Return-Path: X-Original-To: archive-asf-public-internal@cust-asf2.ponee.io Delivered-To: archive-asf-public-internal@cust-asf2.ponee.io Received: from cust-asf.ponee.io (cust-asf.ponee.io [163.172.22.183]) by cust-asf2.ponee.io (Postfix) with ESMTP id CD3EA200B85 for ; Thu, 1 Sep 2016 02:20:22 +0200 (CEST) Received: by cust-asf.ponee.io (Postfix) id CA31A160AB4; Thu, 1 Sep 2016 00:20:22 +0000 (UTC) Delivered-To: archive-asf-public@cust-asf.ponee.io Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by cust-asf.ponee.io (Postfix) with SMTP id E736F160ABA for ; Thu, 1 Sep 2016 02:20:21 +0200 (CEST) Received: (qmail 1289 invoked by uid 500); 1 Sep 2016 00:20:20 -0000 Mailing-List: contact issues-help@activemq.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: dev@activemq.apache.org Delivered-To: mailing list issues@activemq.apache.org Received: (qmail 1263 invoked by uid 99); 1 Sep 2016 00:20:20 -0000 Received: from arcas.apache.org (HELO arcas) (140.211.11.28) by apache.org (qpsmtpd/0.29) with ESMTP; Thu, 01 Sep 2016 00:20:20 +0000 Received: from arcas.apache.org (localhost [127.0.0.1]) by arcas (Postfix) with ESMTP id 8EC802C014E for ; Thu, 1 Sep 2016 00:20:20 +0000 (UTC) Date: Thu, 1 Sep 2016 00:20:20 +0000 (UTC) From: "James Beamish-White (JIRA)" To: issues@activemq.apache.org Message-ID: In-Reply-To: References: Subject: [jira] [Updated] (AMQ-6412) NMS fails to connect with ActiveMQ when using ssl://, SSLHandshakeException: no cipher suites in common MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 7bit X-JIRA-FingerPrint: 30527f35849b9dde25b450d4833f0394 archived-at: Thu, 01 Sep 2016 00:20:23 -0000 [ https://issues.apache.org/jira/browse/AMQ-6412?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] James Beamish-White updated AMQ-6412: ------------------------------------- Description: When trying to connect using Apache NMS, I get the following error: ERROR | Could not accept connection from tcp://0:0:0:0:0:0:0:1:55511 : javax.net.ssl.SSLHandshakeException: no cipher suites in common The exact same Visual Studio NMS project works fine with ActiveMQ 5.13. So it seems that the cipher suite configuration in 5.14.x has changed, and no longer supports some ciphers that should be acceptable. A more detailed log is below: {code} ActiveMQ Transport: ssl:///0:0:0:0:0:0:0:1:55511, READ: TLSv1 Handshake, length = 120 ClientHello, TLSv1 RandomCookie: GMT: 1455911462 bytes = { 25, 121, 104, 48, 195, 62, 217, 29, 109, 76, 31, 195, 198, 102, 13, 49, 169, 113, 75, 67, 28, 29, 173, 227, 71, 151, 221, 178 } Session ID: {} Cipher Suites: [TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_RSA_WITH_AES_256_CBC_SHA, TLS_DHE_RSA_WITH_AES_128_CBC_SHA, TLS_RSA_WITH_AES_256_CBC_SHA, TLS_RSA_WITH_AES_128_CBC_SHA, SSL_RSA_WITH_3DES_EDE_CBC_SHA, TLS_DHE_DSS_WITH_AES_256_CBC_SHA, TLS_DHE_DSS_WITH_AES_128_CBC_SHA, SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA, SSL_RSA_WITH_RC4_128_SHA, SSL_RSA_WITH_RC4_128_MD5] Compression Methods: { 0 } Extension server_name, server_name: [type=host_name (0), value=localhost] Extension elliptic_curves, curve names: {secp256r1, secp384r1} Extension ec_point_formats, formats: [uncompressed] Unsupported extension type_35, data: Unsupported extension type_23, data: Extension renegotiation_info, renegotiated_connection: %% Initialized: [Session-1, SSL_NULL_WITH_NULL_NULL] %% Invalidated: [Session-1, SSL_NULL_WITH_NULL_NULL] ActiveMQ Transport: ssl:///0:0:0:0:0:0:0:1:55511, SEND TLSv1 ALERT: fatal, description = handshake_failure ActiveMQ Transport: ssl:///0:0:0:0:0:0:0:1:55511, WRITE: TLSv1 Alert, length = 2 ActiveMQ Transport: ssl:///0:0:0:0:0:0:0:1:55511, called closeSocket() ActiveMQ Transport: ssl:///0:0:0:0:0:0:0:1:55511, handling exception: javax.net.ssl.SSLHandshakeException: no cipher suites in common ActiveMQ BrokerService[localhost] Task-1, handling exception: javax.net.ssl.SSLHandshakeException: no cipher suites in common WARN | Transport Connection to: tcp://0:0:0:0:0:0:0:1:55511 failed: javax.net.ssl.SSLHandshakeException: no cipher suites in common ActiveMQ Task-1, called close() ActiveMQ Task-1, called closeInternal(true) ERROR | Could not accept connection from tcp://0:0:0:0:0:0:0:1:55511 : javax.net.ssl.SSLHandshakeException: no cipher suites in common {code} was: When trying to connect using Apache NMS, I get the following error: ERROR | Could not accept connection from tcp://0:0:0:0:0:0:0:1:55511 : javax.net.ssl.SSLHandshakeException: no cipher suites in common The exact same Visual Studio NMS project works fine with ActiveMQ 5.13. So it seems that the cipher suite configuration in 5.14.x has changed, and no longer supports some ciphers that should be acceptable. A more detailed log is below: ActiveMQ Transport: ssl:///0:0:0:0:0:0:0:1:55511, READ: TLSv1 Handshake, length = 120 ClientHello, TLSv1 RandomCookie: GMT: 1455911462 bytes = { 25, 121, 104, 48, 195, 62, 217, 29, 109, 76, 31, 195, 198, 102, 13, 49, 169, 113, 75, 67, 28, 29, 173, 227, 71, 151, 221, 178 } Session ID: {} Cipher Suites: [TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_RSA_WITH_AES_256_CBC_SHA, TLS_DHE_RSA_WITH_AES_128_CBC_SHA, TLS_RSA_WITH_AES_256_CBC_SHA, TLS_RSA_WITH_AES_128_CBC_SHA, SSL_RSA_WITH_3DES_EDE_CBC_SHA, TLS_DHE_DSS_WITH_AES_256_CBC_SHA, TLS_DHE_DSS_WITH_AES_128_CBC_SHA, SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA, SSL_RSA_WITH_RC4_128_SHA, SSL_RSA_WITH_RC4_128_MD5] Compression Methods: { 0 } Extension server_name, server_name: [type=host_name (0), value=localhost] Extension elliptic_curves, curve names: {secp256r1, secp384r1} Extension ec_point_formats, formats: [uncompressed] Unsupported extension type_35, data: Unsupported extension type_23, data: Extension renegotiation_info, renegotiated_connection: %% Initialized: [Session-1, SSL_NULL_WITH_NULL_NULL] %% Invalidated: [Session-1, SSL_NULL_WITH_NULL_NULL] ActiveMQ Transport: ssl:///0:0:0:0:0:0:0:1:55511, SEND TLSv1 ALERT: fatal, description = handshake_failure ActiveMQ Transport: ssl:///0:0:0:0:0:0:0:1:55511, WRITE: TLSv1 Alert, length = 2 ActiveMQ Transport: ssl:///0:0:0:0:0:0:0:1:55511, called closeSocket() ActiveMQ Transport: ssl:///0:0:0:0:0:0:0:1:55511, handling exception: javax.net.ssl.SSLHandshakeException: no cipher suites in common ActiveMQ BrokerService[localhost] Task-1, handling exception: javax.net.ssl.SSLHandshakeException: no cipher suites in common WARN | Transport Connection to: tcp://0:0:0:0:0:0:0:1:55511 failed: javax.net.ssl.SSLHandshakeException: no cipher suites