TLS error, cypher problem from win32 gaim clients

Hello,

I am running a Wildfire Server with required TLS and a self-signed certificate, and Win32 gaim clients (however not on a Slackware/GNU/Linux client) produce error and cannot authenticate.

Provided below are log details…

2006.06.02 11:08:43 [org.jivesoftware.wildfire.net.SocketReader.negotiateTLS(SocketReader.java:682)

] Error while negotiating TLS

javax.net.ssl.SSLHandshakeException: no cipher suites in common

at com.sun.net.ssl.internal.ssl.Handshaker.checkThrown(Unknown Source)

at com.sun.net.ssl.internal.ssl.SSLEngineImpl.checkTaskThrown(Unknown Source)

at com.sun.net.ssl.internal.ssl.SSLEngineImpl.writeAppRecord(Unknown Source)

at com.sun.net.ssl.internal.ssl.SSLEngineImpl.wrap(Unknown Source)

at javax.net.ssl.SSLEngine.wrap(Unknown Source)

at org.jivesoftware.wildfire.net.TLSStreamHandler.doHandshake(TLSStreamHandler.jav a:320)

at org.jivesoftware.wildfire.net.TLSStreamHandler.(TLSStreamHandler.java:206)

at org.jivesoftware.wildfire.net.SocketConnection.startTLS(SocketConnection.java:1 52)

at org.jivesoftware.wildfire.net.SocketReader.negotiateTLS(SocketReader.java:679)

at org.jivesoftware.wildfire.net.SocketReader.readStream(SocketReader.java:268)

at org.jivesoftware.wildfire.net.SocketReader.run(SocketReader.java:119)

at java.lang.Thread.run(Unknown Source)

Caused by: javax.net.ssl.SSLHandshakeException: no cipher suites in common[/b]

I hope someone knows a solution.

John

Just as a side note, I was running with Required Security on client connections with the default certificates in the keystore. These worked fine, however when I made my own certificate and deleted the old ones, etc, it stopped working.

It only stopped working from WinGaim clients.

I thought this might be related to the fact that the new certificate I made may only be RSA, and it might need a DSA certificate as well.

How would I create the DSA certicicate with keytool? There was nothing in the documentation on that.

I dont know what SSL engine win32 gaim uses, but I wouldnt doubt if it used some internal windows libs. If thats the case, you may have RSA certificates disabled some place.

In any case, run “keytool -help” to get all the options for using it, the one your are looking for is "-keyalg "