nifi-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Andy LoPresto <alopre...@apache.org>
Subject Re: SSL_ERROR_NO_CYPHER_OVERLAP
Date Sat, 05 May 2018 01:35:28 GMT
Phil,

Thanks for documenting the steps you took to get it working. This will definitely be helpful
to anyone who has a similar problem in the future. I suspected it was the missing private
key and I forgot to explain that yes, to import a PEM-encoded public key and private key into
a JKS keystore, you do have to go through the PKCS12 intermediary.


Andy LoPresto
alopresto@apache.org
alopresto.apache@gmail.com
PGP Fingerprint: 70EC B3E5 98A6 5A3F D3C4  BACE 3C6E F65B 2F7D EF69

> On May 4, 2018, at 4:36 PM, Phil H <gippyphil@gmail.com> wrote:
> 
> Sorry for talking to myself so much.  I have solved the problem!
> 
> Once I realised that I had never supplied the private key to keytool when I
> imported the certificate, I started googling along those lines.
> 
> I found this link from 2008 which provided the solution
> http://cunning.sharp.fm/2008/06/importing_private_keys_into_a.html
> 
> Basically you use OpenSSL to create a PKCS12 file from the cert and key,
> and then keytool to import that (as an existing keystore, not as a
> certificate)
> 
> From there, everything else just worked (including client authentication
> through the browser).  Now I have the "Insufficient permissions" problem,
> which there is loads of documentation as to how to move forwards.
> 
> Thanks!
> Phil
> 
> On Sat, May 5, 2018 at 8:27 AM, Phil H <gippyphil@gmail.com> wrote:
> 
>> Further info
>> 
>> In the httpd installation, I need the private key for the certificate and
>> it's paraphrase. That private key has not played a part of the NiFi install
>> thus far (seems like an important thing - the "keystore" only has a
>> certificate, not a key)
>> 
>> The reason why I used PKCS12 for the keystore was some Jetty debug output
>> telling me that was preferred to JKS. Interestingly it gave me contrary
>> advice for the trust store.
>> 
>> On Sat, 5 May 2018 at 08:22, Phil H <gippyphil@gmail.com> wrote:
>> 
>>> Hi Andy,
>>> 
>>> Sorry - poor use of words (it was late when I wrote the email). When I
>>> said "client" certificate I meant the certificate for the NiFi server (no
>>> idea why I wrote "client")
>>> 
>>> I'm not trying to use certificate authentication yet - simply to get NiFi
>>> operating over TLS.
>>> 
>>> When I test with OpenSSL, I get the same Nifi server log output as seen
>>> with a connection attempt from a browser.
>>> 
>>> On the Cipher issue, when I use OpenSSL to connect using said certificate
>>> using httpd, it lists the successful cipher as one of those ignored by
>>> Jetty, albeit with less underscores in the onscreen output:
>>> TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384
>>> 
>>> All machines involved are CentOS 7 - the only add-ons being Java 1.8
>>> (current release) and NiFi 1.6.0 (also current release)
>>> 
>>> On Sat, 5 May 2018 at 01:26, Andy LoPresto <alopresto@apache.org> wrote:
>>> 
>>>> Hi Phil,
>>>> 
>>>> Sorry to hear you are having this problem. I have a couple steps you can
>>>> try to resolve this.
>>>> 
>>>> First, to clarify the terminology for NiFi, a “client certificate”
>>>> refers to a public certificate and private key which in combination allow
a
>>>> client to uniquely identify itself and authenticate on a mutual
>>>> authentication TLS connection. In NiFi terminology, the client certificate
>>>> identifies a user or service which connects to NiFi. The “server
>>>> certificate” identifies the NiFi service, and the CA is what signs one
(or
>>>> both) of those certificates.
>>>> 
>>>> The “no cipher suites in common” error can occur when there are
>>>> legitimately no cipher suites that both the client and server support. This
>>>> can be verified by using the OpenSSL s_client tool to make a connection
>>>> from the client to the server. I’ve pasted a sample invocation below.
