wood burning stoves 2.0*
The moose likes Sockets and Internet Protocols and the fly likes javax.net.ssl.SSLException: No available certificate or key corresponds to the SSL cipher suites whi Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login
JavaRanch » Java Forums » Java » Sockets and Internet Protocols
Bookmark "javax.net.ssl.SSLException: No available certificate or key corresponds to the SSL cipher suites whi" Watch "javax.net.ssl.SSLException: No available certificate or key corresponds to the SSL cipher suites whi" New topic
Author

javax.net.ssl.SSLException: No available certificate or key corresponds to the SSL cipher suites whi

steve labar
Ranch Hand

Joined: Sep 10, 2008
Posts: 55
I am trying to create a HttpsServer/Client so that I can create a proxy to examine traffic coming from the browser to the server. These types of tool are invaluable to people who test web application security. I have decided to use httpclient to send the requests and httpcore components for my server. At the moment I'm simply trying to establish the ssl socket connection between the browser and the server on port 8080. I have read all over and still cannot seem to get this to work. Here are the steps I did up to this point:

1. Created a CA cert with keytool and added it to file called cacerts

2. I added this cert to the firefox browser instance listening on port 8080

3v . In my code i do the following to call that cert in the server code



Then when I call the accept on the socket as seen below i get the following exception:
I/O error initialising connection thread: No available certificate or key corresponds to the SSL cipher suites which are enabled.
javax.net.ssl.SSLException: No available certificate or key corresponds to the SSL cipher suites which are enabled.
at com.sun.net.ssl.internal.ssl.SSLServerSocketImpl.checkEnabledSuites(Unknown Source)
at com.sun.net.ssl.internal.ssl.SSLServerSocketImpl.accept(Unknown Source)
at DefaultHttpServer$RequestListenerThread.run(DefaultHttpServer.java:151)




I think it is saying that the ciphers from the browser (client) does not have same ciphers? I have that cert in its configuration settings though. I honestly don't understand what I should be doing. Why the heck does java make SSL such a pain in the ass!


I read on a site the following explanation on how the proxy should handle certs
what I did for the proxy was got the client to trust a CA cert of my own.The mitm-proxy would then use that cert to generate whatever server certs are needed (on demand). the advantage of using a CA cert is that you will be able to mitm connections to new servers without having to get it to trust new certs you made up just now.


My questions are:

1) any idea where i'm going wrong on trying to establish the ssl socket?

2) that explanation of how the proxy"server" should handle certs is this how i'm approaching it? i have a self-signed cert in my trustore and in browser


Update 11/13
------------------------

I tried a few things and still no luck!. This is what I did

C:\Users\Steve>keytool -genkey -alias serverprivkey -keystore privateKey.store

Then I copied this file privateKey.store from my user directory over to my project folder and did the following changes in my code:

KeyStore ks = KeyStore.getInstance("JKS");
ks.load(new FileInputStream("privateKey.store"), "pass123".toCharArray());

KeyManagerFactory kmf = KeyManagerFactory.getInstance("SunX509");
kmf.init(ks, "pass123".toCharArray());

I know it is correctly grabbing that file because if passwords are wrong i get exceptions. However, i'm still getting that same exception. Any ideas what to try next?
 
It is sorta covered in the JavaRanch Style Guide.
 
subject: javax.net.ssl.SSLException: No available certificate or key corresponds to the SSL cipher suites whi