Phil, Thanks for documenting the steps you took to get it working. This will definitely be helpful to anyone who has a similar problem in the future. I suspected it was the missing private key and I forgot to explain that yes, to import a PEM-encoded public key and private key into a JKS keystore, you do have to go through the PKCS12 intermediary.
Andy LoPresto alopre...@apache.org alopresto.apa...@gmail.com PGP Fingerprint: 70EC B3E5 98A6 5A3F D3C4 BACE 3C6E F65B 2F7D EF69 > On May 4, 2018, at 4:36 PM, Phil H <gippyp...@gmail.com> wrote: > > Sorry for talking to myself so much. I have solved the problem! > > Once I realised that I had never supplied the private key to keytool when I > imported the certificate, I started googling along those lines. > > I found this link from 2008 which provided the solution > http://cunning.sharp.fm/2008/06/importing_private_keys_into_a.html > > Basically you use OpenSSL to create a PKCS12 file from the cert and key, > and then keytool to import that (as an existing keystore, not as a > certificate) > > From there, everything else just worked (including client authentication > through the browser). Now I have the "Insufficient permissions" problem, > which there is loads of documentation as to how to move forwards. > > Thanks! > Phil > > On Sat, May 5, 2018 at 8:27 AM, Phil H <gippyp...@gmail.com> wrote: > >> Further info >> >> In the httpd installation, I need the private key for the certificate and >> it's paraphrase. That private key has not played a part of the NiFi install >> thus far (seems like an important thing - the "keystore" only has a >> certificate, not a key) >> >> The reason why I used PKCS12 for the keystore was some Jetty debug output >> telling me that was preferred to JKS. Interestingly it gave me contrary >> advice for the trust store. >> >> On Sat, 5 May 2018 at 08:22, Phil H <gippyp...@gmail.com> wrote: >> >>> Hi Andy, >>> >>> Sorry - poor use of words (it was late when I wrote the email). When I >>> said "client" certificate I meant the certificate for the NiFi server (no >>> idea why I wrote "client") >>> >>> I'm not trying to use certificate authentication yet - simply to get NiFi >>> operating over TLS. >>> >>> When I test with OpenSSL, I get the same Nifi server log output as seen >>> with a connection attempt from a browser. >>> >>> On the Cipher issue, when I use OpenSSL to connect using said certificate >>> using httpd, it lists the successful cipher as one of those ignored by >>> Jetty, albeit with less underscores in the onscreen output: >>> TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384 >>> >>> All machines involved are CentOS 7 - the only add-ons being Java 1.8 >>> (current release) and NiFi 1.6.0 (also current release) >>> >>> On Sat, 5 May 2018 at 01:26, Andy LoPresto <alopre...