>>>> 
>>>> $ openssl s_client -connect <host:port> -debug -state -cert
>>>> <path_to_your_cert.pem> -key <path_to_your_key.pem> -CAfile
>>>> <path_to_your_CA_cert.pem>
>>>> 
>>>> However, that error can also appear when the keystore does not contain a
>>>> valid private key to be used. I suspect the keystore you generated for NiFi
>>>> does not have the private key. You can verify this by examining the
>>>> nifi1.crt file you imported. If you run `$ more nifi1.crt`, you should see
>>>> a line “-----BEGIN PRIVATE KEY-----“ and then some Base64-encoded output.
>>>> If you do not see this, you have only the public certificate in the file.
>>>> Importing that into a keystore means that NiFi (or any other service using
>>>> that keystore) will not be able to sign or decrypt any information
>>>> encrypted with the public key, so it won’t be able to support any cipher
>>>> suites that rely on RSA encryption or signatures.
>>>> 
>>>> The nifi1.crt you imported into the keystore may also not have the
>>>> complete certificate chain encoded, in which case when the server presents
>>>> that certificate on an incoming connection, the client (command-line or
>>>> browser) won’t be able to verify and trust it. You’ll get a different
>>>> error, but it is something to be aware of.
>>>> 
>>>> Is there a reason you chose to use a PKCS12 keystore in this scenario?
>>>> Usually we recommend using JKS for both the keystore and the truststore.
>>>> 
>>>> I hope this helps. If none of this resolves your issues, please let us
>>>> know and we can continue to help.
>>>> 
>>>> Andy LoPresto
>>>> alopresto@apache.org
>>>> *alopresto.apache@gmail.com <alopresto.apache@gmail.com>*
>>>> PGP Fingerprint: 70EC B3E5 98A6 5A3F D3C4  BACE 3C6E F65B 2F7D EF69
>>>> 
>>>> On May 4, 2018, at 4:03 AM, Phil H <gippyphil@gmail.com> wrote:
>>>> 
>>>> Hi all,
>>>> 
>>>> I am trying to secure my NiFi installation.  I have a client certificate
>>>> (nifi1.crt) and the CA for the intranet (ca.crt).  I created the trust
>>>> and
>>>> keystores as below:
>>>> 
>>>> keytool -import -trustcacerts -alias nifi1 -file nifi1.crt -keystore
>>>> server_keystore.p12 -storetype PKCS12
>>>> 
>>>> keytool -import -file ca.crt -alias cacert -keystore truststore.jks
>>>> 
>>>> And the relevant nifi.properties are set as follows
>>>> 
>>>> nifi.security.keystore=./conf/server_keystore.p12
>>>> nifi.security.keystoreType=PKCS12
>>>> nifi.security.keystorePasswd=<Password>
>>>> nifi.security.keyPasswd=<Password>
>>>> nifi.security.truststore=./conf/truststore.jks
>>>> nifi.security.truststoreType=JKS
>>>> nifi.security.truststorePasswd=<Password>
>>>> 
>>>> When I try and access the site via https, I receive the above error in
>>>> Firefox, and the following in the nifi-bootstrap.log (I have enabled
>>>> additional debugging).
>>>> 
>>>> Using both of these certificates inside Apache httpd works on the client
>>>> as
>>>> expected, so the certificates are fine.  I have seen some references to
>>>> bugs/features in Jetty under Java 1.8 related to older TLS versions, but
>>>> I'm at a loss to explain this! Help!!
>>>> 
>>>> Thanks,
>>>> Phil
>>>> 
>>>> 2018-05-04 20:57:17,406 INFO [NiFi logging handler]
>>>> org.apache.nifi.StdOut
>>>> Using SSLEngineImpl.
