Login or Register to Ask a Question and Join Our Community

Sponsored Content
Full Discussion: Unable to establish connection over TLS 1.2 on AIX 7.1/7.2
Operating Systems AIX Unable to establish connection over TLS 1.2 on AIX 7.1/7.2 Post 303030903 by Naina2019 on Tuesday 19th of February 2019 03:10:48 AM
Old 02-19-2019
Thanks Gull04. I have tried the debug options provided in the link and got to know that there are no ciphers in common to establish a connection.
Also I could see only SSL_* ciphers are enabled. Can you please help me to enable TLS_* ciphers in IBM JDK8, so that it can communicate over TLS 1.2.

Here are the logs :

Code:
Using SSLEngineImpl.
Is initial handshake: true
qtp-1722886128-39, READ: TLSv1 Handshake, length = 182
*** ClientHello, TLSv1.2
RandomCookie:  GMT: -1246685516 bytes = { 14, 70, 82, 17, 142, 160, 104, 40, 220, 61, 116, 139, 67, 63, 91, 48, 1, 149, 197, 162, 246, 61, 155, 115, 103, 215, 79, 30 }
Session ID:  {}
Cipher Suites: [Unknown 0xcc:0xa9, Unknown 0xcc:0xa8, Unknown 0xcc:0x14, Unknown 0xcc:0x13, SSL_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, SSL_ECDHE_RSA_WITH_AES_128_GCM_SHA256, SSL_DHE_RSA_WITH_AES_128_GCM_SHA256, SSL_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, SSL_ECDHE_RSA_WITH_AES_256_CBC_SHA, SSL_DHE_RSA_WITH_AES_256_CBC_SHA, SSL_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, SSL_ECDHE_RSA_WITH_AES_128_CBC_SHA, SSL_DHE_RSA_WITH_AES_128_CBC_SHA, SSL_RSA_WITH_AES_128_GCM_SHA256, SSL_RSA_WITH_AES_256_CBC_SHA, SSL_RSA_WITH_AES_128_CBC_SHA, SSL_RSA_WITH_3DES_EDE_CBC_SHA]
Compression Methods:  { 0 }
Extension renegotiation_info, ri_length: 0, ri_connection_data: { null }
Extension extended_master_secret
Unsupported extension type_35, data:
Extension signature_algorithms, signature_algorithms: SHA512withRSA, SHA512withECDSA, SHA384withRSA, SHA384withECDSA, SHA256withRSA, SHA256withECDSA, SHA224withRSA, SHA224withECDSA, SHA1withRSA, SHA1withECDSA
Unsupported extension status_request, data: 01:00:00:00:00
Unsupported extension type_13172, data:
Unsupported extension type_18, data:
Extension application_layer_protocol_negotiation, protocol names: [h2][spdy/3.1][http/1.1]
Unsupported extension type_30032, data:
Extension ec_point_formats, formats: [uncompressed]
Extension elliptic_curves, curve names: {secp256r1, secp384r1}
***
ALPNJSSEExt not initialized for Server
ALPN will not be negotiatedc51426f1[SSLEngine[hostname=10.74.7.16 port=57233] SSL_NULL_WITH_NULL_NULL]
%% Initialized:  [Session-3, SSL_NULL_WITH_NULL_NULL]
qtp-1722886128-39, fatal error: 40: no cipher suites in common
javax.net.ssl.SSLHandshakeException: no cipher suites in common
%% Invalidated:  [Session-3, SSL_NULL_WITH_NULL_NULL]
qtp-1722886128-39, SEND TLSv1.2 ALERT:  fatal, description = handshake_failure
qtp-1722886128-39, WRITE: TLSv1.2 Alert, length = 2
qtp-1722886128-39, fatal: engine already closed.  Rethrowing javax.net.ssl.SSLHandshakeException: no cipher suites in common
qtp-1722886128-39, called closeOutbound()
qtp-1722886128-39, closeOutboundInternal()

Regards,
Naina
 

9 More Discussions You Might Find Interesting

1. HP-UX

Xterm :Cannot establish a connection to "Server IP" on port 22

Dears, I installed HP-UX Server, when I tried to reach it through Xterm it returns the error like Xrcmd Cannot establish a connection to "Server IP" on port 22 Anyone here to tell me the reason(s) find attached xterm.jpg (3 Replies)
Discussion started by: smartyshan
3 Replies

2. Shell Programming and Scripting

Establish ODBC connection from Linux

Hi All, I want to establish a ODBC connection to a database from linux and query the tables of a database. Please let me know how I can achieve this. Thanks and Regards Nagaraja Akkivalli. (0 Replies)
Discussion started by: Nagaraja Akkiva
0 Replies

3. IP Networking

Unable to connect to internet on slackware 14.1 (hathway connection)

Hi, I have a wired internet connection of hathway provider. I would like to use the connection on my desktop as well as my laptop. My desktop pc has windows 7 and yesterday I installed slackware 14.1 (full installation) on my lenovo 3000 n100 laptop. Previously I had slacko puppy 5.7... (7 Replies)
Discussion started by: pinakbheed
7 Replies

4. AIX

AIX sendmail and tls

The situation Version AIX7.1/8.14.4 Compiled with: DNSMAP LDAPMAP LDAP_REFERRALS LOG MAP_REGEX MATCHGECOS MILTER MIME7TO8 MIME8TO7 NAMED_BIND NDBM NETINET NETINET6 NETUNIX NEWDB NIS NISPLUS PIPELINING SCANF STARTTLS USERDB USE_LDAP_INIT XDEBUG... (2 Replies)
Discussion started by: Linusolaradm1
2 Replies

5. AIX

AIX LDAP client authenticate against Linux Openldap server over TLS/SSL

Hi folks, How can i configure an AIX LDAP client to authenticate against an Linux Openldap server over TLS/SSL? It works like a charm without TLS/SSL. i would like to have SSL encrypted communication for ldap (secldapclntd) and ldapsearch etc. while accepting every kind of certificate/CA.... (6 Replies)
Discussion started by: paco699
6 Replies

6. Solaris

How to configure CUPS on Solaris 11.3 - TLS and no TLS?

