=65 exponent length=3

火 8 21 09:59:56 JST 2001:<I> <SSLListenThread> Using exportable strength
SSL.

And the ssl dump on the client side is :

STATE: Sending Client Hello
[CLIENT HELLO]:
SSLV3
[CLIENT HELLO / random / gmtUnixTime]:
38 EA 21 23
[CLIENT HELLO / random / Random bytes]:
89 D3 8D 0A 3F BD 60 FC 26 91 BA B5
B2 DD 3C 83 F2 2C E0 05 70 54 C0 A4 19 11 14 8A

[CLIENT HELLO / Session ID]

[CLIENT HELLO / Client Cipher Suite]:
00 0A 00 00 00 05 00 04 00 00 00 09 00 00 00 10 00 0F 00 0D 00 0C 00 08 00 06
00
03 00 0B 00 0E 00 16 00 15 00 13 00 12 00 14 00 11 00 1B 00 1A 00 18 00 19 00
1
7 00 02 00 01
[CLIENT HELLO/ Compression Method]:
00

DATA: 16
First byte of header indicates either SSLV3 or TLSV1
[Input] Header:
000000: 16 03 00 00 4A [....J ]

[Input] Data:
000000: 02 00 00 46 03 00 3B 81 B3 EA 55 41 59 B2 14 D8 [...F..;...UAY...]
000010: F0 7C 43 88 87 FE 63 A1 63 E2 80 1E D5 F6 6C 91 [.|C...c.c.....l.]
000020: A0 67 64 67 50 3E 20 3B 81 B3 EA 23 29 0D A0 31 [.gdgP> ;...#)..1]
000030: F6 1F 8D 2C 8D E9 08 53 EE 95 6D 13 DE 28 89 E3 [...,...S..m..(..]
000040: A7 C0 19 63 F8 30 97 00 00 00 [...c.0.... ]

[Input] Plaintext:
000000: 02 00 00 46 03 00 3B 81 B3 EA 55 41 59 B2 14 D8 [...F..;...UAY...]
000010: F0 7C 43 88 87 FE 63 A1 63 E2 80 1E D5 F6 6C 91 [.|C...c.c.....l.]
000020: A0 67 64 67 50 3E 20 3B 81 B3 EA 23 29 0D A0 31 [.gdgP> ;...#)..1]
000030: F6 1F 8D 2C 8D E9 08 53 EE 95 6D 13 DE 28 89 E3 [...,...S..m..(..]
000040: A7 C0 19 63 F8 30 97 00 00 00 [...c.0.... ]

[SERVER HELLO]:
SSLV3

[SERVER HELLO / random / gmtUnixTime]:
3B 81 B3 EA
[SERVER HELLO / random / Random bytes]:
55 41 59 B2 14 D8 F0 7C 43 88 87 FE
63 A1 63 E2 80 1E D5 F6 6C 91 A0 67 64 67 50 3E
[SERVER HELLO / session ID]:
3B 81 B3 EA 23 29 0D A0 31 F6 1F 8D 2C 8D E9 08
53 EE 95 6D 13 DE 28 89 E3 A7 C0 19 63 F8 30 97
[SERVER HELLO / cipherSuite]:
00 00 [SERVER HELLO / compression method]:
0

STATE: Sending alert because: No shared ciphers
[Output] Data:
000000: 02 2F [./ ]

[Output] Ciphertext:
000000: 02 2F [./ ]

[Output] Header:
000000: 15 03 00 00 02 [..... ]

[Output] Data:
000000: 01 00 [.. ]

[Output] Ciphertext:
000000: 01 00 [.. ]

[Output] Header:
000000: 15 03 00 00 02 [..... ]

Can someone please let me know what is missing or what I am doing wrong on the
weblogic side ?

Your help is highly appreciated.

Thank You,

Sanjay.

0 new messages