>>>> 2018-05-04 20:57:17,407 INFO [NiFi logging handler]
>>>> org.apache.nifi.StdOut
>>>> Allow unsafe renegotiation: false
>>>> 2018-05-04 20:57:17,407 INFO [NiFi logging handler]
>>>> org.apache.nifi.StdOut
>>>> Allow legacy hello messages: true
>>>> 2018-05-04 20:57:17,407 INFO [NiFi logging handler]
>>>> org.apache.nifi.StdOut
>>>> Is initial handshake: true
>>>> 2018-05-04 20:57:17,407 INFO [NiFi logging handler]
>>>> org.apache.nifi.StdOut
>>>> Is secure renegotiation: false
>>>> 2018-05-04 20:57:17,407 INFO [NiFi logging handler]
>>>> org.apache.nifi.StdOut
>>>> Ignoring unsupported cipher suite: TLS_ECDHE_ECDSA_WITH_AES_256_
>>>> CBC_SHA384
>>>> for TLSv1
>>>> 2018-05-04 20:57:17,407 INFO [NiFi logging handler]
>>>> org.apache.nifi.StdOut
>>>> Ignoring unsupported cipher suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
>>>> for TLSv1
>>>> 2018-05-04 20:57:17,407 INFO [NiFi logging handler]
>>>> org.apache.nifi.StdOut
>>>> Ignoring unsupported cipher suite: TLS_RSA_WITH_AES_256_CBC_SHA256 for
>>>> TLSv1
>>>> 2018-05-04 20:57:17,407 INFO [NiFi logging handler]
>>>> org.apache.nifi.StdOut
>>>> Ignoring unsupported cipher suite: TLS_ECDH_ECDSA_WITH_AES_256_
>>>> CBC_SHA384
>>>> for TLSv1
>>>> 2018-05-04 20:57:17,407 INFO [NiFi logging handler]
>>>> org.apache.nifi.StdOut
>>>> Ignoring unsupported cipher suite: TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384
>>>> for
>>>> TLSv1
>>>> 2018-05-04 20:57:17,407 INFO [NiFi logging handler]
>>>> org.apache.nifi.StdOut
>>>> Ignoring unsupported cipher suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA256
>>>> for
>>>> TLSv1
>>>> 2018-05-04 20:57:17,407 INFO [NiFi logging handler]
>>>> org.apache.nifi.StdOut
>>>> Ignoring unsupported cipher suite: TLS_DHE_DSS_WITH_AES_256_CBC_SHA256
>>>> for
>>>> TLSv1
>>>> 2018-05-04 20:57:17,407 INFO [NiFi logging handler]
>>>> org.apache.nifi.StdOut
>>>> Ignoring unsupported cipher suite: TLS_ECDHE_ECDSA_WITH_AES_128_
>>>> CBC_SHA256
>>>> for TLSv1
>>>> 2018-05-04 20:57:17,407 INFO [NiFi logging handler]
>>>> org.apache.nifi.StdOut
>>>> Ignoring unsupported cipher suite: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
>>>> for TLSv1
>>>> 2018-05-04 20:57:17,407 INFO [NiFi logging handler]
>>>> org.apache.nifi.StdOut
>>>> Ignoring unsupported cipher suite: TLS_RSA_WITH_AES_128_CBC_SHA256 for
>>>> TLSv1
>>>> 2018-05-04 20:57:17,407 INFO [NiFi logging handler]
>>>> org.apache.nifi.StdOut
>>>> Ignoring unsupported cipher suite: TLS_ECDH_ECDSA_WITH_AES_128_
>>>> CBC_SHA256
>>>> for TLSv1
>>>> 2018-05-04 20:57:17,407 INFO [NiFi logging handler]
>>>> org.apache.nifi.StdOut
>>>> Ignoring unsupported cipher suite: TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256
>>>> for
>>>> TLSv1
>>>> 2018-05-04 20:57:17,407 INFO [NiFi logging handler]
>>>> org.apache.nifi.StdOut
>>>> Ignoring unsupported cipher suite: TLS_DHE_RSA_WITH_AES_128_CBC_SHA256
>>>> for
>>>> TLSv1
>>>> 2018-05-04 20:57:17,407 INFO [NiFi logging handler]
>>>> org.apache.nifi.StdOut
>>>> Ignoring unsupported cipher suite: TLS_DHE_DSS_WITH_AES_128_CBC_SHA256
>>>> for
>>>> TLSv1
