无法使用Firefox 50通过SSL连接到Jetty 9服务器

时间:2017-01-13 02:46:54

标签: java firefox ssl encryption jetty

我正在使用Java 8和GoDaddy的SSL证书配置Jetty 9.3.x服务器。完成文档后,我已经在我的服务器上运行SSL,并且可以通过Internet Explorer和chrome中的SSL进行连接。但是,使用firefox,我无法连接到服务器。

我收到错误SSL_ERROR_NO_CYPHER_OVERLAP

我尝试过调整各种设置,但没有任何方法可以帮助我。

阅读https://www.eclipse.org/jetty/documentation/9.4.x/configuring-ssl.html#configuring-sslcontextfactory-cipherSuites

我决定启用他们谈论的调试并获得以下支持的密码:

02:17:06,989 [main] DEBUG org.eclipse.jetty.util.ssl.SslContextFactory  - Selected Protocols [TLSv1, TLSv1.1, TLSv1.2] of [SSLv2Hello, SSLv3, TLSv1, TLSv1.1, TLSv1.2]
02:17:06,989 [main] DEBUG org.eclipse.jetty.util.ssl.SslContextFactory  - Selected Ciphers   [TLS_DHE_RSA_WITH_AES_256_CBC_SHA256, TLS_DHE_RSA_WITH_AES_128_CBC_SHA256, TLS_DHE_RSA_WITH_AES_256_GCM_SHA384, TLS_DHE_RSA_WITH_AES_128_GCM_SHA256] of [TLS_RSA_WITH_AES_256_CBC_SHA256, TLS_DHE_RSA_WITH_AES_256_CBC_SHA256, TLS_DHE_DSS_WITH_AES_256_CBC_SHA256, TLS_RSA_WITH_AES_256_CBC_SHA, TLS_DHE_RSA_WITH_AES_256_CBC_SHA, TLS_DHE_DSS_WITH_AES_256_CBC_SHA, TLS_RSA_WITH_AES_128_CBC_SHA256, TLS_DHE_RSA_WITH_AES_128_CBC_SHA256, TLS_DHE_DSS_WITH_AES_128_CBC_SHA256, TLS_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_DSS_WITH_AES_128_CBC_SHA, TLS_RSA_WITH_AES_256_GCM_SHA384, TLS_DHE_RSA_WITH_AES_256_GCM_SHA384, TLS_DHE_DSS_WITH_AES_256_GCM_SHA384, TLS_RSA_WITH_AES_128_GCM_SHA256, TLS_DHE_RSA_WITH_AES_128_GCM_SHA256, TLS_DHE_DSS_WITH_AES_128_GCM_SHA256, SSL_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA, TLS_EMPTY_RENEGOTIATION_INFO_SCSV, TLS_DH_anon_WITH_AES_256_GCM_SHA384, TLS_DH_anon_WITH_AES_128_GCM_SHA256, TLS_DH_anon_WITH_AES_256_CBC_SHA256, TLS_DH_anon_WITH_AES_256_CBC_SHA, TLS_DH_anon_WITH_AES_128_CBC_SHA256, TLS_DH_anon_WITH_AES_128_CBC_SHA, SSL_DH_anon_WITH_3DES_EDE_CBC_SHA, SSL_RSA_WITH_DES_CBC_SHA, SSL_DHE_RSA_WITH_DES_CBC_SHA, SSL_DHE_DSS_WITH_DES_CBC_SHA, SSL_DH_anon_WITH_DES_CBC_SHA, SSL_RSA_EXPORT_WITH_DES40_CBC_SHA, SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA, SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA, SSL_DH_anon_EXPORT_WITH_DES40_CBC_SHA, TLS_RSA_WITH_NULL_SHA256, SSL_RSA_WITH_NULL_SHA, SSL_RSA_WITH_NULL_MD5, TLS_KRB5_WITH_3DES_EDE_CBC_SHA, TLS_KRB5_WITH_3DES_EDE_CBC_MD5, TLS_KRB5_WITH_DES_CBC_SHA, TLS_KRB5_WITH_DES_CBC_MD5, TLS_KRB5_EXPORT_WITH_DES_CBC_40_SHA, TLS_KRB5_EXPORT_WITH_DES_CBC_40_MD5]

