> Secure Connection Failed Error code: SSL_ERROR_NO_CYPHER_OVERLAP The stated reason from Firefox for that error is that you lack the required cipher suites for the updated TLS configuration present since FireFox 50.x
* https://support.mozilla.org/en-US/questions/1148536 * https://support.mozilla.org/en-US/questions/1153050 * https://support.mozilla.org/en-US/questions/1167953 Your IBM JVM reports 14 selected Cipher Suites (31 disabled) by default. Oracle JVM reports 29 selected Cipher Suites (53 disabled) by default. Conclusion: You have a cipher suite issue. Try MSIE or FireFox 45 (suggestions made in the mozilla support forum). If those work, then you have a Cipher Suite issue with your IBM JVM. Joakim Erdfelt / [email protected] On Wed, Mar 14, 2018 at 11:36 AM, Lothar Kimmeringer <[email protected]> wrote: > Hi, > > Am 14.03.2018 um 17:24 schrieb Joakim Erdfelt: > > * The IBM JVM is not sane, look into its cipher suites and protocols. >> >> A quick comparison shows that it has half the cipher suites that oracle >> jvm or openjdk has. >> > > Not necessarily. At least the JVM for i Series has more or less the same > ciphers but the textual representation is not starting with TLS_... but > SSL_... > so filters based on the textual representation will filter out most > of them (in my case where I found that out, all ciphers were filtered). > > Here as an example -Djavax.net.debug=ssl:handshake output for a > ClientHello > sent by an AS/400: > > Cipher Suites: [ > TLS_EMPTY_RENEGOTIATION_INFO_SCSV, > SSL_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384, > SSL_ECDHE_RSA_WITH_AES_256_CBC_SHA384, > SSL_RSA_WITH_AES_256_CBC_SHA256, > SSL_ECDH_ECDSA_WITH_AES_256_CBC_SHA384, > SSL_ECDH_RSA_WITH_AES_256_CBC_SHA384, > SSL_DHE_RSA_WITH_AES_256_CBC_SHA256, > SSL_DHE_DSS_WITH_AES_256_CBC_SHA256, > SSL_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, > SSL_ECDHE_RSA_WITH_AES_256_CBC_SHA, > SSL_RSA_WITH_AES_256_CBC_SHA, > SSL_ECDH_ECDSA_WITH_AES_256_CBC_SHA, > SSL_ECDH_RSA_WITH_AES_256_CBC_SHA, > SSL_DHE_RSA_WITH_AES_256_CBC_SHA, > SSL_DHE_DSS_WITH_AES_256_CBC_SHA, > SSL_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256, > SSL_ECDHE_RSA_WITH_AES_128_CBC_SHA256, > SSL_RSA_WITH_AES_128_CBC_SHA256, > SSL_ECDH_ECDSA_WITH_AES_128_CBC_SHA256, > SSL_ECDH_RSA_WITH_AES_128_CBC_SHA256, > SSL_DHE_RSA_WITH_AES_128_CBC_SHA256, > SSL_DHE_DSS_WITH_AES_128_CBC_SHA256, > SSL_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, > SSL_ECDHE_RSA_WITH_AES_128_CBC_SHA, > SSL_RSA_WITH_AES_128_CBC_SHA, > SSL_ECDH_ECDSA_WITH_AES_128_CBC_SHA, > SSL_ECDH_RSA_WITH_AES_128_CBC_SHA, > SSL_DHE_RSA_WITH_AES_128_CBC_SHA, > SSL_DHE_DSS_WITH_AES_128_CBC_SHA, > SSL_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, > SSL_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, > SSL_ECDHE_RSA_WITH_AES_256_GCM_SHA384, > SSL_RSA_WITH_AES_256_GCM_SHA384, > SSL_ECDH_ECDSA_WITH_AES_256_GCM_SHA384, > SSL_ECDH_RSA_WITH_AES_256_GCM_SHA384, > SSL_DHE_DSS_WITH_AES_256_GCM_SHA384, > SSL_DHE_RSA_WITH_AES_256_GCM_SHA384, > SSL_ECDHE_RSA_WITH_AES_128_GCM_SHA256, > SSL_RSA_WITH_AES_128_GCM_SHA256, > SSL_ECDH_ECDSA_WITH_AES_128_GCM_SHA256, > SSL_ECDH_RSA_WITH_AES_128_GCM_SHA256, > SSL_DHE_RSA_WITH_AES_128_GCM_SHA256, > SSL_DHE_DSS_WITH_AES_128_GCM_SHA256] > > > Cheers, Lothar > _______________________________________________ > jetty-users mailing list > [email protected] > To change your delivery options, retrieve your password, or unsubscribe > from this list, visit > https://dev.eclipse.org/mailman/listinfo/jetty-users >
_______________________________________________ jetty-users mailing list [email protected] To change your delivery options, retrieve your password, or unsubscribe from this list, visit https://dev.eclipse.org/mailman/listinfo/jetty-users
