[ https://issues.apache.org/jira/browse/DIRSERVER-2223?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16391554#comment-16391554 ]
Martin Choma commented on DIRSERVER-2223: ----------------------------------------- This is what problem can be https://github.com/apache/directory-server/pull/2. > JDK 9 ldaps does not work > ------------------------- > > Key: DIRSERVER-2223 > URL: https://issues.apache.org/jira/browse/DIRSERVER-2223 > Project: Directory ApacheDS > Issue Type: Bug > Affects Versions: 2.0.0-M24 > Reporter: Martin Choma > Priority: Major > > I have migrated from JDK 8 to JDK 9. I started to get {noformat}no cipher > suites in common{noformat}. > I am using org.apache.directory.api as a client connecting to ApacheDS > ldaps://localhost:10636 url. > I get > {code} > *** ClientHello, TLSv1.2 > RandomCookie: random_bytes = {FD 5B C5 87 7A 4B 58 AC BB BB 1D 62 6C BB DF > CC 12 8F F3 3D 0B 57 EA B5 AC AA 7C E0 94 C6 98 EE} > Session ID: {} > Cipher Suites: [TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, > TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, > TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384, TLS_RSA_WITH_AES_256_GCM_SHA384, > TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384, TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384, > TLS_DHE_RSA_WITH_AES_256_GCM_SHA384, TLS_DHE_DSS_WITH_AES_256_GCM_SHA384, > TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, TLS_RSA_WITH_AES_128_GCM_SHA256, > TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256, TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256, > TLS_DHE_RSA_WITH_AES_128_GCM_SHA256, TLS_DHE_DSS_WITH_AES_128_GCM_SHA256, > TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384, > TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384, TLS_RSA_WITH_AES_256_CBC_SHA256, > TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384, TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384, > TLS_DHE_RSA_WITH_AES_256_CBC_SHA256, TLS_DHE_DSS_WITH_AES_256_CBC_SHA256, > TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, > TLS_RSA_WITH_AES_256_CBC_SHA, TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA, > TLS_ECDH_RSA_WITH_AES_256_CBC_SHA, TLS_DHE_RSA_WITH_AES_256_CBC_SHA, > TLS_DHE_DSS_WITH_AES_256_CBC_SHA, TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256, > TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256, TLS_RSA_WITH_AES_128_CBC_SHA256, > TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256, TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256, > TLS_DHE_RSA_WITH_AES_128_CBC_SHA256, TLS_DHE_DSS_WITH_AES_128_CBC_SHA256, > TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, > TLS_RSA_WITH_AES_128_CBC_SHA, TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA, > TLS_ECDH_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_RSA_WITH_AES_128_CBC_SHA, > TLS_DHE_DSS_WITH_AES_128_CBC_SHA, TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA, > TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_RSA_WITH_3DES_EDE_CBC_SHA, > TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA, > SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA, > TLS_EMPTY_RENEGOTIATION_INFO_SCSV] > Compression Methods: { 0 } > Extension elliptic_curves, curve names: {secp256r1, secp384r1, secp521r1, > sect283k1, sect283r1, sect409k1, sect409r1, sect571k1, sect571r1, secp256k1} > Extension ec_point_formats, formats: [uncompressed] > Extension signature_algorithms, signature_algorithms: SHA512withECDSA, > SHA512withRSA, SHA384withECDSA, SHA384withRSA, SHA256withECDSA, > SHA256withRSA, SHA256withDSA, SHA224withECDSA, SHA224withRSA, SHA224withDSA, > SHA1withECDSA, SHA1withRSA, SHA1withDSA > Extension status_request_v2 > CertStatusReqItemV2: ocsp_multi, OCSPStatusRequest > ResponderIds: <EMPTY> > Extensions: <EMPTY> > CertStatusReqItemV2: ocsp, OCSPStatusRequest > ResponderIds: <EMPTY> > Extensions: <EMPTY> > Extension status_request: ocsp, OCSPStatusRequest > ResponderIds: <EMPTY> > Extensions: <EMPTY> > *** > %% Initialized: [Session-4, SSL_NULL_WITH_NULL_NULL] > NioProcessor-6, fatal error: 40: no cipher suites in common > javax.net.ssl.SSLHandshakeException: no cipher suites in common > %% Invalidated: [Session-4, SSL_NULL_WITH_NULL_NULL] > NioProcessor-6, fatal: engine already closed. Rethrowing > javax.net.ssl.SSLHandshakeException: no cipher suites in common > 10:48:16,382 WARN [org.apache.directory.server.ldap.LdapProtocolHandler] > (NioProcessor-6) Unexpected exception forcing session to close: sending > disconnect notice to client.: javax.net.ssl.SSLHandshakeException: SSL > handshake failed. > at > org.apache.mina.filter.ssl.SslFilter.messageReceived(SslFilter.java:519) > {code} > Once I specify on client side > {code} > tlsConfig.setEnabledCipherSuites(new String[] { > "TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384", > "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384", > "TLS_RSA_WITH_AES_256_CBC_SHA256", > "TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384", > "TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384", > "TLS_DHE_RSA_WITH_AES_256_CBC_SHA256", > "TLS_DHE_DSS_WITH_AES_256_CBC_SHA256", > "TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA", > "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA", > "TLS_RSA_WITH_AES_256_CBC_SHA", > "TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA", > "TLS_ECDH_RSA_WITH_AES_256_CBC_SHA", > "TLS_DHE_RSA_WITH_AES_256_CBC_SHA", > "TLS_DHE_DSS_WITH_AES_256_CBC_SHA", > "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256", > "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256", > "TLS_RSA_WITH_AES_128_CBC_SHA256", > "TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256", > "TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256", > "TLS_DHE_RSA_WITH_AES_128_CBC_SHA256", > "TLS_DHE_DSS_WITH_AES_128_CBC_SHA256", > "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA", > "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA", > "TLS_RSA_WITH_AES_128_CBC_SHA", > "TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA", > "TLS_ECDH_RSA_WITH_AES_128_CBC_SHA", > "TLS_DHE_RSA_WITH_AES_128_CBC_SHA", > "TLS_DHE_DSS_WITH_AES_128_CBC_SHA", > "TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384", > "TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256", > "TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384", > "TLS_RSA_WITH_AES_256_GCM_SHA384", > "TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384", > "TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384", > "TLS_DHE_RSA_WITH_AES_256_GCM_SHA384", > "TLS_DHE_DSS_WITH_AES_256_GCM_SHA384", > "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256", > "TLS_RSA_WITH_AES_128_GCM_SHA256", > "TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256", > "TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256", > "TLS_DHE_RSA_WITH_AES_128_GCM_SHA256", > "TLS_DHE_DSS_WITH_AES_128_GCM_SHA256", > "TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA", > "TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA", > "SSL_RSA_WITH_3DES_EDE_CBC_SHA", > "TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA", > "TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA", > "SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA", > "SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA", > "TLS_EMPTY_RENEGOTIATION_INFO_SCSV", > "TLS_DH_anon_WITH_AES_256_GCM_SHA384", > "TLS_DH_anon_WITH_AES_128_GCM_SHA256", > "TLS_DH_anon_WITH_AES_256_CBC_SHA256", > "TLS_ECDH_anon_WITH_AES_256_CBC_SHA", > "TLS_DH_anon_WITH_AES_256_CBC_SHA", > "TLS_DH_anon_WITH_AES_128_CBC_SHA256", > "TLS_ECDH_anon_WITH_AES_128_CBC_SHA", > "TLS_DH_anon_WITH_AES_128_CBC_SHA", > "TLS_ECDH_anon_WITH_3DES_EDE_CBC_SHA", > "SSL_DH_anon_WITH_3DES_EDE_CBC_SHA", > "SSL_RSA_WITH_DES_CBC_SHA", "SSL_DHE_RSA_WITH_DES_CBC_SHA", > "SSL_DHE_DSS_WITH_DES_CBC_SHA", > "SSL_DH_anon_WITH_DES_CBC_SHA", "TLS_RSA_WITH_NULL_SHA256", > "TLS_ECDHE_ECDSA_WITH_NULL_SHA", > "TLS_ECDHE_RSA_WITH_NULL_SHA", "SSL_RSA_WITH_NULL_SHA", > "TLS_ECDH_ECDSA_WITH_NULL_SHA", "TLS_ECDH_RSA_WITH_NULL_SHA", > "TLS_ECDH_anon_WITH_NULL_SHA", > "SSL_RSA_WITH_NULL_MD5", "TLS_KRB5_WITH_3DES_EDE_CBC_SHA", > "TLS_KRB5_WITH_3DES_EDE_CBC_MD5", > "TLS_KRB5_WITH_DES_CBC_SHA", "TLS_KRB5_WITH_DES_CBC_MD5" }); > {code} > Both nodes can agree on TLS_DH_anon_WITH_AES_256_GCM_SHA384. -- This message was sent by Atlassian JIRA (v7.6.3#76005)