Re: SSL example breaks firefox (no cipher suites in common)

Thu, 13 Jan 2011 19:00:18 -0800 

Hi,
Please take a look at similar discussion here[1], you may need add one more cipher suite *_128_.* for server side, this should make your firefox client connect without problem. 

[1]http://cxf.547215.n5.nabble.com/Accessing-HTTPS-enabled-CXF-servers-with-Firefox-td548153.html

Freeman
On 2011-1-14, at 上午7:36, Jason Pell wrote:


Hi,


First of all let me explain my setup.  I am not using mutual  
authentication.



I have configured a key store on the server side only (no trust  
store).

I have configured a trust store on the client side.

So I have configured the following in the server spring config for
embedded jetty:

                      <httpj:tlsServerParameters>
                                <sec:keyManagers 
keyPassword="${tls.keystore.password}">
                                        <sec:keyStore type="JKS" 
password="${tls.keystore.password}"
file="${tls.keystore.file}" />
                                </sec:keyManagers>
                                
                                <!-- breaks firefox which I would like to have 
working! -->
                                <sec:cipherSuitesFilter>
                                <sec:include>.*_EXPORT_.*</sec:include>
                                <sec:include>.*_EXPORT1024_.*</sec:include>
                                <sec:include>.*_WITH_DES_.*</sec:include>
                                <sec:include>.*_WITH_NULL_.*</sec:include>
                                <sec:exclude>.*_DH_anon_.*</sec:exclude>
                            </sec:cipherSuitesFilter>
                        </httpj:tlsServerParameters>

The client was configured with a trust manager only with the same
cipher suite filters.   This ALL WORKS between CXF and CXF no
problems, so thats all good.  It also works nicely between SOAPUI and
Cxf server too.

My only trouble at this point is that if I try and access the WSDL
from Firefox I run into trouble and the logfile on the server reports

javax.net.ssl.SSLHandshakeException: no cipher suites in common

I came across this post, but it suggests its an expected issue which I
think is incorrect as I am not using mutual ssl authentication.
  http://cxf.547215.n5.nabble.com/cxf-server-using-https-td563480.html

If I remove the cipherSuitesFilter from the server config then firefox
works too.  So it appears that we are restricting the ciphers to
something firefox does not support.  Anyone have any ideas or do I
have to live
with this?

Thanks
Jason



--
Freeman Fang

------------------------

FuseSource: http://fusesource.com
blog: http://freemanfang.blogspot.com
twitter: http://twitter.com/freemanfang
Apache Servicemix:http://servicemix.apache.org
Apache Cxf: http://cxf.apache.org
Apache Karaf: http://karaf.apache.org
Apache Felix: http://felix.apache.org























					Reply via email to