0

I've got simple HttpsServer with self-signed certificate installed. Also "JCE Unlimited Strength Jurisdiction Policy" files were installed along with Bouncy Castle security provider.

A simple client succesfully connects to server, but my chrome browser fails to connect.

From server logs:

SSLHandshakeException: no cipher suites in common

I checked ciphers suits both on browser and server, they indeed have no suits in common.

Do somebody know how to solve the problem?

PS. I checked JCE unlimited policy is installed and Bouncy castle also installed. Server is launched with VM options -Djavax.net.debug=ssl -Dhttps.protocols=TLSv1.1,TLSv1.2

voipp
  • 1,243
  • 3
  • 18
  • 31
  • If you are using the "right" Java version you don't need JCE Unlimited Strength Policy anymore: https://stackoverflow.com/a/39889731/150978 If it is a public server use https://www.ssllabs.com to test what ciphers are supported. – Robert Mar 11 '18 at 13:32
  • @Robert It is a server, launched locally. I got all cipher suits supported by the server and browser. Cipher suits have nothing in common. That's the problem – voipp Mar 11 '18 at 14:49
  • Use the latest Java 8 or 9 JRE/JDK then there should be ciphers supported by chrome. – Robert Mar 12 '18 at 10:38
  • @Robert Updated to the newest Java 8 version 1.8.0_162, but there is no cipher suits supported by google chrome browser. – voipp Mar 12 '18 at 18:03
  • Then the used server is totally defect. Or you misconfigured it. An SSLServerSocket from plain JRE 1.8.0_161 supports a lot of cipher suites that are also supported by Chrome. Do you use an EC or an RSA certificate? – Robert Mar 13 '18 at 12:05
  • @Robert Im using DSA algorithm. Today I tried RSA and it works now! Thanks for help! But Im curious why 2048-bit DSA didn't work for me – voipp Mar 17 '18 at 12:12

1 Answers1

0

I created certificate with the following command:

keytool -genkey -keystore server.jks -dname -storepass storepass -alias server-test -keypass serverpass

on java 8. By default DSA algorithm is used. Adding -keyalg RSA option fixed the issue!

voipp
  • 1,243
  • 3
  • 18
  • 31