@apache.org> wrote: >>> >>>> Hi Phil, >>>> >>>> Sorry to hear you are having this problem. I have a couple steps you can >>>> try to resolve this. >>>> >>>> First, to clarify the terminology for NiFi, a “client certificate” >>>> refers to a public certificate and private key which in combination allow a >>>> client to uniquely identify itself and authenticate on a mutual >>>> authentication TLS connection. In NiFi terminology, the client certificate >>>> identifies a user or service which connects to NiFi. The “server >>>> certificate” identifies the NiFi service, and the CA is what signs one (or >>>> both) of those certificates. >>>> >>>> The “no cipher suites in common” error can occur when there are >>>> legitimately no cipher suites that both the client and server support. This >>>> can be verified by using the OpenSSL s_client tool to make a connection >>>> from the client to the server. I’ve pasted a sample invocation below. >>>> >>>> $ openssl s_client -connect <host:port> -debug -state -cert >>>> <path_to_your_cert.pem> -key <path_to_your_key.pem> -CAfile >>>> <path_to_your_CA_cert.pem> >>>> >>>> However, that error can also appear when the keystore does not contain a >>>> valid private key to be used. I suspect the keystore you generated for NiFi >>>> does not have the private key. You can verify this by examining the >>>> nifi1.crt file you imported. If you run `$ more nifi1.crt`, you should see >>>> a line “-----BEGIN PRIVATE KEY-----“ and then some Base64-encoded output. >>>> If you do not see this, you have only the public certificate in the file. >>>> Importing that into a keystore means that NiFi (or any other service using >>>> that keystore) will not be able to sign or decrypt any information >>>> encrypted with the public key, so it won’t be able to support any cipher >>>> suites that rely on RSA encryption or signatures. >>>> >>>> The nifi1.crt you imported into the keystore may also not have the >>>> complete certificate chain encoded, in which case when the server presents >>>> that certificate on an incoming connection, the client (command-line or >>>> browser) won’t be able to verify and trust it. You’ll get a different >>>> error, but it is something to be aware of. >>>> >>>> Is there a reason you chose to use a PKCS12 keystore in this scenario? >>>> Usually we recommend using JKS for both the keystore and the truststore. >>>> >>>> I hope this helps. If none of this resolves your issues, please let us >>>> know and we can continue to help. >>>> >>>> Andy LoPresto >>>> alopre...@apache.org >>>> *alopresto.apa...@gmail.com <alopresto.apa...@gmail.com>* >>>> PGP Fingerprint: 70EC B3E5 98A6 5A3F D3C4 BACE 3C6E F65B 2F7D EF69 >>>> >>>> On May 4, 2018, at 4:03 AM, Phil H <gippyp...@gmail.com> wrote: >>>> >>>> Hi all, >>>> >>>> I am trying to secure my NiFi installation. I have a client certificate >>>> (nifi1.crt) and the CA for the intranet (ca.crt). I created the trust >>>> and >>>> keystores as below: >>>> >>>> keytool -import -trustcacerts -alias nifi1 -file nifi1.crt -keystore >>>> server_keystore.p12 -storetype PKCS12 >>>> >>>> keytool -import -file ca.crt -alias cacert -keystore truststore.jks >>>> >>>> And the relevant nifi.properties are set as follows >>>> >>>> nifi.security.keystore=./conf/server_keystore.p12 >>>> nifi.security.keystoreType=PKCS12 >>>> nifi.security.keystorePasswd=<Password> >>>> nifi.security.keyPasswd=<Password> >>>> nifi.security.truststore=./conf/truststore.jks >>>> nifi.security.truststoreType=JKS >>>> nifi.security.truststorePasswd=<Password> >>>> >>>> When I try and access the site via https, I receive the above error in >>>> Firefox, and the following in the nifi-bootstrap.log (I have enabled >>>> additional debugging). >>>> >>>> Using both of these certificates inside Apache httpd works on the client >>>> as >>>> expected, so the certificates are fine. I have seen some references to >>>> bugs/features in Jetty under Java 1.8 related to older TLS versions, but >>>> I'm at a loss to explain this! Help!! >>>> >>>> Thanks, >>>> Phil >>>> >>>> 2018-05-04 20:57:17,406 INFO [NiFi logging handler] >>>> org.apache.nifi.StdOut >>>> Using SSLEngineImpl. >>>> 2018-05-04 20:57:17,407 INFO [NiFi logging handler] >>>> org.apache.nifi.StdOut >>>> Allow unsafe renegotiation: false >>>> 2018-05-04 20:57:17,407 INFO [NiFi logging handler] >>>> org.apache.nifi.StdOut >>>> Allow legacy hello messages: true >>>> 2018-05-04 20:57:17,407 INFO [NiFi logging handler] >>>> org.apache.nifi.StdOut >>>> Is initial handshake: true >>>> 2018-05-04 20:57:17,407 INFO [NiFi logging handler] >>>> org.apache.nifi.StdOut >>>> Is secure renegotiation: false >>>> 2018-05-04 20:57:17,407 INFO [NiFi logging handler] >>>> org.apache.nifi.StdOut >>>> Ignoring unsupported cipher suite: TLS_ECDHE_ECDSA_WITH_AES_256_ >>>> CBC_SHA384 >>>> for TLSv1 >>>> 2018-05-04 20:57:17,407 INFO [NiFi logging handler] >>>> org.apache.nifi.StdOut >>>> Ignoring unsupported cipher suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 >>>> for TLSv1 >>>> 2018-05-04 20:57:17,407 INFO [NiFi logging handler] >>>> org.apache.nifi.StdOut >>>> Ignoring unsupported cipher suite: TLS_RSA_WITH_AES_256_CBC_SHA256 for >>>> TLSv1 >>>> 2018-05-04 20:57:17,407 INFO [NiFi logging handler] >>>> org.apache.nifi.StdOut >>>> Ignoring unsupported cipher suite: TLS_ECDH_ECDSA_WITH_AES_256_ >>>> CBC_SHA384 >>>> for TLSv1 >>>> 2018-05-04 20:57:17,407 INFO [NiFi logging handler] >>>> org.apache.nifi.StdOut >>>> Ignoring unsupported cipher suite: TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384 >>>> for >>>> TLSv1 >>>> 2018-05-04 20:57:17,407 INFO [NiFi logging handler] >>>> org.apache.nifi.StdOut >>>> Ignoring unsupported cipher suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 >>>> for >>>> TLSv1 >>>> 2018-05-04 20:57:17,407 INFO [NiFi logging handler] >>>> org.apache.nifi.StdOut >>>> Ignoring unsupported cipher suite: TLS_DHE_DSS_WITH_AES_256_CBC_SHA256 >>>> for >>>> TLSv1 >>>> 2018-05-04 20:57:17,407 INFO [NiFi logging handler] >>>> org.apache.nifi.StdOut >>>> Ignoring unsupported cipher suite: TLS_ECDHE_ECDSA_WITH_AES_128_ >>>> CBC_SHA256 >>>> for TLSv1 >>>> 2018-05-04 20:57:17,407 INFO [NiFi logging handler] >>>> org.apache.nifi.StdOut >>>> Ignoring unsupported cipher suite: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 >>>> for TLSv1 >>>> 2018-05-04 20:57:17,407 INFO [NiFi logging handler] >>>> org.apache.nifi.StdOut >>>> Ignoring unsupported cipher suite: TLS_RSA_WITH_AES_128_CBC_SHA256 for >>>> TLSv1 >>>> 2018-05-04 20:57:17,407 INFO [NiFi logging handler] >>>> org.apache.nifi.StdOut >>>> Ignoring unsupported cipher suite: TLS_ECDH_ECDSA_WITH_AES_128_ >>>> CBC_SHA256 >>>> for TLSv1 >>>> 2018-05-04 20:57:17,407 INFO [NiFi logging handler] >>>> org.apache.nifi.StdOut >>>> Ignoring unsupported cipher suite: TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256 >>>> for >>>> TLSv1 >>>> 2018-05-04 20:57:17,407 INFO [NiFi logging handler] >>>> org.apache.nifi.StdOut >>>> Ignoring unsupported cipher suite: TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 >>>> for >>>> TLSv1 >>>> 2018-05-04 20:57:17,407 INFO [NiFi logging handler] >>>> org.apache.nifi.StdOut >>>> Ignoring unsupported cipher suite: TLS_DHE_DSS_WITH_AES_128_CBC_SHA256 >>>> for >>>> TLSv1 >>>> 2018-05-04 20:57:17,407 INFO [NiFi logging handler] >>>> org.apache.nifi.StdOut >>>> Ignoring unsupported cipher suite: TLS_ECDHE_ECDSA_WITH_AES_256_ >>>> GCM_SHA384 >>>> for TLSv1 >>>> 2018-05-04 20:57:17,407 INFO [NiFi logging handler] >>>> org.apache.nifi.StdOut >>>> Ignoring unsupported cipher suite: TLS_ECDHE_ECDSA_WITH_AES_128_ >>>> GCM_SHA256 >>>> for TLSv1 >>>> 2018-05-04 20:57:17,407 INFO [NiFi logging handler] >>>> org.apache.nifi.StdOut >>>> Ignoring unsupported cipher suite: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 >>>> for TLSv1 >>>> 2018-05-04 20:57:17,407 INFO [NiFi logging handler] >>>> org.apache.nifi.StdOut >>>> Ignoring unsupported cipher suite: TLS_RSA_WITH_AES_256_GCM_SHA384 for >>>> TLSv1 >>>> 2018-05-04 20:57:17,407 INFO [NiFi logging handler] >>>> org.apache.nifi.StdOut >>>> Ignoring unsupported cipher suite: TLS_ECDH_ECDSA_WITH_AES_256_ >>>> GCM_SHA384 >>>> for TLSv1 >>>> 2018-05-04 20:57:17,407 INFO [NiFi logging handler] >>>> org.apache.nifi.StdOut >>>> Ignoring unsupported cipher suite: TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384 >>>> for >>>> TLSv1 >>>> 2018-05-04 20:57:17,407 INFO [NiFi logging handler] >>>> org.apache.nifi.StdOut >>>> Ignoring unsupported cipher suite: TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 >>>> for >>>> TLSv1 >>>> 2018-05-04 20:57:17,407 INFO [NiFi logging handler] >>>> org.apache.nifi.StdOut >>>> Ignoring unsupported cipher suite: TLS_DHE_DSS_WITH_AES_256_GCM_SHA384 >>>> for >>>> TLSv1 >>>> 2018-05-04 20:57:17,407 INFO [NiFi logging handler] >>>> org.apache.nifi.StdOut >>>> Ignoring unsupported cipher suite: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 >>>> for TLSv1 >>>> 2018-05-04 20:57:17,407 INFO [NiFi logging handler] >>>> org.apache.nifi.StdOut >>>> Ignoring unsupported cipher suite: TLS_RSA_WITH_AES_128_GCM_SHA256 for >>>> TLSv1 >>>> 2018-05-04 20:57:17,407 INFO [NiFi logging handler] >>>> org.apache.nifi.StdOut >>>> Ignoring unsupported cipher suite: TLS_ECDH_ECDSA_WITH_AES_128_ >>>> GCM_SHA256 >>>> for TLSv1 >>>> 2018-05-04 20:57:17,407 INFO [NiFi logging handler] >>>> org.apache.nifi.StdOut >>>> Ignoring unsupported cipher suite: TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256 >>>> for >>>> TLSv1 >>>> 2018-05-04 20:57:17,407 INFO [NiFi logging handler] >>>> org.apache.nifi.StdOut >>>> Ignoring unsupported cipher suite: TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 >>>> for >>>> TLSv1 >>>> 2018-05-04 20:57:17,407 INFO [NiFi logging handler] >>>> org.apache.nifi.StdOut >>>> Ignoring unsupported cipher suite: TLS_DHE_DSS_WITH_AES_128_GCM_SHA256 >>>> for >>>> TLSv1 >>>> 2018-05-04 20:57:17,407 INFO [NiFi logging handler] >>>> org.apache.nifi.StdOut >>>> Ignoring unsupported cipher suite: TLS_ECDHE_ECDSA_WITH_AES_256_ >>>> CBC_SHA384 >>>> for TLSv1.1 >>>> 2018-05-04 20:57:17,408 