Setting up security for SSLServerSocket results in cipher suites error

Question

I am writing a POP3 server to serve notifications that are not emails, but content in a database. I have it working, but when I try to switch from a server socket to an SSLServerSocket I get the error "javax.net.ssl.SSLException: Connection has been shutdown: javax.net.ssl.SSLHandshakeException: no cipher suites in common". It looks like there is overlap between what the client (Thunderbird) sends as supported cipher suites and what the server supports. Here's the code:

private static boolean startServerSocket() throws GeneralSecurityException
{

    try
    {


        KeyStore ks = KeyStore.getInstance("JKS");
        InputStream ksIs = new FileInputStream("<JAVA_HOME>\\jdk\\jre\\lib\\security\\cacerts");
        try
        {
            ks.load(ksIs, "changeit".toCharArray()); // 2nd parameter is password
        }
        finally
        {
            if (ksIs != null)
            {
                ksIs.close();
            }
        }

        KeyManagerFactory kmf = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
        kmf.init(ks, "keypassword".toCharArray());
        // used in sc.init
        TrustManager[] trustAllCerts = new TrustManager[] {
                new X509TrustManager() {
                    public void checkClientTrusted(java.security.cert.X509Certificate[] certs, String authType) {
                    }

                    public void checkServerTrusted(java.security.cert.X509Certificate[] certs, String authType) {
                    }

                    public java.security.cert.X509Certificate[] getAcceptedIssuers() {
                        return null;
                    }
                }
        };            

        SSLContext sc = SSLContext.getInstance("TLSv1.2"); // there are more tls
        sc.init(kmf.getKeyManagers(), trustAllCerts, new SecureRandom()); 

        SSLServerSocketFactory socketFactory = (SSLServerSocketFactory) SSLServerSocketFactory.getDefault();
        serverSocket = (SSLServerSocket) socketFactory.createServerSocket(portNumber);

        ((SSLServerSocket)serverSocket).setEnabledProtocols(new String[] {"TLSv1", "TLSv1.1", "TLSv1.2", "SSLv3"});

        String[] supportedProtos = serverSocket.getEnabledProtocols();
        if (supportedProtos != null)
        {
            for (String proto: supportedProtos)
            {
                System.out.println("Supported Protocol: " + proto);
            }
        }

        String[] enabledCiphersSuites = serverSocket.getEnabledCipherSuites();
        if (enabledCiphersSuites != null)
        {
            for (String enabledCiphersSuite: enabledCiphersSuites)
            {
                System.out.println("Enabled CipherSuite: " + enabledCiphersSuite);
            }
        }

        String[] supportedCipherSuites = serverSocket.getSupportedCipherSuites();
        if (supportedCipherSuites != null)
        {
            for (String supportedCiphersSuite: supportedCipherSuites)
            {
                System.out.println("Supported CipherSuite: " + supportedCiphersSuite);
            }
        }            

        System.out.println("Awaiting Connection...");
        return true;

    }
    catch (IOException e)
    {
        e.printStackTrace(System.err); //this is where the error comes from
        System.err.println("ERROR - Could not listen on port " + portNumber);
        return false;
    }
}

Here's the debug output, before the socket is written to (includes statements from java option -Djavax.net.debug=all :

trigger seeding of SecureRandom
done seeding SecureRandom
keyStore is : 
keyStore type is : jks
keyStore provider is : 
init keystore
init keymanager of type SunX509
trustStore is: <JAVA_HOME>\jdk\jre\lib\security\cacerts
trustStore type is : jks
trustStore provider is : 
init truststore
adding as trusted cert:
  Subject: CN=Equifax Secure Global eBusiness CA-1, O=Equifax Secure Inc., C=US
  Issuer:  CN=Equifax Secure Global eBusiness CA-1, O=Equifax Secure Inc., C=US
  Algorithm: RSA; Serial number: 0xc3517
  Valid from Sun Jun 20 22:00:00 MDT 1999 until Sun Jun 21 22:00:00 MDT 2020

