Cipherd not supported by SSL engine

Question

I swear I have looked all over them place but I cannot find an explanation or solution to this problem: I have 2 environments (DEV and TEST). I was recently tasked with limiting the CIPHER exposure when opening ports (LINUX). In DEV, there are no problems; the ports open using one of the ciphers I identified in the .properties file (using Spring-boot) and our security team is happy.

On the TEST side I use the exact same ciphers, in the exact same order. When I try to connect to one of the Swagger pages, I get the SSL_ERROR_OR_CIPHER_MISMATCH error. I have ientified the cipher suite being used in each environment, and they are different (ECDHE-RSA-AES256-GCM-SHA384 on DEV and DHE-RSA-AES128-GCM-SHA256 on TEST). Since TEST is giving me the issues, I removed the cipher definitions from the .properties file and started all over. This time, the server will not start and provides the error message "None of the [ciphers] specified are supported by the SSL engine."

I (the developer with some SA experience) and an SA have spent a lot of time on this and are getting nowhere. We have verified that our certs are fine. Can anyone point me in the right direction? I have done numerous searches looking for a solution, just have not found one that explains the unsupported cipher issue. I suspect we have an out of date library or something... please help, this is getting old! :)

We have tried every suggestion we have found online. A new version of OPENSSL was installed before the problem surfaced so most of our focus has been there. We even restored the previous version of Opnessl to no avail.

When I run openssl ciphers -v | awk '{print $s}' | sort | uniq: DEV: SSLv3, TLSv1, TLSv1.2, TLSv1.3 TST: SSLv3, TLSv1,2

The list of ciphers returned is also vastly different (DEV has 60, TST has 95). something is certainly hosed but I don't know where or how to correct the problem.

Cipherd not supported by SSL engine

Answers (1)

Related Questions