此外,与Chrome(工作)连接时

02:41:43,503 [qtp451111351-19] DEBUG org.eclipse.jetty.util.ssl.SslContextFactory  - Customize 13196d35[SSLEngine[hostname=24.205.233.242 port=54796] SSL_NULL_WITH_NULL_NULL]
02:41:43,518 [qtp451111351-19] DEBUG org.eclipse.jetty.util.ssl.SslContextFactory  - Customize 1e9077dd[SSLEngine[hostname=24.205.233.242 port=54797] SSL_NULL_WITH_NULL_NULL]
02:41:43,525 [qtp451111351-17] DEBUG org.eclipse.jetty.util.ssl.SslContextFactory  - Customize 3924a409[SSLEngine[hostname=24.205.233.242 port=54793] SSL_NULL_WITH_NULL_NULL]
02:41:43,525 [qtp451111351-17] DEBUG org.eclipse.jetty.util.ssl.SslContextFactory  - Customize 31f0632a[SSLEngine[hostname=24.205.233.242 port=54795] SSL_NULL_WITH_NULL_NULL]
02:41:43,526 [qtp451111351-17] DEBUG org.eclipse.jetty.util.ssl.SslContextFactory  - SNI matching for type=host_name (0), value=megabeeqa.carriersoft.com
02:41:43,526 [qtp451111351-17] DEBUG org.eclipse.jetty.util.ssl.SslContextFactory  - SNI matched megabeeqa.carriersoft.com->X509@2970a5bc(carriersoft,h=[carriersoft.com],w=[carriersoft.com])
02:41:43,527 [qtp451111351-16] DEBUG org.eclipse.jetty.util.ssl.SslContextFactory  - SNI matching for type=host_name (0), value=megabeeqa.carriersoft.com
02:41:43,527 [qtp451111351-16] DEBUG org.eclipse.jetty.util.ssl.SslContextFactory  - SNI matched megabeeqa.carriersoft.com->X509@2970a5bc(carriersoft,h=[carriersoft.com],w=[carriersoft.com])
02:41:43,519 [qtp451111351-18] DEBUG org.eclipse.jetty.util.ssl.SslContextFactory  - Customize 2520f47c[SSLEngine[hostname=24.205.233.242 port=54794] SSL_NULL_WITH_NULL_NULL]
02:41:43,528 [qtp451111351-10] DEBUG org.eclipse.jetty.util.ssl.SslContextFactory  - SNI matching for type=host_name (0), value=megabeeqa.carriersoft.com
02:41:43,528 [qtp451111351-10] DEBUG org.eclipse.jetty.util.ssl.SslContextFactory  - SNI matched megabeeqa.carriersoft.com->X509@2970a5bc(carriersoft,h=[carriersoft.com],w=[carriersoft.com])
02:41:43,519 [qtp451111351-14] DEBUG org.eclipse.jetty.util.ssl.SslContextFactory  - SNI matching for type=host_name (0), value=megabeeqa.carriersoft.com
02:41:43,528 [qtp451111351-14] DEBUG org.eclipse.jetty.util.ssl.SslContextFactory  - SNI matched megabeeqa.carriersoft.com->X509@2970a5bc(carriersoft,h=[carriersoft.com],w=[carriersoft.com])
02:41:43,529 [qtp451111351-17] DEBUG org.eclipse.jetty.util.ssl.SniX509ExtendedKeyManager  - Matched megabeeqa.carriersoft.com with X509@2970a5bc(carriersoft,h=[carriersoft.com],w=[carriersoft.com]) from [carriersoft]
02:41:43,530 [qtp451111351-17] DEBUG org.eclipse.jetty.util.ssl.SniX509ExtendedKeyManager  - Chose alias carriersoft/RSA on 3924a409[SSLEngine[hostname=24.205.233.242 port=54793] SSL_NULL_WITH_NULL_NULL]
02:41:43,529 [qtp451111351-15] DEBUG org.eclipse.jetty.util.ssl.SslContextFactory  - SNI matching for type=host_name (0), value=megabeeqa.carriersoft.com
02:41:43,531 [qtp451111351-15] DEBUG org.eclipse.jetty.util.ssl.SslContextFactory  - SNI matched megabeeqa.carriersoft.com->X509@2970a5bc(carriersoft,h=[carriersoft.com],w=[carriersoft.com])
02:41:43,530 [qtp451111351-10] DEBUG org.eclipse.jetty.util.ssl.SniX509ExtendedKeyManager  - Matched megabeeqa.carriersoft.com with X509@2970a5bc(carriersoft,h=[carriersoft.com],w=[carriersoft.com]) from [carriersoft]
02:41:43,531 [qtp451111351-10] DEBUG org.eclipse.jetty.util.ssl.SniX509ExtendedKeyManager  - Chose alias carriersoft/RSA on 2520f47c[SSLEngine[hostname=24.205.233.242 port=54794] SSL_NULL_WITH_NULL_NULL]
02:41:43,531 [qtp451111351-15] DEBUG org.eclipse.jetty.util.ssl.SniX509ExtendedKeyManager  - Matched megabeeqa.carriersoft.com with X509@2970a5bc(carriersoft,h=[carriersoft.com],w=[carriersoft.com]) from [carriersoft]
02:41:43,531 [qtp451111351-15] DEBUG org.eclipse.jetty.util.ssl.SniX509ExtendedKeyManager  - Chose alias carriersoft/RSA on 1e9077dd[SSLEngine[hostname=24.205.233.242 port=54797] SSL_NULL_WITH_NULL_NULL]
02:41:43,530 [qtp451111351-14] DEBUG org.eclipse.jetty.util.ssl.SniX509ExtendedKeyManager  - Matched megabeeqa.carriersoft.com with X509@2970a5bc(carriersoft,h=[carriersoft.com],w=[carriersoft.com]) from [carriersoft]
02:41:43,531 [qtp451111351-14] DEBUG org.eclipse.jetty.util.ssl.SniX509ExtendedKeyManager  - Chose alias carriersoft/RSA on 13196d35[SSLEngine[hostname=24.205.233.242 port=54796] SSL_NULL_WITH_NULL_NULL]
02:41:43,530 [qtp451111351-16] DEBUG org.eclipse.jetty.util.ssl.SniX509ExtendedKeyManager  - Matched megabeeqa.carriersoft.com with X509@2970a5bc(carriersoft,h=[carriersoft.com],w=[carriersoft.com]) from [carriersoft]
02:41:43,532 [qtp451111351-16] DEBUG org.eclipse.jetty.util.ssl.SniX509ExtendedKeyManager  - Chose alias carriersoft/RSA on 31f0632a[SSLEngine[hostname=24.205.233.242 port=54795] SSL_NULL_WITH_NULL_NULL]

