What did I break? - error.log attached

I upgraded from 2.5.0 to 2.6.2 and since then no clients can sign in, not a problem since out of 150 only about 3 use the system so far.

10.3.68.182 is my ip address - I can see a TLS problem, however I dont know where to start to fix this.

Any help / pointers would be much appreciated

Thanks

Graeme

2006.06.16 09:39:12 [org.jivesoftware.wildfire.net.SocketReader.negotiateTLS(SocketReader.java:682)

] Error while negotiating TLS

javax.net.ssl.SSLHandshakeException: no cipher suites in common

at com.sun.net.ssl.internal.ssl.Handshaker.checkThrown(Unknown Source)

at com.sun.net.ssl.internal.ssl.SSLEngineImpl.checkTaskThrown(Unknown Source)

at com.sun.net.ssl.internal.ssl.SSLEngineImpl.writeAppRecord(Unknown Source)

at com.sun.net.ssl.internal.ssl.SSLEngineImpl.wrap(Unknown Source)

at javax.net.ssl.SSLEngine.wrap(Unknown Source)

at org.jivesoftware.wildfire.net.TLSStreamHandler.doHandshake(TLSStreamHandler.jav a:320)

at org.jivesoftware.wildfire.net.TLSStreamHandler.(TLSStreamHandler.java:206)

at org.jivesoftware.wildfire.net.SocketConnection.startTLS(SocketConnection.java:1 52)

at org.jivesoftware.wildfire.net.SocketReader.negotiateTLS(SocketReader.java:679)

at org.jivesoftware.wildfire.net.SocketReader.readStream(SocketReader.java:268)

at org.jivesoftware.wildfire.net.SocketReader.run(SocketReader.java:119)

at java.lang.Thread.run(Unknown Source)

Caused by: javax.net.ssl.SSLHandshakeException: no cipher suites in common

at com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Unknown Source)

at com.sun.net.ssl.internal.ssl.SSLEngineImpl.fatal(Unknown Source)

at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Unknown Source)

at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Unknown Source)

at com.sun.net.ssl.internal.ssl.ServerHandshaker.chooseCipherSuite(Unknown Source)

at com.sun.net.ssl.internal.ssl.ServerHandshaker.clientHello(Unknown Source)

at com.sun.net.ssl.internal.ssl.ServerHandshaker.processMessage(Unknown Source)

at com.sun.net.ssl.internal.ssl.Handshaker.processLoop(Unknown Source)

at com.sun.net.ssl.internal.ssl.Handshaker$1.run(Unknown Source)

at java.security.AccessController.doPrivileged(Native Method)

at com.sun.net.ssl.internal.ssl.Handshaker$DelegatedTask.run(Unknown Source)

at org.jivesoftware.wildfire.net.TLSStreamHandler.doTasks(TLSStreamHandler.java:37 1)

at org.jivesoftware.wildfire.net.TLSStreamHandler.doHandshake(TLSStreamHandler.jav a:281)

… 6 more

2006.06.16 09:39:12 [org.jivesoftware.wildfire.net.SocketReader.run(SocketReader.java:161)

] Connection closed before session established

Socket[addr=/10.3.68.182,port=1388,localport=5222]

Hey Graeme,

Which clients are you using when that error was generated? Which certificates types do you have in your keystore? Make sure you have DSA and RSA certificates. This error usually happens when you only have one type of certificate.

Regards,

– Gato

Hi, I suffer from same trouble. My client is gaim2.0b3. How do I generate RSA version as well?

$ keytool -genkey -keyalg rsa -keystore keystore -alias telecom.dhl.com

keytool error: java.lang.Exception: Key pair not generated, alias <telecom.dhl.com> already exists

This is fixed for me now, I have two aliases (name seems doesn’'t matter), one with RSA and one with DSA. Now Gaim can connect fine. Miranda seems to not support TLS and when connecting via SSL it complains about authority, but this is due to missing CA in Miranda. Uff, can your SSL GUIDE be updated so users are aware of this DSA/RSA trap? I am also unaware if both two certificates have to be signed.