ningyougang commented on issue #3606: Increase nginx security by adapting ssl_ciphers. URL: https://github.com/apache/incubator-openwhisk/pull/3606#issuecomment-389394531 @sven-lange-last ,thinks. already fixed. Why that problem happened? because `the random key` which is generated by client is very long, it is failed to use like `ECDHE-ECDSA-AES256-GCM-SHA384` to decrypt it. So should upgrade jdk version from `jdk1.8.0_102` to `jdk1.8.0_161(or more high version)`,there has a Critical configuration: `crypto.policy=unlimited` in <java_Home>/jre/lib/security/java.security (old jdk version didn't has this configuration) refer to: https://stackoverflow.com/questions/38203971/javax-net-ssl-sslhandshakeexception-received-fatal-alert-handshake-failure https://confluence.atlassian.com/jirakb/sslhandshakeexception-received-fatal-alert-handshake_failure-due-to-no-overlap-in-cipher-suite-943544397.html
---------------------------------------------------------------- This is an automated message from the Apache Git Service. To respond to the message, please log on GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: [email protected] With regards, Apache Git Services