in common ActiveMQ Task-1, called close() ActiveMQ Task-1, called closeInternal(true) ERROR | Could not accept connection from tcp://0:0:0:0:0:0:0:1:55511 : javax.net.ssl.SSLHandshakeException: no cipher suites in common > NMS fails to connect with ActiveMQ when using ssl://, SSLHandshakeException: no cipher suites in common > ------------------------------------------------------------------------------------------------------- > > Key: AMQ-6412 > URL: https://issues.apache.org/jira/browse/AMQ-6412 > Project: ActiveMQ > Issue Type: Bug > Components: Broker > Affects Versions: 5.14.0 > Environment: Windows 10, JDK 1.8.0_91, Apache.NMS v4.0.30319 > Reporter: James Beamish-White > > When trying to connect using Apache NMS, I get the following error: > ERROR | Could not accept connection from tcp://0:0:0:0:0:0:0:1:55511 : javax.net.ssl.SSLHandshakeException: no cipher suites in common > The exact same Visual Studio NMS project works fine with ActiveMQ 5.13. So it seems that the cipher suite configuration in 5.14.x has changed, and no longer supports some ciphers that should be acceptable. > A more detailed log is below: > {code} > ActiveMQ Transport: ssl:///0:0:0:0:0:0:0:1:55511, READ: TLSv1 Handshake, length = 120 > ClientHello, TLSv1 > RandomCookie: GMT: 1455911462 bytes = { 25, 121, 104, 48, 195, 62, 217, 29, 109, 76, 31, 195, 198, 102, 13, 49, 169, 113, 75, 67, 28, 29, 173, 227, 71, 151, 221, 178 } > Session ID: {} > Cipher Suites: [TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_RSA_WITH_AES_256_CBC_SHA, TLS_DHE_RSA_WITH_AES_128_CBC_SHA, TLS_RSA_WITH_AES_256_CBC_SHA, TLS_RSA_WITH_AES_128_CBC_SHA, SSL_RSA_WITH_3DES_EDE_CBC_SHA, TLS_DHE_DSS_WITH_AES_256_CBC_SHA, TLS_DHE_DSS_WITH_AES_128_CBC_SHA, SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA, SSL_RSA_WITH_RC4_128_SHA, SSL_RSA_WITH_RC4_128_MD5] > Compression Methods: { 0 } > Extension server_name, server_name: [type=host_name (0), value=localhost] > Extension elliptic_curves, curve names: {secp256r1, secp384r1} > Extension ec_point_formats, formats: [uncompressed] > Unsupported extension type_35, data: > Unsupported extension type_23, data: > Extension renegotiation_info, renegotiated_connection: > %% Initialized: [Session-1, SSL_NULL_WITH_NULL_NULL] > %% Invalidated: [Session-1, SSL_NULL_WITH_NULL_NULL] > ActiveMQ Transport: ssl:///0:0:0:0:0:0:0:1:55511, SEND TLSv1 ALERT: fatal, description = handshake_failure > ActiveMQ Transport: ssl:///0:0:0:0:0:0:0:1:55511, WRITE: TLSv1 Alert, length = 2 > ActiveMQ Transport: ssl:///0:0:0:0:0:0:0:1:55511, called closeSocket() > ActiveMQ Transport: ssl:///0:0:0:0:0:0:0:1:55511, handling exception: javax.net.ssl.SSLHandshakeException: no cipher suites in common > ActiveMQ BrokerService[localhost] Task-1, handling exception: javax.net.ssl.SSLHandshakeException: no cipher suites in common > WARN | Transport Connection to: tcp://0:0:0:0:0:0:0:1:55511 failed: javax.net.ssl.SSLHandshakeException: no cipher suites in common > ActiveMQ Task-1, called close() > ActiveMQ Task-1, called closeInternal(true) > ERROR | Could not accept connection from tcp://0:0:0:0:0:0:0:1:55511 : javax.net.ssl.SSLHandshakeException: no cipher suites in common > {code} -- This message was sent by Atlassian JIRA (v6.3.4#6332)