Reputation: 8787
"Ignoring unsupported cipher suite" message when "-Djavax.net.debug=ssl:handshake" is enabled on server side
I have implemented SSLServerSocket and when I start .jar file with option -Djavax.net.debug=ssl:handshake to debug secure handshakes, I get also these messages (before establishing some secure connection):
...
Ignoring unavailable cipher suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
Ignoring unavailable cipher suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA
Ignoring unavailable cipher suite: TLS_ECDH_RSA_WITH_AES_256_CBC_SHA
Ignoring unsupported cipher suite: TLS_DHE_DSS_WITH_AES_128_CBC_SHA256
Ignoring unsupported cipher suite: TLS_DHE_DSS_WITH_AES_256_CBC_SHA256
Ignoring unsupported cipher suite: TLS_DHE_RSA_WITH_AES_128_CBC_SHA256
Ignoring unsupported cipher suite: TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256
Ignoring unsupported cipher suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA256
Ignoring unsupported cipher suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
Ignoring unsupported cipher suite: TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384
Ignoring unsupported cipher suite: TLS_RSA_WITH_AES_256_CBC_SHA256
Ignoring unavailable cipher suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA
Ignoring unsupported cipher suite: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
Ignoring unsupported cipher suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384
Ignoring unavailable cipher suite: TLS_DHE_DSS_WITH_AES_256_CBC_SHA
Ignoring unsupported cipher suite: TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384
Ignoring unsupported cipher suite: TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256
Ignoring unsupported cipher suite: TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256
Ignoring unavailable cipher suite: TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA
Ignoring unavailable cipher suite: TLS_RSA_WITH_AES_256_CBC_SHA
Ignoring unsupported cipher suite: TLS_RSA_WITH_AES_128_CBC_SHA256
...
What does it mean? Maybe I missing 256 bit security in Java (to replace a few files in Java directory)?
After creating SSLServerSocket I have enabled secure protocols like:
socket.setEnabledProtocols(new String[]{"TLSv1","TLSv1.1","TLSv1.2","SSLv2Hello"});
Maybe I should enable these above cipher suites also?
Besides these cipher suites, everything works fine.
EDIT:
Yes, @Boris the Spider was right: after installing Oracle's unlimited strength policy files the warnings are no longer visible.
Upvotes: 18
Views: 27485
Answers (1)
Reputation: 2931
So the answer is you need Oracle's unlimited strength policy files
Thanks Boris the Spider for the answer.
Upvotes: 4
Related Questions
- Java SSL: client handshake failure and server no cipher suites in common
- Java SSLHandshakeException "no cipher suites in common"
- SSLHandshakeException: no cipher suites in common
- Java - Received fatal alert: handshake_failure
- How to solve "no cipher suites in common" during SSL Handshake?
- Java SSLHandshakeException: no cipher suites in common
- javax.net.ssl.SSLHandshakeException: no cipher suites in common no cipher suites in common
- C client with OpenSSL + Java server : javax.net.ssl.SSLHandshakeException: no cipher suites in common
- HTTPS Socket "javax.net.ssl.SSLHandshakeException: no cipher suites in common"
- Java "no cipher suites in common" issue when trying to securely connect to server