>>>> 2018-05-04 20:57:17,407 INFO [NiFi logging handler]
>>>> org.apache.nifi.StdOut
>>>> Ignoring unsupported cipher suite: TLS_ECDHE_ECDSA_WITH_AES_256_
>>>> GCM_SHA384
>>>> for TLSv1
>>>> 2018-05-04 20:57:17,407 INFO [NiFi logging handler]
>>>> org.apache.nifi.StdOut
>>>> Ignoring unsupported cipher suite: TLS_ECDHE_ECDSA_WITH_AES_128_
>>>> GCM_SHA256
>>>> for TLSv1
>>>> 2018-05-04 20:57:17,407 INFO [NiFi logging handler]
>>>> org.apache.nifi.StdOut
>>>> Ignoring unsupported cipher suite: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
>>>> for TLSv1
>>>> 2018-05-04 20:57:17,407 INFO [NiFi logging handler]
>>>> org.apache.nifi.StdOut
>>>> Ignoring unsupported cipher suite: TLS_RSA_WITH_AES_256_GCM_SHA384 for
>>>> TLSv1
>>>> 2018-05-04 20:57:17,407 INFO [NiFi logging handler]
>>>> org.apache.nifi.StdOut
>>>> Ignoring unsupported cipher suite: TLS_ECDH_ECDSA_WITH_AES_256_
>>>> GCM_SHA384
>>>> for TLSv1
>>>> 2018-05-04 20:57:17,407 INFO [NiFi logging handler]
>>>> org.apache.nifi.StdOut
>>>> Ignoring unsupported cipher suite: TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384
>>>> for
>>>> TLSv1
>>>> 2018-05-04 20:57:17,407 INFO [NiFi logging handler]
>>>> org.apache.nifi.StdOut
>>>> Ignoring unsupported cipher suite: TLS_DHE_RSA_WITH_AES_256_GCM_SHA384
>>>> for
>>>> TLSv1
>>>> 2018-05-04 20:57:17,407 INFO [NiFi logging handler]
>>>> org.apache.nifi.StdOut
>>>> Ignoring unsupported cipher suite: TLS_DHE_DSS_WITH_AES_256_GCM_SHA384
>>>> for
>>>> TLSv1
>>>> 2018-05-04 20:57:17,407 INFO [NiFi logging handler]
>>>> org.apache.nifi.StdOut
>>>> Ignoring unsupported cipher suite: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
>>>> for TLSv1
>>>> 2018-05-04 20:57:17,407 INFO [NiFi logging handler]
>>>> org.apache.nifi.StdOut
>>>> Ignoring unsupported cipher suite: TLS_RSA_WITH_AES_128_GCM_SHA256 for
>>>> TLSv1
>>>> 2018-05-04 20:57:17,407 INFO [NiFi logging handler]
>>>> org.apache.nifi.StdOut
>>>> Ignoring unsupported cipher suite: TLS_ECDH_ECDSA_WITH_AES_128_
>>>> GCM_SHA256
>>>> for TLSv1
>>>> 2018-05-04 20:57:17,407 INFO [NiFi logging handler]
>>>> org.apache.nifi.StdOut
>>>> Ignoring unsupported cipher suite: TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256
>>>> for
>>>> TLSv1
>>>> 2018-05-04 20:57:17,407 INFO [NiFi logging handler]
>>>> org.apache.nifi.StdOut
>>>> Ignoring unsupported cipher suite: TLS_DHE_RSA_WITH_AES_128_GCM_SHA256
>>>> for
>>>> TLSv1
>>>> 2018-05-04 20:57:17,407 INFO [NiFi logging handler]
>>>> org.apache.nifi.StdOut
>>>> Ignoring unsupported cipher suite: TLS_DHE_DSS_WITH_AES_128_GCM_SHA256
>>>> for
>>>> TLSv1
>>>> 2018-05-04 20:57:17,407 INFO [NiFi logging handler]
>>>> org.apache.nifi.StdOut
>>>> Ignoring unsupported cipher suite: TLS_ECDHE_ECDSA_WITH_AES_256_
>>>> CBC_SHA384
>>>> for TLSv1.1
>>>> 2018-05-04 20:57:17,408 INFO [NiFi logging handler]
>>>> org.apache.nifi.StdOut
>>>> Ignoring unsupported cipher suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
>>>> for TLSv1.1
>>>> 2018-05-04 20:57:17,408 INFO [NiFi logging handler]
>>>> org.apache.nifi.StdOut
>>>> Ignoring unsupported cipher suite: TLS_RSA_WITH_AES_256_CBC_SHA256 for
