[JIRA] (JENKINS-56747) Error: ERR_SSL_VERSION_OR_CIPHER_MISMATCH
Title: Message Title Gil Br commented on JENKINS-56747 Re: Error: ERR_SSL_VERSION_OR_CIPHER_MISMATCH Running: java -jar jenkins.war --httpPort=-1 --httpsPort=8443 I get the Error: NET::ERR_CERT_AUTHORITY_INVALID Subject: Test site Issuer: Test site Expires on: 2 באפר׳ 2029 Current date: 5 באפר׳ 2019 PEM encoded chain:BEGIN CERTIFICATE END CERTIFICATE Running: keytool -list -v -keystore key.jks Keystore type: JKS Keystore provider: SUN Your keystore contains 1 entry Alias name: rtcbuild_jenkins Creation date: Mar 19, 2019 Entry type: trustedCertEntry Owner: CN=rtcbuild.orbotech.org, OU=FPD, O=Orbotech.org, L=Yavne, ST=Israel, C=IL Issuer: CN=subcait-isl, DC=orbotech, DC=org Valid from: Tue Mar 19 15:30:37 IST 2019 until: Sun Mar 17 15:30:37 IST 2024 Signature algorithm name: SHA256withRSA Version: 3 SubjectAlternativeName [ DNSName: rtcbuild.orbotech.org ] CRLDistributionPoints [ [DistributionPoint: [URIName: ldap:///CN=subcait-isl,CN=subcait-isl,CN=CDP,CN=Public%20Key%20Services,CN=Services,CN=Configuration,DC=orbotech,DC=org?certificateRevocationList?base?objectClass=cRLDistributionPoint, URIName: http://orb-crl1.orbotech.com/crl/subcait-isl.crl, URIName: http://orb-crl2.orbotech.com/crl/subcait-isl.crl] ]] AuthorityInfoAccess [ [ accessMethod: caIssuers accessLocation: URIName: ldap:///CN=subcait-isl,CN=AIA,CN=Public%20Key%20Services,CN=Services,CN=Configuration,DC=orbotech,DC=org?cACertificate?base?objectClass=certificationAuthority , accessMethod: ocsp accessLocation: URIName: http://orb-crl1.orbotech.com/crl/subcait-isl.orbotech.org_subcait-isl(1).crt , accessMethod: ocsp accessLocation: URIName: http://orb-crl2.orbotech.com/crl/subcait-isl.orbotech.org_subcait-isl(1).crt ] ] _ Please advise Add Comment This message was sent by Atlassian Jira (v7.11.2#711002-sha1:fdc329d) -- You received this message because you are subscribed to the Google Groups "Jenkins Issues" group. To unsubscribe from this group and stop receiving emails from it, send an email to
[JIRA] (JENKINS-56747) Error: ERR_SSL_VERSION_OR_CIPHER_MISMATCH
Title: Message Title Gil Br updated an issue Jenkins / JENKINS-56747 Error: ERR_SSL_VERSION_OR_CIPHER_MISMATCH Change By: Gil Br [Jenkins ver. 2. 168 170 |https://jenkins.io/]Running from shell:java -jar jenkins.war --httpPort=-1 --httpsPort=8443 --httpsKeyStore=jenkin.jks --httpsKeyStorePassword=TopSecret Opening from Browser getting an error:Chrome: ERR_SSL_VERSION_OR_CIPHER_MISMATCHFireFox: Error code: SSL_ERROR_NO_CYPHER_OVERLAP IE: Your TLS security settings aren’t set to the defaults Add Comment This message was sent by Atlassian Jira (v7.11.2#711002-sha1:fdc329d) -- You received this message because you are subscribed to the Google Groups "Jenkins Issues" group. To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-issues+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[JIRA] (JENKINS-56747) Error: ERR_SSL_VERSION_OR_CIPHER_MISMATCH
Title: Message Title Gil Br updated an issue Jenkins / JENKINS-56747 Error: ERR_SSL_VERSION_OR_CIPHER_MISMATCH Change By: Gil Br Environment: Jenkins ver. 2. 168 170 Linux, Chrome 73.0.3683.86, IE 11.112.17134.0, Firefox 67.0b4 (64-bit) Add Comment This message was sent by Atlassian Jira (v7.11.2#711002-sha1:fdc329d) -- You received this message because you are subscribed to the Google Groups "Jenkins Issues" group. To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-issues+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[JIRA] (JENKINS-56747) Error: ERR_SSL_VERSION_OR_CIPHER_MISMATCH