We are implementing CUPS on a new Solaris 11.3 system. The same system will run an application where users can print to networked printers inside our organisation, or to a printer outside of our organisation over the internet. For users printing to internal network printers, no encryption is... (0 Replies)
Discussion started by: SallyB
0 Replies

7. Red Hat

Connection establish two server

How do make connection between two linux server.Such as SSH,rsync,ftp (3 Replies)
Discussion started by: Mani T
3 Replies

8. Red Hat

Proxy tunneling failed: ForbiddenUnable to establish SSL connection.

Tryied both ways curl and wget wget --no-check-certificate https://mysitet.it:61617 --2017-05-05 17:29:02-- https://mysitet.it:61617/ Connecting to myproxy:8080... connected. Proxy tunneling failed: ForbiddenUnable to establish SSL connection. curl https://mysite.it:61617 curl: (56)... (3 Replies)
Discussion started by: charli1
3 Replies

9. BSD

Can't establish outbound ssh connection on an OpenBSD system

I am getting the below error when I try to make outbound ssh from an OpenBSD system. I can't ssh to any host except the localhost. I can ping the hosts which I can't ssh, though.~ uname -rs OpenBSD 6.1 ~ ssh -V OpenSSH_7.5, LibreSSL 2.5.2 ~ ssh hostname ssh: connect to host hostname... (11 Replies)
Discussion started by: milhan
11 Replies

LEARN ABOUT PLAN9

ssl_ctx_new

SSL_CTX_new(3SSL)						      OpenSSL							 SSL_CTX_new(3SSL)

NAME

       SSL_CTX_new - create a new SSL_CTX object as framework for TLS/SSL enabled functions

SYNOPSIS

	#include <openssl/ssl.h>

	SSL_CTX *SSL_CTX_new(const SSL_METHOD *method);

DESCRIPTION

       SSL_CTX_new() creates a new SSL_CTX object as framework to establish TLS/SSL enabled connections.

NOTES

       The SSL_CTX object uses method as connection method. The methods exist in a generic type (for client and server use), a server only type,
       and a client only type. method can be of the following types:

       SSLv2_method(void), SSLv2_server_method(void), SSLv2_client_method(void)
	   A TLS/SSL connection established with these methods will only understand the SSLv2 protocol. A client will send out SSLv2 client hello
	   messages and will also indicate that it only understand SSLv2. A server will only understand SSLv2 client hello messages.

       SSLv3_method(void), SSLv3_server_method(void), SSLv3_client_method(void)
	   A TLS/SSL connection established with these methods will only understand the SSLv3 protocol. A client will send out SSLv3 client hello
	   messages and will indicate that it only understands SSLv3. A server will only understand SSLv3 client hello messages. This especially
	   means, that it will not understand SSLv2 client hello messages which are widely used for compatibility reasons, see SSLv23_*_method().

       TLSv1_method(void), TLSv1_server_method(void), TLSv1_client_method(void)
	   A TLS/SSL connection established with these methods will only understand the TLSv1 protocol. A client will send out TLSv1 client hello
	   messages and will indicate that it only understands TLSv1. A server will only understand TLSv1 client hello messages. This especially
	   means, that it will not understand SSLv2 client hello messages which are widely used for compatibility reasons, see SSLv23_*_method().
	   It will also not understand SSLv3 client hello messages.

       SSLv23_method(void), SSLv23_server_method(void), SSLv23_client_method(void)
	   A TLS/SSL connection established with these methods will understand the SSLv2, SSLv3, and TLSv1 protocol. A client will send out SSLv2
	   client hello messages and will indicate that it also understands SSLv3 and TLSv1. A server will understand SSLv2, SSLv3, and TLSv1
	   client hello messages. This is the best choice when compatibility is a concern.

       The list of protocols available can later be limited using the SSL_OP_NO_SSLv2, SSL_OP_NO_SSLv3, SSL_OP_NO_TLSv1 options of the
       SSL_CTX_set_options() or SSL_set_options() functions. Using these options it is possible to choose e.g. SSLv23_server_method() and be able
       to negotiate with all possible clients, but to only allow newer protocols like SSLv3 or TLSv1.

       SSL_CTX_new() initializes the list of ciphers, the session cache setting, the callbacks, the keys and certificates, and the options to its
       default values.

RETURN VALUES

       The following return values can occur:

       NULL
	   The creation of a new SSL_CTX object failed. Check the error stack to find out the reason.

       Pointer to an SSL_CTX object
	   The return value points to an allocated SSL_CTX object.

SEE ALSO

       SSL_CTX_free(3), SSL_accept(3), ssl(3),	SSL_set_connect_state(3)

1.0.1e								    2013-02-11							 SSL_CTX_new(3SSL)
All times are GMT -4. The time now is 02:48 PM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy