Wildfire errors related to SSL

Frank_Niedermann · May 12, 2006, 10:47am

Hi,

I’'ve installed my own SSL certificate and removed the preinstalled ones.

After some hours my admin-console.log file was about 30 GB large and filled with those messages:

12:39:51.748 WARN!! [Acceptor [SSL: ServerSocket[addr=0.0.0.0/0.0.0.0,port=0,localport=9091]]] org.mortbay.util.ThreadedServer.acceptSocket(ThreadedServer.java:461) >02> EXCEPTION

javax.net.ssl.SSLException: No available certificate or key corresponds to the SSL cipher suites which are enabled.

at com.sun.net.ssl.internal.ssl.SSLServerSocketImpl.checkEnabledSuites(Unknown Source)

at com.sun.net.ssl.internal.ssl.SSLServerSocketImpl.accept(Unknown Source)

at org.mortbay.util.ThreadedServer.acceptSocket(ThreadedServer.java:432)

at org.mortbay.util.ThreadedServer$Acceptor.run(ThreadedServer.java:634)

/code

I then removed the SSL certificate and disabled all SSL options (c2s and s2s) but the messages still appear in the log.

What’'s this all about?

Regards,

Frank

LG1 · May 12, 2006, 6:16pm

Hi,

this problem is well known, and I wonder why there is no JIRA issue to get this fixed. Maybe “JM-632 SSL settings page should deal with empty/corrupt keystore” will solve also this problem.

I assume that you read the small KB article and Gato’'s document http://www.jivesoftware.org/community/thread.jspa?messageID=98201&#98201 how to do this.

Did you use a java 1.5 keytool or a java 1.4.2 keytool? Using the old one could cause some trouble.

LG

Frank_Niedermann · May 13, 2006, 2:24pm

Hi,

I wasn’‘t using java keytool at all, I was importing my ssl certificate I’'ve created with the openssl tools - that should work too, right?

Will SSL/TLS work with the default installed certificates and will this not create the huge amount of error messages?

The server is unusable with this behavior, 30 GB space required per night … no way!

Frank

Harold_Feit · May 13, 2006, 2:48pm

Importing keys using the wildfire admin panel can cause problems.

See my post at the bottom of http://www.jivesoftware.org/community/message.jspa?messageID=116384#116384 to see how to identify if you’'re having a problem with a bad import.

LG1 · May 13, 2006, 3:23pm

Hi,

I never saw this problem but I think that the log file is only written if you have enabled the debug log. Maybe deactivating it solves the 30GB/day problem.

LG