Title: Message Title Gil Br commented on JENKINS-56747 Re: Error: ERR_SSL_VERSION_OR_CIPHER_MISMATCH Any suggestion? other ways to use the certificate? Add Comment This message was sent by Atlassian Jira (v7.11.2#711002-sha1:fdc329d) -- You received this message because you are subscribed to the Google Groups "Jenkins Issues" group. To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-issues+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[JIRA] (JENKINS-56747) Error: ERR_SSL_VERSION_OR_CIPHER_MISMATCH
Title: Message Title Gil Br commented on JENKINS-56747 Re: Error: ERR_SSL_VERSION_OR_CIPHER_MISMATCH Both Client and Server: java version "1.8.0_201" Add Comment This message was sent by Atlassian Jira (v7.11.2#711002-sha1:fdc329d) -- You received this message because you are subscribed to the Google Groups "Jenkins Issues" group. To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-issues+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[JIRA] (JENKINS-56747) Error: ERR_SSL_VERSION_OR_CIPHER_MISMATCH
Title: Message Title Gil Br commented on JENKINS-56747 Re: Error: ERR_SSL_VERSION_OR_CIPHER_MISMATCH Chrome version: 73.0.3683.86 Client: Windows 10 64-bit Jenkins master: Linux CentOS 6.9 x86_64 Firefox version on master: Mozilla Firefox 52.8.0 Firefox error on the master host (directly): Cannot communicate securely with peer: no common encryption algorithm(s). Error code: SSL_ERROR_NO_CYPHER_OVERLAP Add Comment This message was sent by Atlassian Jira (v7.11.2#711002-sha1:fdc329d) -- You received this message because you are subscribed to the Google Groups "Jenkins Issues" group. To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-issues+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[JIRA] (JENKINS-56747) Error: ERR_SSL_VERSION_OR_CIPHER_MISMATCH
Title: Message Title Gil Br commented on JENKINS-56747 Re: Error: ERR_SSL_VERSION_OR_CIPHER_MISMATCH Many thanks for the explanation, however... Tried: --excludeCipherSuites="^.*_(MD5|SHA|SHA1)$" Got error: WARNING: Weak cipher suite TLS_RSA_WITH_AES_128_GCM_SHA256 enabled for SslContextFactory@50029372[provider=null,keyStore=null,trustStor e=null] ERR_SSL_VERSION_OR_CIPHER_MISMATCH Tried: --excludeCipherSuites=" " WARNING: Weak cipher suite SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA enabled for SslContextFactory@50029372[provider=null,keyStore=null,trustStore=null] ERR_SSL_VERSION_OR_CIPHER_MISMATCH Gil Any other suggestions - information? Add Comment This message was sent by Atlassian Jira (v7.11.2#711002-sha1:fdc329d) -- You received this message because you are subscribed to the Google Groups "Jenkins Issues" group. To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-issues+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[JIRA] (JENKINS-56747) Error: ERR_SSL_VERSION_OR_CIPHER_MISMATCH
