Skip to content

Instantly share code, notes, and snippets.

@franklanganke
Created February 8, 2016 15:28
Show Gist options
  • Save franklanganke/6fa03407b94e0a4414dd to your computer and use it in GitHub Desktop.
Save franklanganke/6fa03407b94e0a4414dd to your computer and use it in GitHub Desktop.
Fix SSL Handshake error on AWS Linux

Fixing http requests to Cloudflare SSL hosted sites.

$cat /etc/issues
`Amazon Linux AMI release 2015.09`
$ java -version
java version "1.7.0_91"
OpenJDK Runtime Environment (amzn-2.6.2.2.63.amzn1-x86_64 u91-b00)
OpenJDK 64-Bit Server VM (build 24.91-b01, mixed mode)
curl -v https://www.opencpu.org
* Rebuilt URL to: https://www.opencpu.org/
*   Trying 104.27.153.18...
* Connected to www.opencpu.org (104.27.153.18) port 443 (#0)
* Initializing NSS with certpath: sql:/etc/pki/nssdb
*   CAfile: /etc/pki/tls/certs/ca-bundle.crt
  CApath: none
* NSS error -12286 (SSL_ERROR_NO_CYPHER_OVERLAP)
* Cannot communicate securely with peer: no common encryption algorithm(s).
* Closing connection 0
curl: (35) Cannot communicate securely with peer: no common encryption algorithm(s).

Curl fix:

curl --ciphers ecdhe_ecdsa_aes_128_cbc_sha_256 https://www.opencpu.org > foo.out

OpenJDK 7 fix:

Edit /usr/lib/jvm/jre/lib/security/java.security, uncomment:

#security.provider.10=sun.security.pkcs11.SunPKCS11 ${java.home}/lib/security/nss.cfg

When to apply:

Caused by: javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure
        at sun.security.ssl.Alerts.getSSLException(Alerts.java:192)
        at sun.security.ssl.Alerts.getSSLException(Alerts.java:154)

and

Caused by: java.lang.IllegalArgumentException: Cannot support TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA with currently installed providers
        at sun.security.ssl.CipherSuiteList.<init>(CipherSuiteList.java:92)
        at sun.security.ssl.SSLSocketImpl.setEnabledCipherSuites(SSLSocketImpl.java:2416)

Source: https://bugs.launchpad.net/ubuntu/+source/openjdk-6/+bug/1006776

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment