Sorry for talking to myself so much. I have solved the problem! Once I realised that I had never supplied the private key to keytool when I imported the certificate, I started googling along those lines.
I found this link from 2008 which provided the solution http://cunning.sharp.fm/2008/06/importing_private_keys_into_a.html Basically you use OpenSSL to create a PKCS12 file from the cert and key, and then keytool to import that (as an existing keystore, not as a certificate) >From there, everything else just worked (including client authentication through the browser). Now I have the "Insufficient permissions" problem, which there is loads of documentation as to how to move forwards. Thanks! Phil On Sat, May 5, 2018 at 8:27 AM, Phil H <gippyp...@gmail.com> wrote: > Further info > > In the httpd installation, I need the private key for the certificate and > it's paraphrase. That private key has not played a part of the NiFi install > thus far (seems like an important thing - the "keystore" only has a > certificate, not a key) > > The reason why I used PKCS12 for the keystore was some Jetty debug output > telling me that was preferred to JKS. Interestingly it gave me contrary > advice for the trust store. > > On Sat, 5 May 2018 at 08:22, Phil H <gippyp...@gmail.com> wrote: > >> Hi Andy, >> >> Sorry - poor use of words (it was late when I wrote the email). When I >> said "client" certificate I meant the certificate for the NiFi server (no >> idea why I wrote "client") >> >> I'm not trying to use certificate authentication yet - simply to get NiFi >> operating over TLS. >> >> When I test with OpenSSL, I get the same Nifi server log output as seen >> with a connection attempt from a browser. >> >> On the Cipher issue, when I use OpenSSL to connect using said certificate >> using httpd, it lists the successful cipher as one of those ignored by >> Jetty, albeit with less underscores in the onscreen output: >> TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384 >> >> All machines involved are CentOS 7 - the only add-ons being Java 1.8 >> (current release) and NiFi 1.6.0 (also current release) >> >> On Sat, 5 May 2018 at 01:26, Andy LoPresto <alopre...@apache.org> wrote: >> >>> Hi Phil, >>> >>> Sorry to hear you are having this problem. I have a couple steps you can >>> try to resolve this. >>> >>> First, to clarify the terminology for NiFi, a “client certificate” >>> refers to a public certificate and private key which in combination allow a >>> client to uniquely identify itself and authenticate on a mutual >>> authentication TLS connection. In NiFi terminology, the client certificate >>> identifies a user or service which connects to NiFi. The “server >>> certificate” identifies the NiFi service, and the CA is what signs one (or >>> both) of those certificates. >>> >>> The “no cipher suites in common” error can occur when there are >>> legitimately no cipher suites that both the client and server support. This >>> can be verified by using the OpenSSL s_client tool to make a connection >>> from the client to the server. I’ve pasted a sample invocation below. >>> >>> $ openssl s_client -connect <host:port> -debug -state -cert >>> <path_to_your_cert.pem> -key <path_to_your_key.pem> -CAfile >>> <path_to_your_CA_cert.pem> >>> >>> However, that error can also appear when the keystore does not contain a >>> valid private key to be used. I suspect the keystore you generated for NiFi >>> does not have the private key. You can verify this by examining the >>> nifi1.crt file you imported. If you run `$ more nifi1.crt`, you should