Wildfire 3 SSL/TLS and Windows clients

I setup wildfire 3 with SSL and it works like a charm if I use a client from Linux (Gaim beta3 from Linux).

Doing the exact same thing from a Windows box yields the following error in the log file: (Gaim beta3 for Windows):

2006.07.27 16:58:11 org.jivesoftware.wildfire.net.SocketReadingMode.negotiateTLS(SocketReadingMode.j ava:75) Error while negotiating TLS

javax.net.ssl.SSLHandshakeException: no cipher suites in common

at com.sun.net.ssl.internal.ssl.Handshaker.checkThrown(Unknown Source)

at com.sun.net.ssl.internal.ssl.SSLEngineImpl.checkTaskThrown(Unknown Source)

at com.sun.net.ssl.internal.ssl.SSLEngineImpl.writeAppRecord(Unknown Source)

at com.sun.net.ssl.internal.ssl.SSLEngineImpl.wrap(Unknown Source)

at javax.net.ssl.SSLEngine.wrap(Unknown Source)

at org.jivesoftware.wildfire.net.TLSStreamHandler.doHandshake(TLSStreamHandler.jav a:329)

at org.jivesoftware.wildfire.net.TLSStreamHandler.start(TLSStreamHandler.java:223)

at org.jivesoftware.wildfire.net.SocketConnection.startTLS(SocketConnection.java:1 73)

at org.jivesoftware.wildfire.net.SocketReadingMode.negotiateTLS(SocketReadingMode. java:72)

at org.jivesoftware.wildfire.net.BlockingReadingMode.readStream(BlockingReadingMod e.java:126)

at org.jivesoftware.wildfire.net.BlockingReadingMode.run(BlockingReadingMode.java: 62)

at org.jivesoftware.wildfire.net.SocketReader.run(SocketReader.java:123) at java.lang.Thread.run(Unknown Source)

Caused by: javax.net.ssl.SSLHandshakeException: no cipher suites in common

at com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Unknown Source)

at com.sun.net.ssl.internal.ssl.SSLEngineImpl.fatal(Unknown Source)

at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Unknown Source)

at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Unknown Source)

at com.sun.net.ssl.internal.ssl.ServerHandshaker.chooseCipherSuite(Unknown Source)

at com.sun.net.ssl.internal.ssl.ServerHandshaker.clientHello(Unknown Source)

at com.sun.net.ssl.internal.ssl.ServerHandshaker.processMessage(Unknown Source)

at com.sun.net.ssl.internal.ssl.Handshaker.processLoop(Unknown Source)

at com.sun.net.ssl.internal.ssl.Handshaker$1.run(Unknown Source)

at java.security.AccessController.doPrivileged(Native Method)

at com.sun.net.ssl.internal.ssl.Handshaker$DelegatedTask.run(Unknown Source)

at org.jivesoftware.wildfire.net.TLSStreamHandler.doTasks(TLSStreamHandler.java:38 0)

at org.jivesoftware.wildfire.net.TLSStreamHandler.doHandshake(TLSStreamHandler.jav a:290)

… 7 more

Well, I’'m making it a habit to reply to my own questions, but, after a few hours of research I read a post that suggested usign teh following script to fix the SSL mess:


cd /opt/wildfire/resources/security

  1. This removes default John Doe certs (default keystore password is ‘‘changeit’’)

echo “Deleting default certificates…”

/opt/wildfire/jre/bin/keytool -delete -keystore keystore -alias rsa

/opt/wildfire/jre/bin/keytool -delete -keystore keystore -alias dsa

  1. single RSA cert seems to be enough

echo “Creating new RSA certificate…”

/opt/wildfire/jre/bin/keytool -genkey -keystore keystore -alias wildfire.hostname.tld -validity 720 -keyalg rsa

In my case I had already deleted the “John Doe” certs. So, all i did was removed the certificate I created using the instructions from the SSL Guide (documentation) (http://www.jivesoftware.org/builds/wildfire/docs/latest/documentation/ssl-guide. html) that said to create the cert using:

keytool -genkey -keystore keystore -alias example.com

That was wrong. The correct thing to do is:

keytool -genkey -keystore keystore -alias example.com -validity 720 -keyalg rsa

After doing that I was able to open the ssl-settings page from the web console:


I have not tried to connect from a windows client using TLS/SSL yet, but something tells me that will work…

That worked!

Just to have some closure on this one…

I’'ll have to give that a try…

I just recently tried using the SSL-Guides instructions in making my own key and had similar issues… (the Spark Client couldn’‘t connect, and the security settings page wouldn’'t display in the admin console).


can u please tell how it worked in windows