adding as trusted cert:
  Subject: CN=SecureTrust CA, O=SecureTrust Corporation, C=US
  Issuer:  CN=SecureTrust CA, O=SecureTrust Corporation, C=US
  Algorithm: RSA; Serial number: 0xcf08e5c0816a5ad427ff0eb271859d0
  Valid from Tue Nov 07 12:31:18 MST 2006 until Mon Dec 31 12:40:55
.... many more of these
trigger seeding of SecureRandom
done seeding SecureRandom
Ignoring unavailable cipher suite: TLS_DHE_DSS_WITH_AES_256_GCM_SHA384
Ignoring unavailable cipher suite: TLS_RSA_WITH_AES_256_CBC_SHA
Ignoring unavailable cipher suite: TLS_DHE_RSA_WITH_AES_256_GCM_SHA384
Ignoring unavailable cipher suite: TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA
Ignoring unavailable cipher suite: TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
Ignoring unavailable cipher suite: TLS_RSA_WITH_AES_256_CBC_SHA256
Ignoring unavailable cipher suite: TLS_DHE_DSS_WITH_AES_256_CBC_SHA
Ignoring unavailable cipher suite: TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384
Ignoring unavailable cipher suite: TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384
Ignoring unavailable cipher suite: TLS_RSA_WITH_AES_256_GCM_SHA384
Ignoring unavailable cipher suite: TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384
Ignoring unavailable cipher suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
Ignoring unavailable cipher suite: TLS_ECDH_RSA_WITH_AES_256_CBC_SHA
Ignoring unavailable cipher suite: TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384
Ignoring unavailable cipher suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384
Ignoring unavailable cipher suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA256
Ignoring unavailable cipher suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA
Ignoring unavailable cipher suite: TLS_DHE_DSS_WITH_AES_256_CBC_SHA256
Ignoring unavailable cipher suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA
Ignoring unavailable cipher suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
Ignoring unavailable cipher suite: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
Supported Protocol: SSLv3
Supported Protocol: TLSv1
Supported Protocol: TLSv1.1
Supported Protocol: TLSv1.2
Enabled CipherSuite: TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256
Enabled CipherSuite: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
Enabled CipherSuite: TLS_RSA_WITH_AES_128_CBC_SHA256
Enabled CipherSuite: TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256
Enabled CipherSuite: TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256
Enabled CipherSuite: TLS_DHE_RSA_WITH_AES_128_CBC_SHA256
Enabled CipherSuite: TLS_DHE_DSS_WITH_AES_128_CBC_SHA256
Enabled CipherSuite: TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA
Enabled CipherSuite: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
Enabled CipherSuite: TLS_RSA_WITH_AES_128_CBC_SHA
Enabled CipherSuite: TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA
Enabled CipherSuite: TLS_ECDH_RSA_WITH_AES_128_CBC_SHA
Enabled CipherSuite: TLS_DHE_RSA_WITH_AES_128_CBC_SHA
Enabled CipherSuite: TLS_DHE_DSS_WITH_AES_128_CBC_SHA
Enabled CipherSuite: TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
Enabled CipherSuite: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
Enabled CipherSuite: TLS_RSA_WITH_AES_128_GCM_SHA256
Enabled CipherSuite: TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256
Enabled CipherSuite: TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256
Enabled CipherSuite: TLS_DHE_RSA_WITH_AES_128_GCM_SHA256
Enabled CipherSuite: TLS_DHE_DSS_WITH_AES_128_GCM_SHA256
Enabled CipherSuite: TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA
Enabled CipherSuite: TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA
Enabled CipherSuite: SSL_RSA_WITH_3DES_EDE_CBC_SHA
Enabled CipherSuite: TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA
Enabled CipherSuite: TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA
Enabled CipherSuite: SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA
Enabled CipherSuite: SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA
Enabled CipherSuite: TLS_EMPTY_RENEGOTIATION_INFO_SCSV
Ignoring unavailable cipher suite: TLS_DHE_DSS_WITH_AES_256_GCM_SHA384
Ignoring unavailable cipher suite: TLS_DH_anon_WITH_AES_256_CBC_SHA
Ignoring unavailable cipher suite: TLS_DH_anon_WITH_AES_256_CBC_SHA256
Ignoring unavailable cipher suite: TLS_RSA_WITH_AES_256_CBC_SHA
Ignoring unavailable cipher suite: TLS_DHE_RSA_WITH_AES_256_GCM_SHA384
Ignoring unavailable cipher suite: TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA
Ignoring unavailable cipher suite: TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
Ignoring unavailable cipher suite: TLS_RSA_WITH_AES_256_CBC_SHA256
Ignoring unavailable cipher suite: TLS_DHE_DSS_WITH_AES_256_CBC_SHA
Ignoring unavailable cipher suite: TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384
Ignoring unavailable cipher suite: TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384
Ignoring unavailable cipher suite: TLS_RSA_WITH_AES_256_GCM_SHA384
Ignoring unavailable cipher suite: TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384
Ignoring unavailable cipher suite: TLS_ECDH_anon_WITH_AES_256_CBC_SHA
Ignoring unavailable cipher suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
Ignoring unavailable cipher suite: TLS_ECDH_RSA_WITH_AES_256_CBC_SHA
Ignoring unavailable cipher suite: TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384
Ignoring unavailable cipher suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384
Ignoring unavailable cipher suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA256
Ignoring unavailable cipher suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA
Ignoring unavailable cipher suite: TLS_DHE_DSS_WITH_AES_256_CBC_SHA256
Ignoring unavailable cipher suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA
Ignoring unavailable cipher suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
Ignoring unavailable cipher suite: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
Ignoring unavailable cipher suite: TLS_DH_anon_WITH_AES_256_GCM_SHA384
Supported CipherSuite: TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256
Supported CipherSuite: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
Supported CipherSuite: TLS_RSA_WITH_AES_128_CBC_SHA256
Supported CipherSuite: TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256
Supported CipherSuite: TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256
Supported CipherSuite: TLS_DHE_RSA_WITH_AES_128_CBC_SHA256
Supported CipherSuite: TLS_DHE_DSS_WITH_AES_128_CBC_SHA256
Supported CipherSuite: TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA
Supported CipherSuite: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
Supported CipherSuite: TLS_RSA_WITH_AES_128_CBC_SHA
Supported CipherSuite: TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA
Supported CipherSuite: TLS_ECDH_RSA_WITH_AES_128_CBC_SHA
Supported CipherSuite: TLS_DHE_RSA_WITH_AES_128_CBC_SHA
Supported CipherSuite: TLS_DHE_DSS_WITH_AES_128_CBC_SHA
Supported CipherSuite: TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
Supported CipherSuite: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
Supported CipherSuite: TLS_RSA_WITH_AES_128_GCM_SHA256
Supported CipherSuite: TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256
Supported CipherSuite: TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256
Supported CipherSuite: TLS_DHE_RSA_WITH_AES_128_GCM_SHA256
Supported CipherSuite: TLS_DHE_DSS_WITH_AES_128_GCM_SHA256
Supported CipherSuite: TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA
Supported CipherSuite: TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA
Supported CipherSuite: SSL_RSA_WITH_3DES_EDE_CBC_SHA
Supported CipherSuite: TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA
Supported CipherSuite: TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA
Supported CipherSuite: SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA
Supported CipherSuite: SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA
Supported CipherSuite: TLS_EMPTY_RENEGOTIATION_INFO_SCSV
Supported CipherSuite: TLS_DH_anon_WITH_AES_128_GCM_SHA256
Supported CipherSuite: TLS_DH_anon_WITH_AES_128_CBC_SHA256
Supported CipherSuite: TLS_ECDH_anon_WITH_AES_128_CBC_SHA
Supported CipherSuite: TLS_DH_anon_WITH_AES_128_CBC_SHA
Supported CipherSuite: TLS_ECDH_anon_WITH_3DES_EDE_CBC_SHA
Supported CipherSuite: SSL_DH_anon_WITH_3DES_EDE_CBC_SHA
Supported CipherSuite: TLS_ECDHE_ECDSA_WITH_RC4_128_SHA
Supported CipherSuite: TLS_ECDHE_RSA_WITH_RC4_128_SHA
Supported CipherSuite: SSL_RSA_WITH_RC4_128_SHA
Supported CipherSuite: TLS_ECDH_ECDSA_WITH_RC4_128_SHA
Supported CipherSuite: TLS_ECDH_RSA_WITH_RC4_128_SHA
Supported CipherSuite: SSL_RSA_WITH_RC4_128_MD5
Supported CipherSuite: TLS_ECDH_anon_WITH_RC4_128_SHA
Supported CipherSuite: SSL_DH_anon_WITH_RC4_128_MD5
Supported CipherSuite: SSL_RSA_WITH_DES_CBC_SHA
Supported CipherSuite: SSL_DHE_RSA_WITH_DES_CBC_SHA
Supported CipherSuite: SSL_DHE_DSS_WITH_DES_CBC_SHA
Supported CipherSuite: SSL_DH_anon_WITH_DES_CBC_SHA
Supported CipherSuite: SSL_RSA_EXPORT_WITH_DES40_CBC_SHA
Supported CipherSuite: SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA
Supported CipherSuite: SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA
Supported CipherSuite: SSL_DH_anon_EXPORT_WITH_DES40_CBC_SHA
Supported CipherSuite: SSL_RSA_EXPORT_WITH_RC4_40_MD5
Supported CipherSuite: SSL_DH_anon_EXPORT_WITH_RC4_40_MD5
Supported CipherSuite: TLS_RSA_WITH_NULL_SHA256
Supported CipherSuite: TLS_ECDHE_ECDSA_WITH_NULL_SHA
Supported CipherSuite: TLS_ECDHE_RSA_WITH_NULL_SHA
Supported CipherSuite: SSL_RSA_WITH_NULL_SHA
Supported CipherSuite: TLS_ECDH_ECDSA_WITH_NULL_SHA
Supported CipherSuite: TLS_ECDH_RSA_WITH_NULL_SHA
Supported CipherSuite: TLS_ECDH_anon_WITH_NULL_SHA
Supported CipherSuite: SSL_RSA_WITH_NULL_MD5
Supported CipherSuite: TLS_KRB5_WITH_3DES_EDE_CBC_SHA
Supported CipherSuite: TLS_KRB5_WITH_3DES_EDE_CBC_MD5
Supported CipherSuite: TLS_KRB5_WITH_RC4_128_SHA
Supported CipherSuite: TLS_KRB5_WITH_RC4_128_MD5
Supported CipherSuite: TLS_KRB5_WITH_DES_CBC_SHA
Supported CipherSuite: TLS_KRB5_WITH_DES_CBC_MD5
Supported CipherSuite: TLS_KRB5_EXPORT_WITH_DES_CBC_40_SHA
Supported CipherSuite: TLS_KRB5_EXPORT_WITH_DES_CBC_40_MD5
Supported CipherSuite: TLS_KRB5_EXPORT_WITH_RC4_40_SHA
Supported CipherSuite: TLS_KRB5_EXPORT_WITH_RC4_40_MD5
Awaiting Connection...
Ignoring unavailable cipher suite: TLS_DHE_DSS_WITH_AES_256_GCM_SHA384
Ignoring unavailable cipher suite: TLS_RSA_WITH_AES_256_CBC_SHA
Ignoring unavailable cipher suite: TLS_DHE_RSA_WITH_AES_256_GCM_SHA384
Ignoring unavailable cipher suite: TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA
Ignoring unavailable cipher suite: TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
Ignoring unavailable cipher suite: TLS_RSA_WITH_AES_256_CBC_SHA256
Ignoring unavailable cipher suite: TLS_DHE_DSS_WITH_AES_256_CBC_SHA
Ignoring unavailable cipher suite: TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384
Ignoring unavailable cipher suite: TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384
Ignoring unavailable cipher suite: TLS_RSA_WITH_AES_256_GCM_SHA384
Ignoring unavailable cipher suite: TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384
Ignoring unavailable cipher suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
Ignoring unavailable cipher suite: TLS_ECDH_RSA_WITH_AES_256_CBC_SHA
Ignoring unavailable cipher suite: TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384
Ignoring unavailable cipher suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384
Ignoring unavailable cipher suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA256
Ignoring unavailable cipher suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA
Ignoring unavailable cipher suite: TLS_DHE_DSS_WITH_AES_256_CBC_SHA256
Ignoring unavailable cipher suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA
Ignoring unavailable cipher suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
Ignoring unavailable cipher suite: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384

