0

I am getting this error: javax.net.ssl.SSLHandshakeException: no cipher suites in common when trying to do an SSL socket communication between java server and android client. I used this line to create the keyfile: keytool -genkey -keystore mySrvKeystore -keyalg RSA server code: 

System.setProperty("javax.net.ssl.keyStore","mySrvKeystore.key");
System.setProperty("javax.net.ssl.keyStorePassword","1234567");
private SSLServerSocketFactory sslserversocketfactory = 
       (SSLServerSocketFactory) SSLServerSocketFactory.getDefault();
private SSLServerSocket sslserversocket;
private SSLSocket sslsocket;
sslserversocket= (SSLServerSocket) sslserversocketfactory.createServerSocket(port);
sslsocket = (SSLSocket) sslserversocket.accept();

client code:

System.setProperty("javax.net.ssl.trustStore","mySrvKeystore.key");
System.setProperty("javax.net.ssl.trustStorePassword","1234567");
sslsocket = (SSLSocket) sslsocketfactory.createSocket(serverAddr, SERVERPORT);
private SSLSocketFactory sslsocketfactory = (SSLSocketFactory)
SSLSocketFactory.getDefault();
private SSLSocket sslsocket;

Any idea how to solve this issue ? Is it possible that the connection is failing because the server's certificate is self-signed ? Thanks.

T-D
  • 373
  • 8
  • 21

2 Answers2

1

You must be changing the enabled cipher suites in either your SSLServerSocket or your SSLSocket. Don't do that. If you must, make sure you set a subset that is supported by both peers.

EDIT In your client code, you have

System.setProperty("javax.net.ssl.trustStore","mySrvKeystore.key");

i.e. you are using the server keystore as the client truststore. Don't do that. The keystore contains the private key and it shouldn't reside anywhere except at the server. You need to export the server certificate from that keystore and import it into the client truststore as a trusted CA certificate.

user207421
  • 305,947
  • 44
  • 307
  • 483
  • You must be calling setEnabledCipherSuites(). Don't. – user207421 Feb 05 '14 at 22:09
  • Not really i am not calling this function on neither both sides, client or server. However i still get that error. – T-D Feb 05 '14 at 22:45
  • can you post a working sample code of what i am trying to do ? – T-D Feb 05 '14 at 23:22
  • Can you post your *own* code? The exception you described isn't thrown from the code you posted. Please run your server with -Djavax.net.debug=ssl,handshake and post the output here. Edit it into your post. – user207421 Feb 05 '14 at 23:23
  • If you mean run it with : `System.getProperty("javax.net.debug=ssl", "handshake");` i did and nothing different showed. i even tried `System.getProperty("java.protocol.handler.pkgs=com.sun.net.ssl.internal.www.protocol", "javax.net.debug=ssl");` – T-D Feb 06 '14 at 00:03
  • I meant what I said. What you wrote does exactly nothing. You can use `System.setProperty("javax.net.debug","ssl,handshake")` from within the code. You haven't need to set `java.protocol.handler.pkgs` for SSL for over ten years. – user207421 Feb 06 '14 at 00:04
  • i was trying other attempts by other posts thats why i added that. i am new to SSL and all this. – T-D Feb 06 '14 at 00:10
  • 1
    Any post that says that *getting* a Java system property and throwing away its value accomplishes anything whatsover is wrong, and any post that suggests there even is a system property called `"javax.net.debug=ssl"` ditto. Where did you read this rubbish? – user207421 Feb 06 '14 at 00:12
  • I read this rubbish of this website, it was a previous post, [link](http://stackoverflow.com/questions/6786945/how-to-do-ssl-socket-programming). can you provide me with more help on how to do what you said ? Thanks a lot. – T-D Feb 06 '14 at 00:17
  • 1
    No you didn't. It's one of the worst pages in this site, but there is no `"javax.net.debug=ssl"` on that page, or even `"javax.net.debug"`, or `System.getProperty()`, or `"java.protocol.handler.pkgs"` either. The basic reference for all this stuff is the [JSSE Reference Guide](http://docs.oracle.com/javase/7/docs/technotes/guides/security/jsse/JSSERefGuide.html). – user207421 Feb 06 '14 at 00:18
  • well maybe it was on some other link. can you provide me with explanation ? help ? sample code ? on how to fix that. been stuck for hours and hours – T-D Feb 06 '14 at 00:22
  • I don't know what that's supposed to mean. I've given you a link to the standard reference, but you could have found it for yourself. – user207421 Feb 06 '14 at 00:34
1

Android uses slightly different approach to setup up a secure connection. Please take a look at this post: Android Trusting SSL Certificates

eslimaf
  • 666
  • 1
  • 6
  • 12