Date: Mon, 16 Mar 1998 13:06:05 -0800
From: David.Brownell@Eng (David Brownell)
Message-Id: <199803162106.NAA22893@argon.eng.sun.com>
To: java-security@web2.javasoft.com, frank@uccs.jpl.nasa.gov
Subject: Re: Java SSL / SSLeay interoperability
You need to enable that particular cipher in the Java Web Server
administration panel ... select the "secure server", press the
button labeled "security", then select "ciphers", and change the
status of SSL_DH_anon_EXPORT_WITH_RC4_40_MD5 to enabled. Then
save; I think you may need to restart the server, or perhaps it
does it automatically for you.
I'm told that SSLeay 0.8.1 and later have a bugfix needed to get
this interop working ... Java Web Server 1.1 should do the job,
and I think that JWS 1.0 won't work.
- Dave
> From frank@uccs.jpl.nasa.gov Mon Mar 16 12:44:33 1998
> Date: Mon, 16 Mar 1998 12:41:47 -0800
> From: Frank Maritato <frank@uccs.jpl.nasa.gov>
> To: java-security@web2.javasoft.com
> Subject: Java SSL / SSLeay interoperability
>
> Hello--
>
> I built the latest version of SSLeay on Solaris, and I was curious to
> see what would happen if I tried to get my Java SSL client to talk to
> the demo SSLeay server app. I want to use
> SSL_DH_anon_EXPORT_WITH_RC4_40_MD5 as my cipher suite, but I noticed
> that SSLeay defines their cipher suites differently. Here is what I got
> on the server side:
>
> [11:56am] locknis/frank % ssleay s_server -nocert
> Using default temp DH parameters
> ACCEPT
> ERROR
> 21855:error:1408A0B9:SSL routines:SSL3_GET_CLIENT_HELLO:no shared
> cipher:s3_srvr.c:727
> shutting down SSL
> CONNECTION CLOSED
> ACCEPT
>
> Here is what I got on the Java SSL client side:
> [11:58am] locknis/frank % java SSLClient locknis 4433
> Creating SSLSocketFactory...Done.
> Creating Socket...Done.
> Setting Cipher suite...Done.
> SSL_DH_anon_EXPORT_WITH_RC4_40_MD5
> Setting up streams...Done.
> javax.net.ssl.SSLException: Received fatal alert: handshake_failure (no
> cipher suites in common)
> javax.net.ssl.SSLException: Received fatal alert: handshake_failure (no
> cipher suites in common)
> at
> sun.security.ssl.SSLSocketImpl.recvAlert(SSLSocketImpl.java:951)
> at
> sun.security.ssl.SSLSocketImpl.clearPipeline(SSLSocketImpl.java:684)
> at sun.security.ssl.SSLSocketImpl.write(SSLSocketImpl.java:437)
> at
> sun.security.ssl.AppOutputStream.flush(AppOutputStream.java:77)
> at java.io.DataOutputStream.flush(DataOutputStream.java)
> at SSLClient.talk(SSLClient.java:70)
> at SSLClient.run(SSLClient.java:48)
>
> Anyone know how I can get the cipher suites to match on each side?
> thanks!
> --
> **************************************************************
> Frank Maritato, Jr. Jet Propulsion Laboratory
> frank@uccs.jpl.nasa.gov 4800 Oak Grove Drive
> mail stop 525-3632
> Pasadena, CA 91109-8099
>