SSLHandshakeException: no cipher suites in common
1,358 views
Skip to first unread message
suresh aravinth
Jan 27, 2016, 1:07:10 AM1/27/16
to wiremock-user
Hi,
When I tried wiremock running as a reverse proxy to record api calls between two applications I' m getting,
SSLHandshakeException: no cipher suites in common
this is the command i used to start the wiremock-->java -jar wiremock-1.57-standalone.jar --port 8480 --https-port 8490 --https-keystore="/usr/java/jre/lib/security/cacerts" --keystore-password="changeit" --proxy-all="https://10.152.13.120:443" --record-mappings --verbose.
Can any one please help me with this?
thanks in adance
When I tried wiremock running as a reverse proxy to record api calls between two applications I' m getting,
SSLHandshakeException: no cipher suites in common
this is the command i used to start the wiremock-->java -jar wiremock-1.57-standalone.jar --port 8480 --https-port 8490 --https-keystore="/usr/java/jre/lib/security/cacerts" --keystore-password="changeit" --proxy-all="https://10.152.13.120:443" --record-mappings --verbose.
Can any one please help me with this?
thanks in adance
Tom Akehurst
Jan 29, 2016, 5:05:51 PM1/29/16
to wiremock-user
From the info you've given, I'd guess that the host you're proxying to has no SSL ciphers in common with the ones available in your JDK. Which version and distribution of Java are you using?
suresh aravinth
Feb 1, 2016, 1:14:14 AM2/1/16
to wiremock-user
I'm using Oracle's JDK1.8.
If the keystore is not mentioned I'm getting certificate_unknown exception.
Tom Akehurst
Feb 1, 2016, 7:46:44 AM2/1/16
to wiremock-user
I suggest taking a close look at how the server is configured in that case, specifically to see which ciphers have been installed/enabled.
suresh aravinth
Feb 4, 2016, 2:47:12 AM2/4/16
to wiremock-user
Server is connecting to Client with ECDHE-RSA-AES256-SHA cipher when wiremock is not used.
How am I supposed to resolve this cipher suite problem?
suresh aravinth
Feb 9, 2016, 4:31:46 AM2/9/16
to wiremock-user
Is there a way to add additional ciphers suites to wiremock?
Tom Akehurst
Feb 9, 2016, 7:59:16 AM2/9/16
to wiremock-user
WireMock will use whatever ciphers are made available by your JVM. I'd suggest consulting Oracle's JCE docs to figure how how to add the one you need.
Ratul Mukhopadhyay
May 13, 2016, 8:11:12 PM5/13/16
to wiremock-user
I am facing a similar problem. I have Wiremock setup with a keystore containing the required certificate. However, when I make calls from Chrome to Wiremock, I see 'ERR_SSL_VERSION_OR_CIPHER_MISMATCH'. In the Wiremock logs, I see 'javax.net.ssl.SSLHandshakeException: no cipher suites in common'.
If I try to make calls to Wiremock from the command line using curl, I see the following in the SSL handshake logs:
SSL connection using TLSv1.2 / DHE-DSS-AES256-GCM-SHA384
I then went and looked at the supported ciphers on the JVM, and I didn't find a matching cipher name. However, I found something close:
.
.
.
.
* TLS_DHE_DSS_WITH_AES_128_CBC_SHA
* TLS_DHE_DSS_WITH_AES_128_CBC_SHA256
* TLS_DHE_DSS_WITH_AES_128_GCM_SHA256
* TLS_DHE_DSS_WITH_AES_256_CBC_SHA
* TLS_DHE_DSS_WITH_AES_256_CBC_SHA256
* TLS_DHE_DSS_WITH_AES_256_GCM_SHA384
* TLS_DHE_RSA_WITH_AES_128_CBC_SHA
* TLS_DHE_RSA_WITH_AES_128_CBC_SHA256
* TLS_DHE_RSA_WITH_AES_128_GCM_SHA256
.
.
Any idea if this is happening because of a mismatch in cipher names, even though the set of algos/protocols line up to be the same?
Tom Akehurst
May 14, 2016, 1:58:07 AM5/14/16
to wiremock-user
Again, it's the JVM, not WireMock that determines which ciphers you have available. I'd initially suggest trying a different JRE (version and vendor).
Reply all
Reply to author
Forward
0 new messages