"no cipher suites in common" exception with JSF cert

Hi,

I just got my certificate from the JSF. It works fine when used in apache, however, I can’'t get it to work with Wildfire.

I removed the self-signed certs from the site and added my own by using the form on the admin interface. It’‘s shown correctly. However, when I try to connect from either Adium or my Smack-using plugin, it doesn’‘t work. In the server’'s error log, I get the following exception every time I try to connect:

javax.net.ssl.SSLHandshakeException: no cipher suites in common

at com.sun.net.ssl.internal.ssl.Handshaker.checkThrown(Handshaker.java:994)

at com.sun.net.ssl.internal.ssl.SSLEngineImpl.checkTaskThrown(SSLEngineImpl.java:4 59)

at com.sun.net.ssl.internal.ssl.SSLEngineImpl.writeAppRecord(SSLEngineImpl.java:10 54)

at com.sun.net.ssl.internal.ssl.SSLEngineImpl.wrap(SSLEngineImpl.java:1026)

at javax.net.ssl.SSLEngine.wrap(SSLEngine.java:411)

at org.jivesoftware.wildfire.net.TLSStreamHandler.doHandshake(TLSStreamHandler.jav a:356)

at org.jivesoftware.wildfire.net.TLSStreamHandler.start(TLSStreamHandler.java:250)

at org.jivesoftware.wildfire.net.SocketConnection.startTLS(SocketConnection.java:1 73)

at org.jivesoftware.wildfire.net.SocketReadingMode.negotiateTLS(SocketReadingMode. java:72)

at org.jivesoftware.wildfire.net.BlockingReadingMode.readStream(BlockingReadingMod e.java:126)

at org.jivesoftware.wildfire.net.BlockingReadingMode.run(BlockingReadingMode.java: 62)

at org.jivesoftware.wildfire.net.SocketReader.run(SocketReader.java:123)

at java.lang.Thread.run(Thread.java:595)

Caused by: javax.net.ssl.SSLHandshakeException: no cipher suites in common

at com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Alerts.java:150)

at com.sun.net.ssl.internal.ssl.SSLEngineImpl.fatal(SSLEngineImpl.java:1352)

at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Handshaker.java:176)

at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Handshaker.java:164)

at com.sun.net.ssl.internal.ssl.ServerHandshaker.chooseCipherSuite(ServerHandshake r.java:639)

at com.sun.net.ssl.internal.ssl.ServerHandshaker.clientHello(ServerHandshaker.java :450)

at com.sun.net.ssl.internal.ssl.ServerHandshaker.processMessage(ServerHandshaker.j ava:178)

at com.sun.net.ssl.internal.ssl.Handshaker.processLoop(Handshaker.java:495)

at com.sun.net.ssl.internal.ssl.Handshaker$1.run(Handshaker.java:437)

at java.security.AccessController.doPrivileged(Native Method)

at com.sun.net.ssl.internal.ssl.Handshaker$DelegatedTask.run(Handshaker.java:932)

at org.jivesoftware.wildfire.net.TLSStreamHandler.doTasks(TLSStreamHandler.java:40 7)

at org.jivesoftware.wildfire.net.TLSStreamHandler.doHandshake(TLSStreamHandler.jav a:317)

… 7 more

I googled for that, and it appears that you need an RSA key for those clients. However, the admin interface defines the public key as “Sun RSA public key, 2048 bits”, so that should be ok. Java’‘s keytool doesn’'t show any problems.

The blog at igniterealtime Says that “I?m happy to announce that Wildfire 3.2 will fully support certificates created by the JSF ICA.”. Does that mean those certs aren’‘t supported yet? That would be very strange, since they don’'t seem to be any special.

btw, apache asked me for the cert’‘s password when launching, while Wildfire never prompts for one. This could be one of the reasons it doesn’‘t work, but I don’'t know what to do about that…

I fixed the problem. The issue was that keytool used its own private key, and there’'s no way to import my own. The page http://www.agentbob.info/agentbob/79.html explains how to get it to work anyways.