INFO [NiFi logging handler] >>>> org.apache.nifi.StdOut >>>> Ignoring unsupported cipher suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 >>>> for TLSv1.1 >>>> 2018-05-04 20:57:17,408 INFO [NiFi logging handler] >>>> org.apache.nifi.StdOut >>>> Ignoring unsupported cipher suite: TLS_RSA_WITH_AES_256_CBC_SHA256 for >>>> TLSv1.1 >>>> 2018-05-04 20:57:17,408 INFO [NiFi logging handler] >>>> org.apache.nifi.StdOut >>>> Ignoring unsupported cipher suite: TLS_ECDH_ECDSA_WITH_AES_256_ >>>> CBC_SHA384 >>>> for TLSv1.1 >>>> 2018-05-04 20:57:17,408 INFO [NiFi logging handler] >>>> org.apache.nifi.StdOut >>>> Ignoring unsupported cipher suite: TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384 >>>> for >>>> TLSv1.1 >>>> 2018-05-04 20:57:17,408 INFO [NiFi logging handler] >>>> org.apache.nifi.StdOut >>>> Ignoring unsupported cipher suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 >>>> for >>>> TLSv1.1 >>>> 2018-05-04 20:57:17,408 INFO [NiFi logging handler] >>>> org.apache.nifi.StdOut >>>> Ignoring unsupported cipher suite: TLS_DHE_DSS_WITH_AES_256_CBC_SHA256 >>>> for >>>> TLSv1.1 >>>> 2018-05-04 20:57:17,408 INFO [NiFi logging handler] >>>> org.apache.nifi.StdOut >>>> Ignoring unsupported cipher suite: TLS_ECDHE_ECDSA_WITH_AES_128_ >>>> CBC_SHA256 >>>> for TLSv1.1 >>>> 2018-05-04 20:57:17,408 INFO [NiFi logging handler] >>>> org.apache.nifi.StdOut >>>> Ignoring unsupported cipher suite: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 >>>> for TLSv1.1 >>>> 2018-05-04 20:57:17,408 INFO [NiFi logging handler] >>>> org.apache.nifi.StdOut >>>> Ignoring unsupported cipher suite: TLS_RSA_WITH_AES_128_CBC_SHA256 for >>>> TLSv1.1 >>>> 2018-05-04 20:57:17,408 INFO [NiFi logging handler] >>>> org.apache.nifi.StdOut >>>> Ignoring unsupported cipher suite: TLS_ECDH_ECDSA_WITH_AES_128_ >>>> CBC_SHA256 >>>> for TLSv1.1 >>>> 2018-05-04 20:57:17,408 INFO [NiFi logging handler] >>>> org.apache.nifi.StdOut >>>> Ignoring unsupported cipher suite: TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256 >>>> for >>>> TLSv1.1 >>>> 2018-05-04 20:57:17,408 INFO [NiFi logging handler] >>>> org.apache.nifi.StdOut >>>> Ignoring unsupported cipher suite: TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 >>>> for >>>> TLSv1.1 >>>> 2018-05-04 20:57:17,408 INFO [NiFi logging handler] >>>> org.apache.nifi.StdOut >>>> Ignoring unsupported cipher suite: TLS_DHE_DSS_WITH_AES_128_CBC_SHA256 >>>> for >>>> TLSv1.1 >>>> 2018-05-04 20:57:17,408 INFO [NiFi logging handler] >>>> org.apache.nifi.StdOut >>>> Ignoring unsupported cipher suite: TLS_ECDHE_ECDSA_WITH_AES_256_ >>>> GCM_SHA384 >>>> for TLSv1.1 >>>> 2018-05-04 20:57:17,408 INFO [NiFi logging handler] >>>> org.apache.nifi.StdOut >>>> Ignoring unsupported cipher suite: TLS_ECDHE_ECDSA_WITH_AES_128_ >>>> GCM_SHA256 >>>> for TLSv1.1 >>>> 2018-05-04 20:57:17,408 INFO [NiFi logging handler] >>>> org.apache.nifi.StdOut >>>> Ignoring unsupported cipher suite: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 >>>> for TLSv1.1 >>>> 2018-05-04 20:57:17,408 INFO [NiFi logging handler] >>>> org.apache.nifi.StdOut >>>> Ignoring unsupported cipher suite: TLS_RSA_WITH_AES_256_GCM_SHA384 for >>>> TLSv1.1 >>>> 2018-05-04 20:57:17,408 INFO [NiFi logging