When the socket is read/written here's the output, including the exception:

Ignoring disabled protocol: SSLv3
Ignoring unsupported cipher suite: TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 for TLSv1
Ignoring unsupported cipher suite: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 for TLSv1
Ignoring unsupported cipher suite: TLS_RSA_WITH_AES_128_CBC_SHA256 for TLSv1
Ignoring unsupported cipher suite: TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256 for TLSv1
Ignoring unsupported cipher suite: TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256 for TLSv1
Ignoring unsupported cipher suite: TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 for TLSv1
Ignoring unsupported cipher suite: TLS_DHE_DSS_WITH_AES_128_CBC_SHA256 for TLSv1
Ignoring unsupported cipher suite: TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 for TLSv1.1
Ignoring unsupported cipher suite: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 for TLSv1.1
Ignoring unsupported cipher suite: TLS_RSA_WITH_AES_128_CBC_SHA256 for TLSv1.1
Ignoring unsupported cipher suite: TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256 for TLSv1.1
Ignoring unsupported cipher suite: TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256 for TLSv1.1
Ignoring unsupported cipher suite: TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 for TLSv1.1
Ignoring unsupported cipher suite: TLS_DHE_DSS_WITH_AES_128_CBC_SHA256 for TLSv1.1
[Raw read]: length = 5
SYSTEM ERROR -- Possible Timeout Due To InactivityWed Mar 28 15:05:39 MDT 2018 - Stack Trace Shown Below.
javax.net.ssl.SSLException: Connection has been shutdown: javax.net.ssl.SSLHandshakeException: no cipher suites in common
    at sun.security.ssl.SSLSocketImpl.checkEOF(SSLSocketImpl.java:1541)
    at sun.security.ssl.AppInputStream.read(AppInputStream.java:95)
    at sun.nio.cs.StreamDecoder.readBytes(StreamDecoder.java:284)
    at sun.nio.cs.StreamDecoder.implRead(StreamDecoder.java:326)
    at sun.nio.cs.StreamDecoder.read(StreamDecoder.java:178)
    at java.io.InputStreamReader.read(InputStreamReader.java:184)
    at java.io.BufferedReader.fill(BufferedReader.java:161)
    at java.io.BufferedReader.readLine(BufferedReader.java:324)
    at java.io.BufferedReader.readLine(BufferedReader.java:389)
    at POP3ServerThread.run(POP3ServerThread.java:71)
    at java.lang.Thread.run(Thread.java:745)
Caused by: javax.net.ssl.SSLHandshakeException: no cipher suites in common
    at sun.security.ssl.Alerts.getSSLException(Alerts.java:192)
    at sun.security.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1949)
    at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:302)
    at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:292)
    at sun.security.ssl.ServerHandshaker.chooseCipherSuite(ServerHandshaker.java:1036)
    at sun.security.ssl.ServerHandshaker.clientHello(ServerHandshaker.java:739)
    at sun.security.ssl.ServerHandshaker.processMessage(ServerHandshaker.java:221)
    at sun.security.ssl.Handshaker.processLoop(Handshaker.java:979)
    at sun.security.ssl.Handshaker.process_record(Handshaker.java:914)
    at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1062)
    at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1375)
    at sun.security.ssl.SSLSocketImpl.writeRecord(SSLSocketImpl.java:747)
    at sun.security.ssl.AppOutputStream.write(AppOutputStream.java:123)
    at sun.nio.cs.StreamEncoder.writeBytes(StreamEncoder.java:221)
    at sun.nio.cs.StreamEncoder.implFlushBuffer(StreamEncoder.java:291)
    at sun.nio.cs.StreamEncoder.implFlush(StreamEncoder.java:295)
    at sun.nio.cs.StreamEncoder.flush(StreamEncoder.java:141)
    at java.io.OutputStreamWriter.flush(OutputStreamWriter.java:229)
    at java.io.BufferedWriter.flush(BufferedWriter.java:254)
