"SSLHandshakeException: No appropriate protocol" error on running cipher suite enabled jetty server client

java ssl cryptography embedded-jetty iaik-jce
Manojkumar Khotele picture Manojkumar Khotele · Dec 17, 2014 · Viewed 8.9k times · Source

I am trying to configure symmetric key cipher suite on embedded jetty v9 (using Java 8).

Test server class as follows:

import iaik.security.provider.IAIK;

import java.io.IOException;
import java.security.Security;

import javax.servlet.ServletException;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;

import org.eclipse.jetty.server.Connector;
import org.eclipse.jetty.server.HttpConfiguration;
import org.eclipse.jetty.server.HttpConnectionFactory;
import org.eclipse.jetty.server.SecureRequestCustomizer;
import org.eclipse.jetty.server.Server;
import org.eclipse.jetty.server.ServerConnector;
import org.eclipse.jetty.server.SslConnectionFactory;
import org.eclipse.jetty.servlet.ServletHandler;
import org.eclipse.jetty.util.ssl.SslContextFactory;

public class TestJettyServer {

  public static void main(String[] args) throws Exception {
    SslContextFactory sslContextFactory = new SslContextFactory();
    sslContextFactory.setIncludeProtocols(new String[] { "TLSv1" });
    Security.addProvider(new IAIK()); // third party provider for cipher suite "TLS_PSK_WITH_AES_128_GCM_SHA256"
    sslContextFactory.setIncludeCipherSuites(new String[] { "TLS_PSK_WITH_AES_128_GCM_SHA256" });

    HttpConfiguration https = new HttpConfiguration();
    https.addCustomizer(new SecureRequestCustomizer());

    Server server = new Server();
    ServerConnector sslConnector = new ServerConnector(server, new SslConnectionFactory(sslContextFactory, "http/1.1"),
        new HttpConnectionFactory(https));

    sslConnector.setPort(9997);

    Connector[] connectors = { sslConnector };
    server.setConnectors(connectors);

    ServletHandler handler = new ServletHandler();
    server.setHandler(handler);
    handler.addServletWithMapping(HelloServlet.class, "/*");

    server.start();
    server.join();

  }

  public static class HelloServlet extends HttpServlet {

    /** The serialVersionUID. */
    private static final long serialVersionUID = 1L;

    @Override
    protected void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
      response.setContentType("text/html");
      response.setStatus(HttpServletResponse.SC_OK);
      response.getWriter().println("<h1>Hello SimpleServlet</h1>");
    }
  }

}

Test client class as follows:

import iaik.security.provider.IAIK;
import java.security.Security;  
import org.eclipse.jetty.client.HttpClient;
import org.eclipse.jetty.util.ssl.SslContextFactory;

public class TestJettyClient {

public static void main(String[] args) throws Exception {
  SslContextFactory sslContextFactory = new SslContextFactory();

  sslContextFactory.setIncludeProtocols(new String[] { "TLSv1" });
  Security.addProvider(new IAIK()); // third party provider for cipher suite "TLS_PSK_WITH_AES_128_GCM_SHA256"
  sslContextFactory.setIncludeCipherSuites(new String[] { "TLS_PSK_WITH_AES_128_GCM_SHA256" });

  HttpClient httpClient = new HttpClient(sslContextFactory);
  httpClient.setFollowRedirects(false);
  httpClient.start();

  httpClient.GET("https://localhost:9997");
}

}

The logs on running server are:

2014-12-17 13:00:55.056:INFO:oejs.Server:main: jetty-9.2.1.v20140609
2014-12-17 13:00:55.275:INFO:oejs.ServerConnector:main: Started ServerConnector@3fee9989{SSL-http/1.1}{0.0.0.0:9997}
2014-12-17 13:00:55.275:INFO:oejs.Server:main: Started @598ms

On running client, the logs on server and client side are:

2014-12-17 13:01:01.509:WARN:oeji.SelectorManager:qtp94438417-19-selector-ServerConnectorManager@3131cfe0/0: Exception while notifying connection SslConnection@436b1df3{NEED_WRAP,eio=-1/-1,di=-1} -> HttpConnection@6a9d584{IDLE}
org.eclipse.jetty.io.RuntimeIOException: javax.net.ssl.SSLHandshakeException: No appropriate protocol
  at org.eclipse.jetty.io.ssl.SslConnection.onOpen(SslConnection.java:151)
  at org.eclipse.jetty.io.SelectorManager.connectionOpened(SelectorManager.java:259) ...
Caused by: javax.net.ssl.SSLHandshakeException: No appropriate protocol 
  at sun.security.ssl.Handshaker.activate(Handshaker.java:483) ...

Before I proceed with configuring symmetric key store I would like to get rid of this error - No appropriate protocol.

Answer

Related questions

Why does SSL handshake give 'Could not generate DH keypair' exception?

When I make an SSL connection with some IRC servers (but not others - presumably due to the server's preferred encryption method) I get the following exception: Caused by: java.lang.RuntimeException: Could not generate DH keypair at com.sun.…

Read More
Registering multiple keystores in JVM

I have two applications running in the same java virtual machine, and both use different keystores and truststores. A viable option would be use a single keystore and import all the other ones into the shared keystore (e.g. keytool …

Read More
How to load public certificate from pem file?

I was trying to extract RES public key from the file below -----BEGIN CERTIFICATE----- MIIGwTCCBamgAwIBAgIQDlV4zznmQiVeF45Ipc0k7DANBgkqhkiG9w0BAQUFADBmMQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3d3cuZGlnaWNlcnQuY29tMSUwIwYDVQQDExxEaWdpQ2VydCBIaWdoIEFzc3VyYW5jZSBDQS0zMB4XDTEyMTAzMDAwMDAwMFoXDTE1MTEwNDEyMDAwMFowgYIxCzAJBgNVBAYTAlVTMQ4wDAYDVQQIEwVUZXhhczEQMA4GA1UEBxMHSG91c3RvbjEpMCcGA1UEChMgVmFsZXJ1cyBDb21wcmVzc2…

Read More