RE: Certificate issue ERR_SSL_VERSION_OR_CIPHER_MISMATCH
I was able to resolve the issue. I was adding the certificate and then I had combined my certificate and private key. So when I added the certificate plus the certificate and private key it was breaking. I removed just the certificate and it resolved the issue. So I had my root certificates and the certificate plus private key and everything starting working correctly. Thank you, Kent Younge Systems Engineer USPS MTSC IT Support 600 W. Rock Creek Rd, Norman, OK 73069-8357 O:405 573 2273 -Original Message- From: Shawn Heisey [mailto:apa...@elyograg.org] Sent: Friday, October 20, 2017 4:33 PM To: solr-user@lucene.apache.org Subject: Re: Certificate issue ERR_SSL_VERSION_OR_CIPHER_MISMATCH On 10/19/2017 6:30 AM, Younge, Kent A - Norman, OK - Contractor wrote: > Built a clean Solr server imported my certificates and when I go to the > SSL/HTTPS page it tells me that I have ERR_SSL_VERSION_OR_CIPHER_MISMATCH in > Chrome and in IE tells me that I need to TURN ON TLS 1.0, TLS 1.1, and TLS > 1.2. What java version? What Java vendor? What operating system? The OS won't have a lot of impact on HTTPS, I just ask in case other information is desired, so we can tailor the information requests. I see other messages where you mention Solr 6.6, which requires Java 8. As Hoss mentioned to you in another thread, *all* of the SSL capability is provided by Java. The Jetty that ships with Solr includes a config for HTTPS. The included Jetty config *excludes* a handful of low-quality ciphers that your browser probably already refuses to use, but that's the only cipher-specific configuration. If you haven't changed the Jetty config in the Solr download, then Jetty defaults and your local Java settings will control everything else. As far as I am aware, Solr doesn't influence the SSL config at all. SSL_RSA_WITH_DES_CBC_SHA SSL_DHE_RSA_WITH_DES_CBC_SHA SSL_DHE_DSS_WITH_DES_CBC_SHA SSL_RSA_EXPORT_WITH_RC4_40_MD5 SSL_RSA_EXPORT_WITH_DES40_CBC_SHA SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA It is extremely unlikely that Solr itself is causing these problems. It is more likely that there's something about your environment (java version, custom java config, custom Jetty config, browser customization, or maybe something else) that is resulting in a protocol and cipher list that your browser doesn't like. Thanks, Shawn
Re: Certificate issue ERR_SSL_VERSION_OR_CIPHER_MISMATCH
On 10/19/2017 6:30 AM, Younge, Kent A - Norman, OK - Contractor wrote: > Built a clean Solr server imported my certificates and when I go to the > SSL/HTTPS page it tells me that I have ERR_SSL_VERSION_OR_CIPHER_MISMATCH in > Chrome and in IE tells me that I need to TURN ON TLS 1.0, TLS 1.1, and TLS > 1.2. What java version? What Java vendor? What operating system? The OS won't have a lot of impact on HTTPS, I just ask in case other information is desired, so we can tailor the information requests. I see other messages where you mention Solr 6.6, which requires Java 8. As Hoss mentioned to you in another thread, *all* of the SSL capability is provided by Java. The Jetty that ships with Solr includes a config for HTTPS. The included Jetty config *excludes* a handful of low-quality ciphers that your browser probably already refuses to use, but that's the only cipher-specific configuration. If you haven't changed the Jetty config in the Solr download, then Jetty defaults and your local Java settings will control everything else. As far as I am aware, Solr doesn't influence the SSL config at all. SSL_RSA_WITH_DES_CBC_SHA SSL_DHE_RSA_WITH_DES_CBC_SHA SSL_DHE_DSS_WITH_DES_CBC_SHA SSL_RSA_EXPORT_WITH_RC4_40_MD5 SSL_RSA_EXPORT_WITH_DES40_CBC_SHA SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA It is extremely unlikely that Solr itself is causing these problems. It is more likely that there's something about your environment (java version, custom java config, custom Jetty config, browser customization, or maybe something else) that is resulting in a protocol and cipher list that your browser doesn't like. Thanks, Shawn
RE: Certificate issue ERR_SSL_VERSION_OR_CIPHER_MISMATCH
Resolved the Cipher Mismatch error. Thank you, Kent Younge Systems Engineer USPS MTSC IT Support 600 W. Rock Creek Rd, Norman, OK 73069-8357 O:405 573 2273 -Original Message- From: Younge, Kent A - Norman, OK - Contractor [mailto:kent.a.you...@usps.gov.INVALID] Sent: Thursday, October 19, 2017 7:30 AM To: 'solr-user@lucene.apache.org' Subject: Certificate issue ERR_SSL_VERSION_OR_CIPHER_MISMATCH Built a clean Solr server imported my certificates and when I go to the SSL/HTTPS page it tells me that I have ERR_SSL_VERSION_OR_CIPHER_MISMATCH in Chrome and in IE tells me that I need to TURN ON TLS 1.0, TLS 1.1, and TLS 1.2. TLS is turned on and if I browse to the server name instead of the site name the SOLR app comes up with a certificate issue saying that the site certificate name is different. I have also installed one of my other certificates that is working on one of my other SOLR servers on the server that is having the issue and the HTTPS site comes up just fine.This has been going on for over a month now and I do not know what to do next. I have messed with the java.security file to see if maybe it was a cipher however, I do not think that is actually the problem b/c as I mentioned before if I take one of my other certificates and the SOLR HTTPS site comes up for that site name. So I am thinking that the server is configured correctly. I have requested my certificates at least 5 times to see if it is actually the certificate that is having the issue. And none of the certificates for this site has actually worked. I am at a loss at what to look at next. If I modify the solr.in.sh and comment out the SSL settings the site comes up just fine. I have also looked in DNS to see if that was maybe an issue and it is configured properly. I believe another person is having the same issue as I am on the list as well.
Certificate issue ERR_SSL_VERSION_OR_CIPHER_MISMATCH
Built a clean Solr server imported my certificates and when I go to the SSL/HTTPS page it tells me that I have ERR_SSL_VERSION_OR_CIPHER_MISMATCH in Chrome and in IE tells me that I need to TURN ON TLS 1.0, TLS 1.1, and TLS 1.2. TLS is turned on and if I browse to the server name instead of the site name the SOLR app comes up with a certificate issue saying that the site certificate name is different. I have also installed one of my other certificates that is working on one of my other SOLR servers on the server that is having the issue and the HTTPS site comes up just fine.This has been going on for over a month now and I do not know what to do next. I have messed with the java.security file to see if maybe it was a cipher however, I do not think that is actually the problem b/c as I mentioned before if I take one of my other certificates and the SOLR HTTPS site comes up for that site name. So I am thinking that the server is configured correctly. I have requested my certificates at least 5 times to see if it is actually the certificate that is having the issue. And none of the certificates for this site has actually worked. I am at a loss at what to look at next. If I modify the solr.in.sh and comment out the SSL settings the site comes up just fine. I have also looked in DNS to see if that was maybe an issue and it is configured properly. I believe another person is having the same issue as I am on the list as well.
Certificate issue
Jack, Are you still having the same issue? Thank you, Kent Younge Systems Engineer USPS MTSC IT Support 600 W. Rock Creek Rd, Norman, OK 73069-8357 O:405 573 2273 -Original Message- From: Younge, Kent A - Norman, OK - Contractor [mailto:kent.a.you...@usps.gov.INVALID] Sent: Monday, October 16, 2017 10:58 AM To: solr-user@lucene.apache.org Subject: RE: solrcloud dead-lock Jack, No I still have the issue on one box only. I have re-requested certificates several times and still come back with the same issue. If I put a working certificate on the box everything works the way it should. Also if I browse the https: to the server name instead of the registered certificate name Solr comes up with a untrusted certificate showing that the site is registered to my certificate name. So SOLR is working but, not with my certificates. I have messed with the java security settings that did not help. The box works like it should and for whatever, reason with that certificate it will not work. I have changed the names of the certificate I had a hyphen in the name and thought that was causing an issue. Took the hyphen out it made no difference. In IE I get the turn on TLS and even though it is set. In Chrome I get ERR_SSL_Version or Cipher_MISMATCH. -Original Message- From: SOLR6931 [mailto:solrpubl...@gmail.com] Sent: Monday, October 16, 2017 9:13 AM To: solr-user@lucene.apache.org Subject: Re: solrcloud dead-lock Hey Kent, Have you managed to find a solution to your problem? I'm currently encountering the exact same issue. Jack -- Sent from: http://lucene.472066.n3.nabble.com/Solr-User-f472068.html