    at java.io.PrintWriter.newLine(PrintWriter.java:482)
    at java.io.PrintWriter.println(PrintWriter.java:629)
    at java.io.PrintWriter.println(PrintWriter.java:740)
    at POP3ServerThread.run(POP3ServerThread.java:61)
    ... 1 more
0000: 16 03 01 00 95                                     .....
[Raw read]: length = 149
0000: 01 00 00 91 03 03 02 81   F0 55 87 5E DE 80 70 74  .........U.^..pt
0010: 1B 96 D9 70 01 F5 D0 CF   36 CF B5 34 8B A7 B8 8F  ...p....6..4....
0020: D3 7D F1 01 B8 CC 00 00   1E C0 2B C0 2F CC A9 CC  ..........+./...
0030: A8 C0 2C C0 30 C0 0A C0   09 C0 13 C0 14 00 33 00  ..,.0.........3.
0040: 39 00 2F 00 35 00 0A 01   00 00 4A 00 17 00 00 FF  9./.5.....J.....
0050: 01 00 01 00 00 0A 00 0A   00 08 00 1D 00 17 00 18  ................
0060: 00 19 00 0B 00 02 01 00   00 23 00 00 00 05 00 05  .........#......
0070: 01 00 00 00 00 FF 03 00   00 00 0D 00 18 00 16 04  ................
0080: 03 05 03 06 03 08 04 08   05 08 06 04 01 05 01 06  ................
0090: 01 02 03 02 01                                     .....
Thread-0, READ: TLSv1 Handshake, length = 149
*** ClientHello, TLSv1.2
RandomCookie:  GMT: 25227349 bytes = { 135, 94, 222, 128, 112, 116, 27, 150, 217, 112, 1, 245, 208, 207, 54, 207, 181, 52, 139, 167, 184, 143, 211, 125, 241, 1, 184, 204 }
Session ID:  {}
Cipher Suites: [TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, Unknown 0xcc:0xa9, Unknown 0xcc:0xa8, TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384, TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, TLS_DHE_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_RSA_WITH_AES_256_CBC_SHA, TLS_RSA_WITH_AES_128_CBC_SHA, TLS_RSA_WITH_AES_256_CBC_SHA, SSL_RSA_WITH_3DES_EDE_CBC_SHA]
Compression Methods:  { 0 }
Unsupported extension type_23, data: 
Extension renegotiation_info, renegotiated_connection: <empty>
Extension elliptic_curves, curve names: {unknown curve 29, secp256r1, secp384r1, secp521r1}
Extension ec_point_formats, formats: [uncompressed]
Unsupported extension type_35, data: 
Unsupported extension status_request, data: 01:00:00:00:00
Unsupported extension type_65283, data: 
Extension signature_algorithms, signature_algorithms: SHA256withECDSA, SHA384withECDSA, SHA512withECDSA, Unknown (hash:0x8, signature:0x4), Unknown (hash:0x8, signature:0x5), Unknown (hash:0x8, signature:0x6), SHA256withRSA, SHA384withRSA, SHA512withRSA, SHA1withECDSA, SHA1withRSA
***
[read] MD5 and SHA1 hashes:  len = 149
0000: 01 00 00 91 03 03 02 81   F0 55 87 5E DE 80 70 74  .........U.^..pt
0010: 1B 96 D9 70 01 F5 D0 CF   36 CF B5 34 8B A7 B8 8F  ...p....6..4....
0020: D3 7D F1 01 B8 CC 00 00   1E C0 2B C0 2F CC A9 CC  ..........+./...
0030: A8 C0 2C C0 30 C0 0A C0   09 C0 13 C0 14 00 33 00  ..,.0.........3.
0040: 39 00 2F 00 35 00 0A 01   00 00 4A 00 17 00 00 FF  9./.5.....J.....
0050: 01 00 01 00 00 0A 00 0A   00 08 00 1D 00 17 00 18  ................
0060: 00 19 00 0B 00 02 01 00   00 23 00 00 00 05 00 05  .........#......
0070: 01 00 00 00 00 FF 03 00   00 00 0D 00 18 00 16 04  ................
0080: 03 05 03 06 03 08 04 08   05 08 06 04 01 05 01 06  ................
0090: 01 02 03 02 01                                     .....
%% Initialized:  [Session-1, SSL_NULL_WITH_NULL_NULL]
%% Invalidated:  [Session-1, SSL_NULL_WITH_NULL_NULL]
Thread-0, SEND TLSv1.2 ALERT:  fatal, description = handshake_failure
Thread-0, WRITE: TLSv1.2 Alert, length = 2
[Raw write]: length = 7
0000: 15 03 03 00 02 02 28                               ......(
Thread-0, called closeSocket()
Thread-0, handling exception: javax.net.ssl.SSLHandshakeException: no cipher suites in common
Thread-0, called close()
Thread-0, called closeInternal(true)
Thread-0, called close()
Thread-0, called closeInternal(true)

I've found similar issues on StackOverflow and have tried the solutions, but I consistently get the same exception. Thanks in advance.

what solutions did you try, if not too long to mention them in 2-3 words ? — Eugène Adell, Mar 28 '18 at 22:26
please edit and mention your versions (both Thunderbird and more importantly, Java) — Eugène Adell, Mar 28 '18 at 22:27
Did you try adding SSLv2Hello in your list at setEnabledProtocols() ? Old clients could not negotiate without that, although I don't believe you would get this Exception. Let's wait for @EJP now. — Eugène Adell, Mar 28 '18 at 22:30
Do you really have a privatekey and valid cert/chain in cacerts, with a different keypasswd? What type? @EugèneAdell: the hello is not SSL2 format so v2Hello is not needed; in fact the hello is very up to date, offering 1.2, ECC including 25519, ChaCha/Poly, extdmaster, OCSP, and more. — dave_thompson_085, Mar 28 '18 at 23:39
@EugèneAdell `SSLv2ClientHello` is for clients, and it was removed from Java some years ago. This is a server. — user207421, Mar 28 '18 at 23:44
@dave_thompson_085 thanks guys. End of day, I didn't see it was of course in the debug log. — Eugène Adell, Mar 29 '18 at 16:47
@EJP: SSLv2Hello is used on server also, to control whether it _accepts_ v2 format (but only if offering acceptable maxversion). It defaults off for clients starting in j7, but on for servers even in j9. It is unnecessary if the client sends v3 format, as this one did. — dave_thompson_085, Mar 30 '18 at 04:52
java 1.8, Thunderbird 57.7.0. you can see my code is a mish-mash of code from stack-overflow answers: https://stackoverflow.com/questions/15076820/java-sslhandshakeexception-no-cipher-suites-in-common, https://stackoverflow.com/questions/15076820/java-sslhandshakeexception-no-cipher-suites-in-common, — Fergus, Mar 30 '18 at 14:51

score 1 · Answer 1 · answered Mar 28 '18 at 23:43

This means either that the intersection between the cipher suites enabled at server and client is empty, which doesn't appear to be the case here, or that the server doesn't have a private key, which does.

In that case the server cannot use any of the authenticating cipher suites, and the anonymous cipher suites are (rightly) disabled by default, so there are no usable enabled cipher suites.

NB Don't use that TrustManager. It is radically insecure, and unless you're going to request or require client authentication it won't get used anyway. You don't even need to load the JRE's cacerts file, as that is already the default.

Sorry, I've very much a noob and this subject and you'll find most of of my code is a mish-mash of code from stackoverflow. First, should I just pass in null to sc.init rather than the trust manager or is there something else I should do? Second, It looked to me like there is an overlap of cipher suites and that it should work. How do I get from no usable cipher suites to one or more usable cipher suites? — Fergus, Mar 30 '18 at 14:59

Setting up security for SSLServerSocket results in cipher suites error

1 Answers1