与FireFox连接时,我只在日志中获得以下输出:

02:40:55,459 [qtp451111351-17] DEBUG org.eclipse.jetty.util.ssl.SslContextFactory  - Customize 2223aad3[SSLEngine[hostname=24.205.233.242 port=54783] SSL_NULL_WITH_NULL_NULL]
02:40:55,465 [qtp451111351-16] DEBUG org.eclipse.jetty.util.ssl.SslContextFactory  - SNI matching for type=host_name (0), value=megabeeqa.carriersoft.com
02:40:55,465 [qtp451111351-16] DEBUG org.eclipse.jetty.util.ssl.SslContextFactory  - SNI matched megabeeqa.carriersoft.com->X509@2970a5bc(carriersoft,h=[carriersoft.com],w=[carriersoft.com])

对我来说这似乎是一组很好的密码,任何人都可以帮助识别我的问题并帮助我启用firefox会接受的密码吗?

2 个答案:

答案 0 :(得分:1)

这里的问题原来是我正在使用的Java版本。它是1.8,它是更新91,后来的版本有正确的密码组合。

答案 1 :(得分:0)

我有完全相同的错误,但它不是引起该问题的java版本。

问题是ca证书是针对abc.com而且服务器证书是针对xyz.com的,所以它看起来像:

keytool -genkeypair -alias ca -keyalg RSA -validity 45 -keysize 2048 -keystore ca.jks -dname "CN=abc.com" -storepass password
...
keytool -genkeypair -keyalg RSA -keysize 2048 -validity 45 -alias server -dname "CN=xyz.com" -keystore server.jks -storepass password.

我添加这个,以防其他人有同样的错误,并且更改java版本没有帮助。

相关问题
最新问题