see >>> a line “-----BEGIN PRIVATE KEY-----“ and then some Base64-encoded output. >>> If you do not see this, you have only the public certificate in the file. >>> Importing that into a keystore means that NiFi (or any other service using >>> that keystore) will not be able to sign or decrypt any information >>> encrypted with the public key, so it won’t be able to support any cipher >>> suites that rely on RSA encryption or signatures. >>> >>> The nifi1.crt you imported into the keystore may also not have the >>> complete certificate chain encoded, in which case when the server presents >>> that certificate on an incoming connection, the client (command-line or >>> browser) won’t be able to verify and trust it. You’ll get a different >>> error, but it is something to be aware of. >>> >>> Is there a reason you chose to use a PKCS12 keystore in this scenario? >>> Usually we recommend using JKS for both the keystore and the truststore. >>> >>> I hope this helps. If none of this resolves your issues, please let us >>> know and we can continue to help. >>> >>> Andy LoPresto >>> alopre...@apache.org >>> *alopresto.apa...@gmail.com <alopresto.apa...@gmail.com>* >>> PGP Fingerprint: 70EC B3E5 98A6 5A3F D3C4 BACE 3C6E F65B 2F7D EF69 >>> >>> On May 4, 2018, at 4:03 AM, Phil H <gippyp...@gmail.com> wrote: >>> >>> Hi all, >>> >>> I am trying to secure my NiFi installation. I have a client certificate >>> (nifi1.crt) and the CA for the intranet (ca.crt). I created the trust >>> and >>> keystores as below: >>> >>> keytool -import -trustcacerts -alias nifi1 -file nifi1.crt -keystore >>> server_keystore.p12 -storetype PKCS12 >>> >>> keytool -import -file ca.crt -alias cacert -keystore truststore.jks >>> >>> And the relevant nifi.properties are set as follows >>> >>> nifi.security.keystore=./conf/server_keystore.p12 >>> nifi.security.keystoreType=PKCS12 >>> nifi.security.keystorePasswd=<Password> >>> nifi.security.keyPasswd=<Password> >>> nifi.security.truststore=./conf/truststore.jks >>> nifi.security.truststoreType=JKS >>> nifi.security.truststorePasswd=<Password> >>> >>> When I try and access the site via https, I receive the above error in >>> Firefox, and the following in the nifi-bootstrap.log (I have enabled >>> additional debugging). >>> >>> Using both of these certificates inside Apache httpd works on the client >>> as >>> expected, so the certificates are fine. I have seen some references to >>> bugs/features in Jetty under Java 1.8 related to older TLS versions, but >>> I'm at a loss to explain this! Help!! >>> >>> Thanks, >>> Phil >>> >>> 2018-05-04 20:57:17,406 INFO [NiFi logging handler] >>> org.apache.nifi.StdOut >>> Using SSLEngineImpl. >>> 2018-05-04 20:57:17,407 INFO [NiFi logging handler] >>> org.apache.nifi.StdOut >>> Allow unsafe renegotiation: false >>> 2018-05-04 20:57:17,407 INFO [NiFi logging handler] >>> org.apache.nifi.StdOut >>> Allow legacy hello messages: true >>> 2018-05-04 20:57:17,407 INFO [NiFi logging handler] >>> org.apache.nifi.StdOut >>> Is initial handshake: true >>> 2018-05-04 20:57:17,407 INFO [NiFi logging handler] >>> org.apache.nifi.StdOut >>> Is secure renegotiation: false >>> 2018-05-04 20:57:17,407 INFO [NiFi logging handler] >>> org.apache.nifi.StdOut >>> Ignoring unsupported cipher suite: TLS_ECDHE_ECDSA_WITH_AES_256_ >>> CBC_SHA384 >>> for TLSv1 >>> 2018-05-04 20:57:17,407 INFO [NiFi logging handler] >>> org.apache.nifi.StdOut >>> Ignoring unsupported cipher suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 >>> for TLSv1 >>> 2018-05-04 20:57:17,407 INFO [NiFi logging