>>>> TLSv1.1
>>>> 2018-05-04 20:57:17,408 INFO [NiFi logging handler]
>>>> org.apache.nifi.StdOut
>>>> Ignoring unsupported cipher suite: TLS_ECDH_ECDSA_WITH_AES_256_
>>>> CBC_SHA384
>>>> for TLSv1.1
>>>> 2018-05-04 20:57:17,408 INFO [NiFi logging handler]
>>>> org.apache.nifi.StdOut
>>>> Ignoring unsupported cipher suite: TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384
>>>> for
>>>> TLSv1.1
>>>> 2018-05-04 20:57:17,408 INFO [NiFi logging handler]
>>>> org.apache.nifi.StdOut
>>>> Ignoring unsupported cipher suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA256
>>>> for
>>>> TLSv1.1
>>>> 2018-05-04 20:57:17,408 INFO [NiFi logging handler]
>>>> org.apache.nifi.StdOut
>>>> Ignoring unsupported cipher suite: TLS_DHE_DSS_WITH_AES_256_CBC_SHA256
>>>> for
>>>> TLSv1.1
>>>> 2018-05-04 20:57:17,408 INFO [NiFi logging handler]
>>>> org.apache.nifi.StdOut
>>>> Ignoring unsupported cipher suite: TLS_ECDHE_ECDSA_WITH_AES_128_
>>>> CBC_SHA256
>>>> for TLSv1.1
>>>> 2018-05-04 20:57:17,408 INFO [NiFi logging handler]
>>>> org.apache.nifi.StdOut
>>>> Ignoring unsupported cipher suite: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
>>>> for TLSv1.1
>>>> 2018-05-04 20:57:17,408 INFO [NiFi logging handler]
>>>> org.apache.nifi.StdOut
>>>> Ignoring unsupported cipher suite: TLS_RSA_WITH_AES_128_CBC_SHA256 for
>>>> TLSv1.1
>>>> 2018-05-04 20:57:17,408 INFO [NiFi logging handler]
>>>> org.apache.nifi.StdOut
>>>> Ignoring unsupported cipher suite: TLS_ECDH_ECDSA_WITH_AES_128_
>>>> CBC_SHA256
>>>> for TLSv1.1
>>>> 2018-05-04 20:57:17,408 INFO [NiFi logging handler]
>>>> org.apache.nifi.StdOut
>>>> Ignoring unsupported cipher suite: TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256
>>>> for
>>>> TLSv1.1
>>>> 2018-05-04 20:57:17,408 INFO [NiFi logging handler]
>>>> org.apache.nifi.StdOut
>>>> Ignoring unsupported cipher suite: TLS_DHE_RSA_WITH_AES_128_CBC_SHA256
>>>> for
>>>> TLSv1.1
>>>> 2018-05-04 20:57:17,408 INFO [NiFi logging handler]
>>>> org.apache.nifi.StdOut
>>>> Ignoring unsupported cipher suite: TLS_DHE_DSS_WITH_AES_128_CBC_SHA256
>>>> for
>>>> TLSv1.1
>>>> 2018-05-04 20:57:17,408 INFO [NiFi logging handler]
>>>> org.apache.nifi.StdOut
>>>> Ignoring unsupported cipher suite: TLS_ECDHE_ECDSA_WITH_AES_256_
>>>> GCM_SHA384
>>>> for TLSv1.1
>>>> 2018-05-04 20:57:17,408 INFO [NiFi logging handler]
>>>> org.apache.nifi.StdOut
>>>> Ignoring unsupported cipher suite: TLS_ECDHE_ECDSA_WITH_AES_128_
>>>> GCM_SHA256
>>>> for TLSv1.1
>>>> 2018-05-04 20:57:17,408 INFO [NiFi logging handler]
>>>> org.apache.nifi.StdOut
>>>> Ignoring unsupported cipher suite: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
>>>> for TLSv1.1
>>>> 2018-05-04 20:57:17,408 INFO [NiFi logging handler]
>>>> org.apache.nifi.StdOut
>>>> Ignoring unsupported cipher suite: TLS_RSA_WITH_AES_256_GCM_SHA384 for
>>>> TLSv1.1
>>>> 2018-05-04 20:57:17,408 INFO [NiFi logging handler]
>>>> org.apache.nifi.StdOut
>>>> Ignoring unsupported cipher suite: TLS_ECDH_ECDSA_WITH_AES_256_
>>>> GCM_SHA384
>>>> for TLSv1.1
>>>> 2018-05-04 20:57:17,408 INFO [NiFi logging handler]