handler] >>>> org.apache.nifi.StdOut >>>> Ignoring unsupported cipher suite: TLS_ECDH_ECDSA_WITH_AES_256_ >>>> GCM_SHA384 >>>> for TLSv1.1 >>>> 2018-05-04 20:57:17,408 INFO [NiFi logging handler] >>>> org.apache.nifi.StdOut >>>> Ignoring unsupported cipher suite: TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384 >>>> for >>>> TLSv1.1 >>>> 2018-05-04 20:57:17,408 INFO [NiFi logging handler] >>>> org.apache.nifi.StdOut >>>> Ignoring unsupported cipher suite: TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 >>>> for >>>> TLSv1.1 >>>> 2018-05-04 20:57:17,408 INFO [NiFi logging handler] >>>> org.apache.nifi.StdOut >>>> Ignoring unsupported cipher suite: TLS_DHE_DSS_WITH_AES_256_GCM_SHA384 >>>> for >>>> TLSv1.1 >>>> 2018-05-04 20:57:17,408 INFO [NiFi logging handler] >>>> org.apache.nifi.StdOut >>>> Ignoring unsupported cipher suite: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 >>>> for TLSv1.1 >>>> 2018-05-04 20:57:17,408 INFO [NiFi logging handler] >>>> org.apache.nifi.StdOut >>>> Ignoring unsupported cipher suite: TLS_RSA_WITH_AES_128_GCM_SHA256 for >>>> TLSv1.1 >>>> 2018-05-04 20:57:17,408 INFO [NiFi logging handler] >>>> org.apache.nifi.StdOut >>>> Ignoring unsupported cipher suite: TLS_ECDH_ECDSA_WITH_AES_128_ >>>> GCM_SHA256 >>>> for TLSv1.1 >>>> 2018-05-04 20:57:17,408 INFO [NiFi logging handler] >>>> org.apache.nifi.StdOut >>>> Ignoring unsupported cipher suite: TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256 >>>> for >>>> TLSv1.1 >>>> 2018-05-04 20:57:17,408 INFO [NiFi logging handler] >>>> org.apache.nifi.StdOut >>>> Ignoring unsupported cipher suite: TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 >>>> for >>>> TLSv1.1 >>>> 2018-05-04 20:57:17,408 INFO [NiFi logging handler] >>>> org.apache.nifi.StdOut >>>> Ignoring unsupported cipher suite: TLS_DHE_DSS_WITH_AES_128_GCM_SHA256 >>>> for >>>> TLSv1.1 >>>> 2018-05-04 20:57:17,408 INFO [NiFi logging handler] >>>> org.apache.nifi.StdOut >>>> NiFi Web Server-20, READ: TLSv1 Handshake, length = 171 >>>> 2018-05-04 20:57:17,408 INFO [NiFi logging handler] >>>> org.apache.nifi.StdOut >>>> *** ClientHello, TLSv1.2 >>>> 2018-05-04 20:57:17,408 INFO [NiFi logging handler] >>>> org.apache.nifi.StdOut >>>> RandomCookie: GMT: 1840697519 bytes = { 105, 139, 207, 1, 25, 185, 102, >>>> 192, 232, 71, 128, 61, 66, 104, 220, 248, 126, 53, 133, 115, 216, 129, >>>> 238, >>>> 15, 202, 164, 110, 9 } >>>> 2018-05-04 20:57:17,408 INFO [NiFi logging handler] >>>> org.apache.nifi.StdOut >>>> Session ID: {} >>>> 2018-05-04 20:57:17,408 INFO [NiFi logging handler] >>>> org.apache.nifi.StdOut >>>> Cipher Suites: [TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, >>>> TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, >>>> TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, Unknown 0xcc:0xa9, >>>> TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, >>>> TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384, TLS_ECDHE_RSA_WITH_AES_256_ >>>> CBC_SHA, >>>> TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, Unknown 0xcc:0xa8, >>>> TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_RSA_WITH_AES_256_CBC_SHA, >>>> TLS_DHE_RSA_WITH_AES_128_CBC_SHA, TLS_RSA_WITH_AES_256_CBC_SHA, >>>> TLS_RSA_WITH_AES_128_CBC_SHA, SSL_RSA_WITH_3DES_EDE_CBC_SHA] >>>> 