Title: Message Title Gil Br commented on JENKINS-56747 Re: Error: ERR_SSL_VERSION_OR_CIPHER_MISMATCH Using --excludeCipherSuites=".*" I get: ERR_SSL_PROTOCOL_ERROR WARNING: No supported ciphers from [TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256, TLS_RSA_WITH_AES_128_CBC_SHA256, TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256, TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256, TLS_DHE_RSA_WITH_AES_128_CBC_SHA256, TLS_DHE_DSS_WITH_AES_128_CBC_SHA256, TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, TLS_RSA_WITH_AES_128_CBC_SHA, TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA, TLS_ECDH_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_DSS_WITH_AES_128_CBC_SHA, TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, TLS_RSA_WITH_AES_128_GCM_SHA256, TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256, TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256, TLS_DHE_RSA_WITH_AES_128_GCM_SHA256, TLS_DHE_DSS_WITH_AES_128_GCM_SHA256, TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_RSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA, TLS_EMPTY_RENEGOTIATION_INFO_SCSV, TLS_DH_anon_WITH_AES_128_GCM_SHA256, TLS_DH_anon_WITH_AES_128_CBC_SHA256, TLS_ECDH_anon_WITH_AES_128_CBC_SHA, TLS_DH_anon_WITH_AES_128_CBC_SHA, TLS_ECDH_anon_WITH_3DES_EDE_CBC_SHA, SSL_DH_anon_WITH_3DES_EDE_CBC_SHA, SSL_RSA_WITH_DES_CBC_SHA, SSL_DHE_RSA_WITH_DES_CBC_SHA, SSL_DHE_DSS_WITH_DES_CBC_SHA, SSL_DH_anon_WITH_DES_CBC_SHA, SSL_RSA_EXPORT_WITH_DES40_CBC_SHA, SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA, SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA, SSL_DH_anon_EXPORT_WITH_DES40_CBC_SHA, TLS_RSA_WITH_NULL_SHA256, TLS_ECDHE_ECDSA_WITH_NULL_SHA, TLS_ECDHE_RSA_WITH_NULL_SHA, SSL_RSA_WITH_NULL_SHA, TLS_ECDH_ECDSA_WITH_NULL_SHA, TLS_ECDH_RSA_WITH_NULL_SHA, TLS_ECDH_anon_WITH_NULL_SHA, SSL_RSA_WITH_NULL_MD5, TLS_KRB5_WITH_3DES_EDE_CBC_SHA, TLS_KRB5_WITH_3DES_EDE_CBC_MD5, TLS_KRB5_WITH_DES_CBC_SHA, TLS_KRB5_WITH_DES_CBC_MD5, TLS_KRB5_EXPORT_WITH_DES_CBC_40_SHA, TLS_KRB5_EXPORT_WITH_DES_CBC_40_MD5] Add Comment This message
[JIRA] (JENKINS-56747) Error: ERR_SSL_VERSION_OR_CIPHER_MISMATCH
Title: Message Title Gil Br commented on JENKINS-56747 Re: Error: ERR_SSL_VERSION_OR_CIPHER_MISMATCH Hi Olivier, I've upgraded to 2.169 I started testing the secured option from 2.168 (no early trail) Now running: java -jar jenkins.war --httpPort=-1 --httpsPort=8443 --httpsKeyStore=jenkin.jks --httpsKeyStorePassword=TopSecret --excludeCipherSuites="^SSL_.*$" Same result... Can you hint what needed to be the value here of excludeCipherSuites? Added logfile: nohup.txt Best Regards, Gil Add Comment This message was sent by Atlassian Jira (v7.11.2#711002-sha1:fdc329d) -- You received this message because you are subscribed to the Google Groups "Jenkins Issues" group. To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-issues+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[JIRA] (JENKINS-56747) Error: ERR_SSL_VERSION_OR_CIPHER_MISMATCH
Title: Message Title Gil Br created an issue Jenkins / JENKINS-56747 Error: ERR_SSL_VERSION_OR_CIPHER_MISMATCH Issue Type: Bug Assignee: Gil Br Attachments: Chrome_SSL_HTTPS.jpg, FF_SSL_HTTPS.jpg, IE_SSL_HTTPS.jpg Components: security-inspector-plugin Created: 2019-03-25 13:37 Environment: Jenkins ver. 2.168 Linux, Chrome 73.0.3683.86, IE 11.112.17134.0, Firefox 67.0b4 (64-bit) Labels: security Priority: Major Reporter: Gil Br Jenkins ver. 2.168 Running from shell: java -jar jenkins.war --httpPort=-1 --httpsPort=8443 --httpsKeyStore=jenkin.jks --httpsKeyStorePassword=TopSecret Opening from Browser getting an error: Chrome: ERR_SSL_VERSION_OR_CIPHER_MISMATCH FireFox: Error code: SSL_ERROR_NO_CYPHER_OVERLAP IE: Your TLS security settings aren’t set to the defaults