>>>> org.apache.nifi.StdOut
>>>> Ignoring unsupported cipher suite: TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384
>>>> for
>>>> TLSv1.1
>>>> 2018-05-04 20:57:17,408 INFO [NiFi logging handler]
>>>> org.apache.nifi.StdOut
>>>> Ignoring unsupported cipher suite: TLS_DHE_RSA_WITH_AES_256_GCM_SHA384
>>>> for
>>>> TLSv1.1
>>>> 2018-05-04 20:57:17,408 INFO [NiFi logging handler]
>>>> org.apache.nifi.StdOut
>>>> Ignoring unsupported cipher suite: TLS_DHE_DSS_WITH_AES_256_GCM_SHA384
>>>> for
>>>> TLSv1.1
>>>> 2018-05-04 20:57:17,408 INFO [NiFi logging handler]
>>>> org.apache.nifi.StdOut
>>>> Ignoring unsupported cipher suite: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
>>>> for TLSv1.1
>>>> 2018-05-04 20:57:17,408 INFO [NiFi logging handler]
>>>> org.apache.nifi.StdOut
>>>> Ignoring unsupported cipher suite: TLS_RSA_WITH_AES_128_GCM_SHA256 for
>>>> TLSv1.1
>>>> 2018-05-04 20:57:17,408 INFO [NiFi logging handler]
>>>> org.apache.nifi.StdOut
>>>> Ignoring unsupported cipher suite: TLS_ECDH_ECDSA_WITH_AES_128_
>>>> GCM_SHA256
>>>> for TLSv1.1
>>>> 2018-05-04 20:57:17,408 INFO [NiFi logging handler]
>>>> org.apache.nifi.StdOut
>>>> Ignoring unsupported cipher suite: TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256
>>>> for
>>>> TLSv1.1
>>>> 2018-05-04 20:57:17,408 INFO [NiFi logging handler]
>>>> org.apache.nifi.StdOut
>>>> Ignoring unsupported cipher suite: TLS_DHE_RSA_WITH_AES_128_GCM_SHA256
>>>> for
>>>> TLSv1.1
>>>> 2018-05-04 20:57:17,408 INFO [NiFi logging handler]
>>>> org.apache.nifi.StdOut
>>>> Ignoring unsupported cipher suite: TLS_DHE_DSS_WITH_AES_128_GCM_SHA256
>>>> for
>>>> TLSv1.1
>>>> 2018-05-04 20:57:17,408 INFO [NiFi logging handler]
>>>> org.apache.nifi.StdOut
>>>> NiFi Web Server-20, READ: TLSv1 Handshake, length = 171
>>>> 2018-05-04 20:57:17,408 INFO [NiFi logging handler]
>>>> org.apache.nifi.StdOut
>>>> *** ClientHello, TLSv1.2
>>>> 2018-05-04 20:57:17,408 INFO [NiFi logging handler]
>>>> org.apache.nifi.StdOut
>>>> RandomCookie:  GMT: 1840697519 bytes = { 105, 139, 207, 1, 25, 185, 102,
>>>> 192, 232, 71, 128, 61, 66, 104, 220, 248, 126, 53, 133, 115, 216, 129,
>>>> 238,
>>>> 15, 202, 164, 110, 9 }
>>>> 2018-05-04 20:57:17,408 INFO [NiFi logging handler]
>>>> org.apache.nifi.StdOut
>>>> Session ID:  {}
>>>> 2018-05-04 20:57:17,408 INFO [NiFi logging handler]
>>>> org.apache.nifi.StdOut
>>>> Cipher Suites: [TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
>>>> TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,
>>>> TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, Unknown 0xcc:0xa9,
>>>> TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,
>>>> TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384, TLS_ECDHE_RSA_WITH_AES_256_
>>>> CBC_SHA,
>>>> TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, Unknown 0xcc:0xa8,
>>>> TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_RSA_WITH_AES_256_CBC_SHA,
>>>> TLS_DHE_RSA_WITH_AES_128_CBC_SHA, TLS_RSA_WITH_AES_256_CBC_SHA,
>>>> TLS_RSA_WITH_AES_128_CBC_SHA, SSL_RSA_WITH_3DES_EDE_CBC_SHA]
>>>> 2018-05-04 20:57:17,408 INFO [NiFi logging handler]