handler] >>> org.apache.nifi.StdOut >>> Ignoring unsupported cipher suite: TLS_RSA_WITH_AES_256_CBC_SHA256 for >>> TLSv1 >>> 2018-05-04 20:57:17,407 INFO [NiFi logging handler] >>> org.apache.nifi.StdOut >>> Ignoring unsupported cipher suite: TLS_ECDH_ECDSA_WITH_AES_256_ >>> CBC_SHA384 >>> for TLSv1 >>> 2018-05-04 20:57:17,407 INFO [NiFi logging handler] >>> org.apache.nifi.StdOut >>> Ignoring unsupported cipher suite: TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384 >>> for >>> TLSv1 >>> 2018-05-04 20:57:17,407 INFO [NiFi logging handler] >>> org.apache.nifi.StdOut >>> Ignoring unsupported cipher suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 >>> for >>> TLSv1 >>> 2018-05-04 20:57:17,407 INFO [NiFi logging handler] >>> org.apache.nifi.StdOut >>> Ignoring unsupported cipher suite: TLS_DHE_DSS_WITH_AES_256_CBC_SHA256 >>> for >>> TLSv1 >>> 2018-05-04 20:57:17,407 INFO [NiFi logging handler] >>> org.apache.nifi.StdOut >>> Ignoring unsupported cipher suite: TLS_ECDHE_ECDSA_WITH_AES_128_ >>> CBC_SHA256 >>> for TLSv1 >>> 2018-05-04 20:57:17,407 INFO [NiFi logging handler] >>> org.apache.nifi.StdOut >>> Ignoring unsupported cipher suite: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 >>> for TLSv1 >>> 2018-05-04 20:57:17,407 INFO [NiFi logging handler] >>> org.apache.nifi.StdOut >>> Ignoring unsupported cipher suite: TLS_RSA_WITH_AES_128_CBC_SHA256 for >>> TLSv1 >>> 2018-05-04 20:57:17,407 INFO [NiFi logging handler] >>> org.apache.nifi.StdOut >>> Ignoring unsupported cipher suite: TLS_ECDH_ECDSA_WITH_AES_128_ >>> CBC_SHA256 >>> for TLSv1 >>> 2018-05-04 20:57:17,407 INFO [NiFi logging handler] >>> org.apache.nifi.StdOut >>> Ignoring unsupported cipher suite: TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256 >>> for >>> TLSv1 >>> 2018-05-04 20:57:17,407 INFO [NiFi logging handler] >>> org.apache.nifi.StdOut >>> Ignoring unsupported cipher suite: TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 >>> for >>> TLSv1 >>> 2018-05-04 20:57:17,407 INFO [NiFi logging handler] >>> org.apache.nifi.StdOut >>> Ignoring unsupported cipher suite: TLS_DHE_DSS_WITH_AES_128_CBC_SHA256 >>> for >>> TLSv1 >>> 2018-05-04 20:57:17,407 INFO [NiFi logging handler] >>> org.apache.nifi.StdOut >>> Ignoring unsupported cipher suite: TLS_ECDHE_ECDSA_WITH_AES_256_ >>> GCM_SHA384 >>> for TLSv1 >>> 2018-05-04 20:57:17,407 INFO [NiFi logging handler] >>> org.apache.nifi.StdOut >>> Ignoring unsupported cipher suite: TLS_ECDHE_ECDSA_WITH_AES_128_ >>> GCM_SHA256 >>> for TLSv1 >>> 2018-05-04 20:57:17,407 INFO [NiFi logging handler] >>> org.apache.nifi.StdOut >>> Ignoring unsupported cipher suite: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 >>> for TLSv1 >>> 2018-05-04 20:57:17,407 INFO [NiFi logging handler] >>> org.apache.nifi.StdOut >>> Ignoring unsupported cipher suite: TLS_RSA_WITH_AES_256_GCM_SHA384 for >>> TLSv1 >>> 2018-05-04 20:57:17,407 INFO [NiFi logging handler] >>> org.apache.nifi.StdOut >>> Ignoring unsupported cipher suite: TLS_ECDH_ECDSA_WITH_AES_256_ >>> GCM_SHA384 >>> for TLSv1 >>> 2018-05-04 20:57:17,407 INFO [NiFi logging handler] >>> org.apache.nifi.StdOut >>> Ignoring unsupported cipher suite: TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384 >>> for >>> TLSv1 >>> 2018-05-04 20:57:17,407 INFO [NiFi logging handler] >>> org.apache.nifi.StdOut >>> Ignoring unsupported cipher suite: TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 >>> for >>> TLSv1 >>> 2018-05-04 20:57:17,407 INFO [NiFi logging handler] >>> org.apache.nifi.StdOut >>> Ignoring unsupported cipher suite: TLS_DHE_DSS_WITH_AES_256_GCM_SHA384 >>> for >>> TLSv1 >>> 2018-05-04 20:57:17,407 INFO [NiFi logging handler] >>> org.apache.nifi.StdOut >>> Ignoring unsupported cipher suite: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 >>> for TLSv1 >>> 2018-05-04 20:57:17,407 INFO [NiFi logging handler] >>> org.apache.nifi.StdOut >>> Ignoring unsupported cipher suite: TLS_RSA_WITH_AES_128_GCM_SHA256 for >>> TLSv1 >>> 2018-05-04 20:57:17,407 INFO [NiFi logging handler] >>> org.apache.nifi.StdOut >>> Ignoring unsupported cipher suite: TLS_ECDH_ECDSA_WITH_AES_128_ >>> GCM_SHA256 >>> for TLSv1 >>> 2018-05-04 20:57:17,407 INFO [NiFi logging handler] >>> org.apache.nifi.StdOut >>> Ignoring unsupported cipher suite: TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256 >>> for >>> TLSv1 >>> 2018-05-04 20:57:17,407 INFO [NiFi logging handler] >>> org.apache.nifi.StdOut >>> Ignoring unsupported cipher suite: TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 >>> for >>> TLSv1 >>> 2018-05-04 20:57:17,407 INFO [NiFi logging handler] >>> org.apache.nifi.StdOut >>> Ignoring unsupported cipher suite: TLS_DHE_DSS_WITH_AES_128_GCM_SHA256 >>> for >>> TLSv1 >>> 2018-05-04 20:57:17,407 INFO [NiFi logging handler] >>> org.apache.nifi.StdOut >>> Ignoring unsupported cipher suite: TLS_ECDHE_ECDSA_WITH_AES_256_ >>> CBC_SHA384 >>> for TLSv1.1 >>> 2018-05-04 20:57:17,408 INFO [NiFi logging handler] >>> org.apache.nifi.StdOut >>> Ignoring unsupported cipher suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 >>> for TLSv1.1 >>> 2018-05-04 20:57:17,408 INFO [NiFi logging handler] >>> org.apache.nifi.StdOut >>> Ignoring unsupported cipher suite: TLS_RSA_WITH_AES_256_CBC_SHA256 for >>> TLSv1.1 >>> 2018-05-04 20:57:17,408 INFO [NiFi logging handler] >>> org.apache.nifi.StdOut >>> Ignoring unsupported cipher suite: TLS_ECDH_ECDSA_WITH_AES_256_ >>> CBC_SHA384 >>> for TLSv1.1 >>> 2018-05-04 20:57:17,408 INFO [NiFi logging handler] >>> org.apache.nifi.StdOut >>> Ignoring unsupported cipher suite: TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384 >>> for >>> TLSv1.1 >>> 2018-05-04 20:57:17,408 INFO [NiFi logging handler] >>> org.apache.nifi.StdOut >>> Ignoring unsupported cipher suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 >>> for >>> TLSv1.1 >>> 2018-05-04 20:57:17,408 INFO [NiFi logging handler] >>> org.apache.nifi.StdOut >>> Ignoring unsupported cipher suite: TLS_DHE_DSS_WITH_AES_256_CBC_SHA256 >>> for >>> TLSv1.1 >>> 2018-05-04 20:57:17,408 INFO [NiFi logging handler] >>> org.apache.nifi.StdOut >>> Ignoring unsupported cipher suite: TLS_ECDHE_ECDSA_WITH_AES_128_ >>> CBC_SHA256 >>> for TLSv1.1 >>> 2018-05-04 20:57:17,408 INFO [NiFi logging handler] >>> org.apache.nifi.StdOut >>> Ignoring unsupported cipher suite: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 >>> for TLSv1.1 >>> 2018-05-04 20:57:17,408 INFO [NiFi logging handler] >>> org.apache.nifi.StdOut >>> Ignoring unsupported cipher suite: TLS_RSA_WITH_AES_128_CBC_SHA256 for >>> TLSv1.1 >>> 2018-05-04 20:57:17,408 INFO [NiFi logging handler] >>> org.apache.nifi.StdOut >>> Ignoring unsupported cipher suite: TLS_ECDH_ECDSA_WITH_AES_128_ >>> CBC_SHA256 >>> for TLSv1.1 >>> 2018-05-04 20:57:17,408 INFO [NiFi logging handler] >>> org.apache.nifi.StdOut >>> Ignoring unsupported cipher suite: TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256 >>> for >>> TLSv1.1 >>> 2018-05-04 20:57:17,408 INFO [NiFi logging handler] >>> org.apache.nifi.StdOut >>> Ignoring unsupported cipher suite: TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 >>> for >>> TLSv1.1 >>> 2018-05-04 20:57:17,408 INFO [NiFi