• Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other Pie Elite all forums
this forum made possible by our volunteer staff, including ...
  • Campbell Ritchie
  • Paul Clapham
  • Ron McLeod
  • Jeanne Boyarsky
  • Tim Cooke
  • Liutauras Vilda
  • paul wheaton
  • Henry Wong
Saloon Keepers:
  • Tim Moores
  • Tim Holloway
  • Stephan van Hulst
  • Carey Brown
  • Frits Walraven
  • Piet Souris
  • Himai Minh

javax.net.ssl.SSLException: No available certificate or key corresponds to the SSL cipher suites whi

Ranch Hand
Posts: 55
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
I am trying to create a HttpsServer/Client so that I can create a proxy to examine traffic coming from the browser to the server. These types of tool are invaluable to people who test web application security. I have decided to use httpclient to send the requests and httpcore components for my server. At the moment I'm simply trying to establish the ssl socket connection between the browser and the server on port 8080. I have read all over and still cannot seem to get this to work. Here are the steps I did up to this point:

1. Created a CA cert with keytool and added it to file called cacerts

2. I added this cert to the firefox browser instance listening on port 8080

3v . In my code i do the following to call that cert in the server code

Then when I call the accept on the socket as seen below i get the following exception:

I/O error initialising connection thread: No available certificate or key corresponds to the SSL cipher suites which are enabled.
javax.net.ssl.SSLException: No available certificate or key corresponds to the SSL cipher suites which are enabled.
at com.sun.net.ssl.internal.ssl.SSLServerSocketImpl.checkEnabledSuites(Unknown Source)
at com.sun.net.ssl.internal.ssl.SSLServerSocketImpl.accept(Unknown Source)
at DefaultHttpServer$RequestListenerThread.run(DefaultHttpServer.java:151)

I think it is saying that the ciphers from the browser (client) does not have same ciphers? I have that cert in its configuration settings though. I honestly don't understand what I should be doing. Why the heck does java make SSL such a pain in the ass!

I read on a site the following explanation on how the proxy should handle certs

what I did for the proxy was got the client to trust a CA cert of my own.The mitm-proxy would then use that cert to generate whatever server certs are needed (on demand). the advantage of using a CA cert is that you will be able to mitm connections to new servers without having to get it to trust new certs you made up just now.

My questions are:

1) any idea where i'm going wrong on trying to establish the ssl socket?

2) that explanation of how the proxy"server" should handle certs is this how i'm approaching it? i have a self-signed cert in my trustore and in browser

Update 11/13

I tried a few things and still no luck!. This is what I did

C:\Users\Steve>keytool -genkey -alias serverprivkey -keystore privateKey.store

Then I copied this file privateKey.store from my user directory over to my project folder and did the following changes in my code:

KeyStore ks = KeyStore.getInstance("JKS");
ks.load(new FileInputStream("privateKey.store"), "pass123".toCharArray());

KeyManagerFactory kmf = KeyManagerFactory.getInstance("SunX509");
kmf.init(ks, "pass123".toCharArray());

I know it is correctly grabbing that file because if passwords are wrong i get exceptions. However, i'm still getting that same exception. Any ideas what to try next?
There are 29 Knuts in one Sickle, and 17 Sickles make up a Galleon. 42 tiny ads in a knut:
free, earth-friendly heat - a kickstarter for putting coin in your pocket while saving the earth
    Bookmark Topic Watch Topic
  • New Topic