>>>> org.apache.nifi.StdOut
>>>> Compression Methods:  { 0 }
>>>> 2018-05-04 20:57:17,408 INFO [NiFi logging handler]
>>>> org.apache.nifi.StdOut
>>>> Extension server_name, server_name: [type=host_name (0), value=nifi1]
>>>> 2018-05-04 20:57:17,408 INFO [NiFi logging handler]
>>>> org.apache.nifi.StdOut
>>>> Extension extended_master_secret
>>>> 2018-05-04 20:57:17,408 INFO [NiFi logging handler]
>>>> org.apache.nifi.StdOut
>>>> Extension renegotiation_info, renegotiated_connection: <empty>
>>>> 2018-05-04 20:57:17,408 INFO [NiFi logging handler]
>>>> org.apache.nifi.StdOut
>>>> Extension elliptic_curves, curve names: {unknown curve 29, secp256r1,
>>>> secp384r1, secp521r1}
>>>> 2018-05-04 20:57:17,408 INFO [NiFi logging handler]
>>>> org.apache.nifi.StdOut
>>>> Extension ec_point_formats, formats: [uncompressed]
>>>> 2018-05-04 20:57:17,408 INFO [NiFi logging handler]
>>>> org.apache.nifi.StdOut
>>>> Unsupported extension type_35, data:
>>>> 2018-05-04 20:57:17,408 INFO [NiFi logging handler]
>>>> org.apache.nifi.StdOut
>>>> Unsupported extension type_16, data:
>>>> 00:0c:02:68:32:08:68:74:74:70:2f:31:2e:31
>>>> 2018-05-04 20:57:17,408 INFO [NiFi logging handler]
>>>> org.apache.nifi.StdOut
>>>> Unsupported extension status_request, data: 01:00:00:00:00
>>>> 2018-05-04 20:57:17,408 INFO [NiFi logging handler]
>>>> org.apache.nifi.StdOut
>>>> Extension signature_algorithms, signature_algorithms: SHA256withECDSA,
>>>> SHA384withECDSA, SHA512withECDSA, SHA256withRSA, SHA384withRSA,
>>>> SHA512withRSA, SHA1withECDSA, SHA1withRSA
>>>> 2018-05-04 20:57:17,408 INFO [NiFi logging handler]
>>>> org.apache.nifi.StdOut
>>>> ***
>>>> 2018-05-04 20:57:17,408 INFO [NiFi logging handler]
>>>> org.apache.nifi.StdOut
>>>> %% Initialized:  [Session-4, SSL_NULL_WITH_NULL_NULL]
>>>> 2018-05-04 20:57:17,408 INFO [NiFi logging handler]
>>>> org.apache.nifi.StdOut
>>>> NiFi Web Server-20, fatal error: 40: no cipher suites in common
>>>> 2018-05-04 20:57:17,408 INFO [NiFi logging handler]
>>>> org.apache.nifi.StdOut
>>>> javax.net.ssl.SSLHandshakeException: no cipher suites in common
>>>> 2018-05-04 20:57:17,408 INFO [NiFi logging handler]
>>>> org.apache.nifi.StdOut
>>>> %% Invalidated:  [Session-4, SSL_NULL_WITH_NULL_NULL]
>>>> 2018-05-04 20:57:17,408 INFO [NiFi logging handler]
>>>> org.apache.nifi.StdOut
>>>> NiFi Web Server-20, SEND TLSv1.2 ALERT:  fatal, description =
>>>> handshake_failure
>>>> 2018-05-04 20:57:17,408 INFO [NiFi logging handler]
>>>> org.apache.nifi.StdOut
>>>> NiFi Web Server-20, WRITE: TLSv1.2 Alert, length = 2
>>>> 2018-05-04 20:57:17,408 INFO [NiFi logging handler]
>>>> org.apache.nifi.StdOut
>>>> NiFi Web Server-20, fatal: engine already closed.  Rethrowing
>>>> javax.net.ssl.SSLHandshakeException: no cipher suites in common
>>>> 2018-05-04 20:57:17,408 INFO [NiFi logging handler]
>>>> org.apache.nifi.StdOut
>>>> NiFi Web Server-20, called closeOutbound()
>>>> 2018-05-04 20:57:17,408 INFO [NiFi logging handler]
>>>> org.apache.nifi.StdOut
>>>> NiFi Web Server-20, closeOutboundInternal()
>>>> 
>>>> 
>>>> 


Mime
View raw message