1

I'm setting up a key for HTTPS in JBoss 6 and it keeps showing me the error

ERR_SSL_VERSION_OR_CIPHER_MISMATCH

The certificate is valid.

I created the jks using this command: keytool -import -trustcacerts -alias root -file certificate.crt -keystore JksName.jks

The server.xml file is like this:

 <!-- SSL/TLS Connector configuration using the admin devl guide keystore-->
      <Connector port="8443" minSpareThreads="5" maxSpareThreads="75"
            enableLookups="true" disableUploadTimeout="true"
            acceptCount="100" maxThreads="200"
            scheme="https" secure="true" SSLEnabled="true"
            keystoreFile="path"
            keystorePass="psswd" clientAuth="false" sslProtocols="TLSv1,TLSv1.1,TLSv1.2"/>

But it keeps showing that error in chrome. Already tried in other browsers and it does not work too.

Allysson Sanciani Rodrigues
  • 11
  • 3
  • Which Java runtime version is used? If the runtime is too old it does not support TLS1+ or only outdated ciphers that are disabled in modern browsers. – Robert May 07 '19 at 18:06
  • You say you're "setting up a key" but that's untrue; you're only giving the server a certificate and NOT a privatekey and it needs the certificate AND privatekey AND chain (in most cases). See https://stackoverflow.com/questions/39815305/spring-boot-https-with-valid-cert-get-err-ssl-version-or-cipher-mismatch- and https://stackoverflow.com/questions/37412374/java-sslhandshakeexception-no-cipher-suites-in-common and maybe https://stackoverflow.com/questions/37412374/java-sslhandshakeexception-no-cipher-suites-in-common – dave_thompson_085 May 08 '19 at 07:59
  • @Robert: Java _5_ in 2004 supported TLS1.0, which Chrome 74 still accepts, although DevTools/Security describes it as 'obsolete'. Jboss is pretty demanding and I doubt Jboss 6 runs on any Java that old. – dave_thompson_085 May 08 '19 at 08:39
  • @Robert the JRE is the 1.7 – Allysson Sanciani Rodrigues May 08 '19 at 11:21
  • @dave_thompson_085 man, I think you might be really right, I will give a try and thanks for the links and the orientation – Allysson Sanciani Rodrigues May 08 '19 at 11:22
  • @dave_thompson_085 Man, it worked, thank you – Allysson Sanciani Rodrigues May 08 '19 at 16:56

1 Answers1

0

Although the ERR_SSL_VERSION_OR_CIPHER_MISMATCH error could indicate any SSL version mismatch or no common cipher suites between the browser and the server, this error probably means that the server only supports RC4. You will need to enable support for additional cipher suites.

Panagiotis Chavariotis
  • 938
  • 8
  • 11
  • Java (at least Oracle builds) has disabled RC4 in SSL/TLS by default since 8u51, 4 years ago. This problem is because the server is given no private key and cannot support any authenticated ciphersuites, which are the only ones allowed by all browsers and most other software. – dave_thompson_085 May 08 '19 at 08:02