2018-05-04 20:57:17,408 INFO [NiFi logging handler] >>>> org.apache.nifi.StdOut >>>> Compression Methods: { 0 } >>>> 2018-05-04 20:57:17,408 INFO [NiFi logging handler] >>>> org.apache.nifi.StdOut >>>> Extension server_name, server_name: [type=host_name (0), value=nifi1] >>>> 2018-05-04 20:57:17,408 INFO [NiFi logging handler] >>>> org.apache.nifi.StdOut >>>> Extension extended_master_secret >>>> 2018-05-04 20:57:17,408 INFO [NiFi logging handler] >>>> org.apache.nifi.StdOut >>>> Extension renegotiation_info, renegotiated_connection: <empty> >>>> 2018-05-04 20:57:17,408 INFO [NiFi logging handler] >>>> org.apache.nifi.StdOut >>>> Extension elliptic_curves, curve names: {unknown curve 29, secp256r1, >>>> secp384r1, secp521r1} >>>> 2018-05-04 20:57:17,408 INFO [NiFi logging handler] >>>> org.apache.nifi.StdOut >>>> Extension ec_point_formats, formats: [uncompressed] >>>> 2018-05-04 20:57:17,408 INFO [NiFi logging handler] >>>> org.apache.nifi.StdOut >>>> Unsupported extension type_35, data: >>>> 2018-05-04 20:57:17,408 INFO [NiFi logging handler] >>>> org.apache.nifi.StdOut >>>> Unsupported extension type_16, data: >>>> 00:0c:02:68:32:08:68:74:74:70:2f:31:2e:31 >>>> 2018-05-04 20:57:17,408 INFO [NiFi logging handler] >>>> org.apache.nifi.StdOut >>>> Unsupported extension status_request, data: 01:00:00:00:00 >>>> 2018-05-04 20:57:17,408 INFO [NiFi logging handler] >>>> org.apache.nifi.StdOut >>>> Extension signature_algorithms, signature_algorithms: SHA256withECDSA, >>>> SHA384withECDSA, SHA512withECDSA, SHA256withRSA, SHA384withRSA, >>>> SHA512withRSA, SHA1withECDSA, SHA1withRSA >>>> 2018-05-04 20:57:17,408 INFO [NiFi logging handler] >>>> org.apache.nifi.StdOut >>>> *** >>>> 2018-05-04 20:57:17,408 INFO [NiFi logging handler] >>>> org.apache.nifi.StdOut >>>> %% Initialized: [Session-4, SSL_NULL_WITH_NULL_NULL] >>>> 2018-05-04 20:57:17,408 INFO [NiFi logging handler] >>>> org.apache.nifi.StdOut >>>> NiFi Web Server-20, fatal error: 40: no cipher suites in common >>>> 2018-05-04 20:57:17,408 INFO [NiFi logging handler] >>>> org.apache.nifi.StdOut >>>> javax.net.ssl.SSLHandshakeException: no cipher suites in common >>>> 2018-05-04 20:57:17,408 INFO [NiFi logging handler] >>>> org.apache.nifi.StdOut >>>> %% Invalidated: [Session-4, SSL_NULL_WITH_NULL_NULL] >>>> 2018-05-04 20:57:17,408 INFO [NiFi logging handler] >>>> org.apache.nifi.StdOut >>>> NiFi Web Server-20, SEND TLSv1.2 ALERT: fatal, description = >>>> handshake_failure >>>> 2018-05-04 20:57:17,408 INFO [NiFi logging handler] >>>> org.apache.nifi.StdOut >>>> NiFi Web Server-20, WRITE: TLSv1.2 Alert, length = 2 >>>> 2018-05-04 20:57:17,408 INFO [NiFi logging handler] >>>> org.apache.nifi.StdOut >>>> NiFi Web Server-20, fatal: engine already closed. Rethrowing >>>> javax.net.ssl.SSLHandshakeException: no cipher suites in common >>>> 2018-05-04 20:57:17,408 INFO [NiFi logging handler] >>>> org.apache.nifi.StdOut >>>> NiFi Web Server-20, called closeOutbound() >>>> 2018-05-04 20:57:17,408 INFO [NiFi logging handler] >>>> org.apache.nifi.StdOut >>>> NiFi Web Server-20, closeOutboundInternal() >>>> >>>> >>>>
signature.asc
Description: Message signed with OpenPGP using GPGMail