logging handler] >>> org.apache.nifi.StdOut >>> Ignoring unsupported cipher suite: TLS_DHE_DSS_WITH_AES_128_CBC_SHA256 >>> for >>> TLSv1.1 >>> 2018-05-04 20:57:17,408 INFO [NiFi logging handler] >>> org.apache.nifi.StdOut >>> Ignoring unsupported cipher suite: TLS_ECDHE_ECDSA_WITH_AES_256_ >>> GCM_SHA384 >>> for TLSv1.1 >>> 2018-05-04 20:57:17,408 INFO [NiFi logging handler] >>> org.apache.nifi.StdOut >>> Ignoring unsupported cipher suite: TLS_ECDHE_ECDSA_WITH_AES_128_ >>> GCM_SHA256 >>> for TLSv1.1 >>> 2018-05-04 20:57:17,408 INFO [NiFi logging handler] >>> org.apache.nifi.StdOut >>> Ignoring unsupported cipher suite: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 >>> for TLSv1.1 >>> 2018-05-04 20:57:17,408 INFO [NiFi logging handler] >>> org.apache.nifi.StdOut >>> Ignoring unsupported cipher suite: TLS_RSA_WITH_AES_256_GCM_SHA384 for >>> TLSv1.1 >>> 2018-05-04 20:57:17,408 INFO [NiFi logging handler] >>> org.apache.nifi.StdOut >>> Ignoring unsupported cipher suite: TLS_ECDH_ECDSA_WITH_AES_256_ >>> GCM_SHA384 >>> for TLSv1.1 >>> 2018-05-04 20:57:17,408 INFO [NiFi logging handler] >>> org.apache.nifi.StdOut >>> Ignoring unsupported cipher suite: TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384 >>> for >>> TLSv1.1 >>> 2018-05-04 20:57:17,408 INFO [NiFi logging handler] >>> org.apache.nifi.StdOut >>> Ignoring unsupported cipher suite: TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 >>> for >>> TLSv1.1 >>> 2018-05-04 20:57:17,408 INFO [NiFi logging handler] >>> org.apache.nifi.StdOut >>> Ignoring unsupported cipher suite: TLS_DHE_DSS_WITH_AES_256_GCM_SHA384 >>> for >>> TLSv1.1 >>> 2018-05-04 20:57:17,408 INFO [NiFi logging handler] >>> org.apache.nifi.StdOut >>> Ignoring unsupported cipher suite: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 >>> for TLSv1.1 >>> 2018-05-04 20:57:17,408 INFO [NiFi logging handler] >>> org.apache.nifi.StdOut >>> Ignoring unsupported cipher suite: TLS_RSA_WITH_AES_128_GCM_SHA256 for >>> TLSv1.1 >>> 2018-05-04 20:57:17,408 INFO [NiFi logging handler] >>> org.apache.nifi.StdOut >>> Ignoring unsupported cipher suite: TLS_ECDH_ECDSA_WITH_AES_128_ >>> GCM_SHA256 >>> for TLSv1.1 >>> 2018-05-04 20:57:17,408 INFO [NiFi logging handler] >>> org.apache.nifi.StdOut >>> Ignoring unsupported cipher suite: TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256 >>> for >>> TLSv1.1 >>> 2018-05-04 20:57:17,408 INFO [NiFi logging handler] >>> org.apache.nifi.StdOut >>> Ignoring unsupported cipher suite: TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 >>> for >>> TLSv1.1 >>> 2018-05-04 20:57:17,408 INFO [NiFi logging handler] >>> org.apache.nifi.StdOut >>> Ignoring unsupported cipher suite: TLS_DHE_DSS_WITH_AES_128_GCM_SHA256 >>> for >>> TLSv1.1 >>> 2018-05-04 20:57:17,408 INFO [NiFi logging handler] >>> org.apache.nifi.StdOut >>> NiFi Web Server-20, READ: TLSv1 Handshake, length = 171 >>> 2018-05-04 20:57:17,408 INFO [NiFi logging handler] >>> org.apache.nifi.StdOut >>> *** ClientHello, TLSv1.2 >>> 2018-05-04 20:57:17,408 INFO [NiFi logging handler] >>> org.apache.nifi.StdOut >>> RandomCookie: GMT: 1840697519 bytes = { 105, 139, 207, 1, 25, 185, 102, >>> 192, 232, 71, 128, 61, 66, 104, 220, 248, 126, 53, 133, 115, 216, 129, >>> 238, >>> 15, 202, 164, 110, 9 } >>> 2018-05-04 20:57:17,408 INFO [NiFi logging handler] >>> org.apache.nifi.StdOut >>> Session ID: {} >>> 2018-05-04 20:57:17,408 INFO [NiFi logging handler] >>> org.apache.nifi.StdOut >>> Cipher Suites: [TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, >>> TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, >>> TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, Unknown 0xcc:0xa9, >>> TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, >>> TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384, TLS_ECDHE_RSA_WITH_AES_256_ >>> CBC_SHA, >>> TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, Unknown 0xcc:0xa8, >>> TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_RSA_WITH_AES_256_CBC_SHA, >>> TLS_DHE_RSA_WITH_AES_128_CBC_SHA, TLS_RSA_WITH_AES_256_CBC_SHA, >>> TLS_RSA_WITH_AES_128_CBC_SHA, SSL_RSA_WITH_3DES_EDE_CBC_SHA] >>> 2018-05-04 20:57:17,408 INFO [NiFi logging handler] >>> org.apache.nifi.StdOut >>> Compression Methods: { 0 } >>> 2018-05-04 20:57:17,408 INFO [NiFi logging handler] >>> org.apache.nifi.StdOut >>> Extension server_name, server_name: [type=host_name (0), value=nifi1] >>> 2018-05-04 20:57:17,408 INFO [NiFi logging handler] >>> org.apache.nifi.StdOut >>> Extension extended_master_secret >>> 2018-05-04 20:57:17,408 INFO [NiFi logging handler] >>> org.apache.nifi.StdOut >>> Extension renegotiation_info, renegotiated_connection: <empty> >>> 2018-05-04 20:57:17,408 INFO [NiFi logging handler] >>> org.apache.nifi.StdOut >>> Extension elliptic_curves, curve names: {unknown curve 29, secp256r1, >>> secp384r1, secp521r1} >>> 2018-05-04 20:57:17,408 INFO [NiFi logging handler] >>> org.apache.nifi.StdOut >>> Extension ec_point_formats, formats: [uncompressed] >>> 2018-05-04 20:57:17,408 INFO [NiFi logging handler] >>> org.apache.nifi.StdOut >>> Unsupported extension type_35, data: >>> 2018-05-04 20:57:17,408 INFO [NiFi logging handler] >>> org.apache.nifi.StdOut >>> Unsupported extension type_16, data: >>> 00:0c:02:68:32:08:68:74:74:70:2f:31:2e:31 >>> 2018-05-04 20:57:17,408 INFO [NiFi logging handler] >>> org.apache.nifi.StdOut >>> Unsupported extension status_request, data: 01:00:00:00:00 >>> 2018-05-04 20:57:17,408 INFO [NiFi logging handler] >>> org.apache.nifi.StdOut >>> Extension signature_algorithms, signature_algorithms: SHA256withECDSA, >>> SHA384withECDSA, SHA512withECDSA, SHA256withRSA, SHA384withRSA, >>> SHA512withRSA, SHA1withECDSA, SHA1withRSA >>> 2018-05-04 20:57:17,408 INFO [NiFi logging handler] >>> org.apache.nifi.StdOut >>> *** >>> 2018-05-04 20:57:17,408 INFO [NiFi logging handler] >>> org.apache.nifi.StdOut >>> %% Initialized: [Session-4, SSL_NULL_WITH_NULL_NULL] >>> 2018-05-04 20:57:17,408 INFO [NiFi logging handler] >>> org.apache.nifi.StdOut >>> NiFi Web Server-20, fatal error: 40: no cipher suites in common >>> 2018-05-04 20:57:17,408 INFO [NiFi logging handler] >>> org.apache.nifi.StdOut >>> javax.net.ssl.SSLHandshakeException: no cipher suites in common >>> 2018-05-04 20:57:17,408 INFO [NiFi logging handler] >>> org.apache.nifi.StdOut >>> %% Invalidated: [Session-4, SSL_NULL_WITH_NULL_NULL] >>> 2018-05-04 20:57:17,408 INFO [NiFi logging handler] >>> org.apache.nifi.StdOut >>> NiFi Web Server-20, SEND TLSv1.2 ALERT: fatal, description = >>> handshake_failure >>> 2018-05-04 20:57:17,408 INFO [NiFi logging handler] >>> org.apache.nifi.StdOut >>> NiFi Web Server-20, WRITE: TLSv1.2 Alert, length = 2 >>> 2018-05-04 20:57:17,408 INFO [NiFi logging handler] >>> org.apache.nifi.StdOut >>> NiFi Web Server-20, fatal: engine already closed. Rethrowing >>> javax.net.ssl.SSLHandshakeException: no cipher suites in common >>> 2018-05-04 20:57:17,408 INFO [NiFi logging handler] >>> org.apache.nifi.StdOut >>> NiFi Web Server-20, called closeOutbound() >>> 2018-05-04 20:57:17,408 INFO [NiFi logging handler] >>> org.apache.nifi.StdOut >>> NiFi Web Server-20, closeOutboundInternal() >>> >>> >>>