lucene-solr-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Younge, Kent A - Norman, OK - Contractor" <Kent.A.You...@usps.gov.INVALID>
Subject RE: ERR_SSL_VERSION_OR_CIPHER_MISMATCH
Date Tue, 05 Sep 2017 12:39:22 GMT
The java.security files are the same.  I even copied over the files from a machine that is
working and renamed the security files and it still did not work.. I am getting the same error.







-----Original Message-----
From: Younge, Kent A - Norman, OK - Contractor [mailto:Kent.A.Younge@usps.gov.INVALID] 
Sent: Tuesday, September 05, 2017 6:54 AM
To: solr-user@lucene.apache.org
Subject: RE: ERR_SSL_VERSION_OR_CIPHER_MISMATCH

The new box is a clone of all the boxes so nothing should have changed other than the certificates
and the keystore.  That is why I am at such a loss on this issue.   Java is the same across
five servers all settings are the same across five servers.  I will look into the JVM security
and see if it is the same across all the boxes.





-----Original Message-----
From: Chris Hostetter [mailto:hossman_lucene@fucit.org] 
Sent: Friday, September 01, 2017 5:46 PM
To: solr-user@lucene.apache.org
Subject: Re: ERR_SSL_VERSION_OR_CIPHER_MISMATCH


all of the low level SSL code used by Solr comes from the JVM.

double check which version of java you are using and make sure it's consistent on all of your
servers -- if you disable SSL on the affected server you can use the Solr Admin UI to be 100%
certain of exactly which version of java is being used...

https://lucene.apache.org/solr/guide/6_6/overview-of-the-solr-admin-ui.html

If the JVM Runtime *versions* are identicle, the next thing to check would be the the JVM
security settings which control which ciphers are used.  
For Oracle JVMs this file is named "java.security" -- compare that file between your functional/non-functional
servers.

There are lots of docs out there on SSL protocol and cipher configuration in java's java.security
file, here's a quick one that links deep into the details of enabling/disabling protocols...

http://docs.oracle.com/javase/8/docs/technotes/guides/security/SunProviders.html#SunJSSE_Protocols

...but the bottomline is: you probably want to fix your broken server to match your working
servers, and unless the JVM versions are different, that means someone/thing must have modified
the JVM security settings on one of your servers -- find out who & why.


-Hoss
http://www.lucidworks.com/

Mime
View raw message