[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Handle-info] HandleException (INTERNAL_ERROR) SSLHandshakeException: no cipher suites in common, during full dump

Dear all,
I am trying to set up new mirrors. When I try to run the full dump, I get errors, in the log I get messages such as these:
svr_21.14103/logs/error.log-20230115:Caused by: HandleException (INTERNAL_ERROR) javax.net.ssl.SSLHandshakeException: no cipher suites in common svr_21.14103/logs/error.log-20230115:Caused by: javax.net.ssl.SSLHandshakeException: no cipher suites in common
Can anybody help me with this? I don't know where the accepted cipher suites are defined, nor which keys/certificates are actually the problem, nor how I can solve this. 

Some more details below, in case they're helpful.

Thanks so much,
best,
Merret
PS: I turned on ssl logging on primary and mirror, then I get many messages like this (in the primary's error log):
javax.net.ssl|FINE|6D|pool-4-thread-5|2023-01-26 18:43:01.291 CET|X509Authentication.java:297|ALIAS private or public key is not of EC algorithm javax.net.ssl|FINE|6D|pool-4-thread-5|2023-01-26 18:43:01.292 CET|X509Authentication.java:297|ALIAS private or public key is not of RSA algorithm javax.net.ssl|FINE|6D|pool-4-thread-5|2023-01-26 18:43:01.292 CET|X509Authentication.java:297|ALIAS private or public key is not of RSASSA-PSS algorithm 

Some more details, if needed:
The primaries that fail were set up in 2017, the ones that function well were set up in 2021. In the siteinfo.json I can see that ones that fail contain DSA keys: 
  "servers": [
    {
      "serverId": 1,
      "address": "x.x.x.49",
      "publicKey": {
        "format": "key",
        "value": {
          "kty": "DSA",
While the ones that work contain RSA keys:
  "servers": [
    {
      "serverId": 1,
      "address": "x.x.x.49",
      "publicKey": {
        "format": "key",
        "value": {
          "kty": "RSA",

However the serverCertificate.pem seems to be RSA in all of them:
[root@prim svr_1]# openssl x509 -in serverCertificate.pem -text | grep RSA
    Signature Algorithm: sha256WithRSAEncryption
    Signature Algorithm: sha256WithRSAEncryption



--
Merret Buurman
Abteilung Datenmanagement

Deutsches Klimarechenzentrum GmbH (DKRZ)
Bundesstraße 45 a • 20146 Hamburg • Germany
Phone: +49 40 460094-129

Email: buurman@dkrz.de
URL: www.dkrz.de

Geschäftsführer: Prof. Dr. Thomas Ludwig
Sitz der Gesellschaft: Hamburg
Amtsgericht Hamburg HRB 39784

Attachment: smime.p7s
Description: S/MIME Cryptographic Signature

_______________________________________________
Handle-Info mailing list
Handle-Info@cnri.reston.va.us
http://www.handle.net/mailman/listinfo/handle-info