Reputation: 5354
openjdk11 : Unsupported CipherSuite Exception
My app is using OpenJDK 11 and fails with the following exception:
Caused by: java.lang.IllegalArgumentException: Unsupported CipherSuite: SSL_RSA_WITH_AES_256_CBC_SHA256
at java.base/sun.security.ssl.CipherSuite.validValuesOf(CipherSuite.java:916)
at java.base/sun.security.ssl.SSLSocketImpl.setEnabledCipherSuites(SSLSocketImpl.java:302)
at com.ibm.mq.jmqi.remote.impl.RemoteTCPConnection.makeSocketSecure(RemoteTCPConnection.java:2084)
I am not sharing any code because I don't think the problem is there. I need to fix this exception somehow.
Is it possible to configure JRE to support this particular CipherSuite?
Upvotes: 3
Views: 7196
Answers (1)
Reputation: 44970
Generally TLS_RSA_... not SSL_RSA_... in recent Java versions as SSLv3 is no longer secure.
IBM JRE might supports SSL_RSA_WITH_AES_256_CBC_SHA256 cipher suite as per Configuring your application to use IBM Java or Oracle Java CipherSuite mappings docs but this is not a valid constant in OpenJDK.
The TLS_RSA_WITH_AES_256_CBC_SHA256 cipher suite was introduced in Java 7 as per Java Cryptography Architecture Oracle Providers Documentation for JDK 8 docs. Use this constant in OpenJDK.
Upvotes: 8
Related Questions
- Since OpenJDk Java 11 getting javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure
- OpenJDK 11 error "Can not initialize cryptographic mechanism"
- JDK 11 issue with javax.crypto.JceSecurity
- JDK 11 and some Cipher Suite are not working that are configured in conf/server.xml but it does not work
- How to resolve "The type com.sun.crypto.provider.SunJCE is not accessible" with Java11?
- [Unsupported ciphersuite][Java SSLSocket]
- Cipher suite not supported by Java 1.7
- IllegalArgumentException: Unsupported ciphersuite
- unsupported SSL ciphersuite
- Enabled ciphers on Ubuntu OpenJDK 7