1

I'm setting up a key for HTTPS in JBoss 6 and it keeps showing me the error

ERR_SSL_VERSION_OR_CIPHER_MISMATCH

The certificate is valid.

I created the jks using this command: keytool -import -trustcacerts -alias root -file certificate.crt -keystore JksName.jks

The server.xml file is like this:

 <!-- SSL/TLS Connector configuration using the admin devl guide keystore--> <Connector port="8443" minSpareThreads="5" maxSpareThreads="75" enableLookups="true" disableUploadTimeout="true" acceptCount="100" maxThreads="200" scheme="https" secure="true" SSLEnabled="true" keystoreFile="path" keystorePass="psswd" clientAuth="false" sslProtocols="TLSv1,TLSv1.1,TLSv1.2"/>

But it keeps showing that error in chrome. Already tried in other browsers and it does not work too.

Improve this question
6
  • Which Java runtime version is used? If the runtime is too old it does not support TLS1+ or only outdated ciphers that are disabled in modern browsers. Commented May 7, 2019 at 18:06
  • You say you're "setting up a key" but that's untrue; you're only giving the server a certificate and NOT a privatekey and it needs the certificate AND privatekey AND chain (in most cases). See stackoverflow.com/questions/39815305/… and stackoverflow.com/questions/37412374/… and maybe stackoverflow.com/questions/37412374/… Commented May 8, 2019 at 7:59
  • @Robert: Java 5 in 2004 supported TLS1.0, which Chrome 74 still accepts, although DevTools/Security describes it as 'obsolete'. Jboss is pretty demanding and I doubt Jboss 6 runs on any Java that old. Commented May 8, 2019 at 8:39
  • @Robert the JRE is the 1.7 Commented May 8, 2019 at 11:21
  • @dave_thompson_085 man, I think you might be really right, I will give a try and thanks for the links and the orientation Commented May 8, 2019 at 11:22

1 Answer 1

Reset to default
0

Although the ERR_SSL_VERSION_OR_CIPHER_MISMATCH error could indicate any SSL version mismatch or no common cipher suites between the browser and the server, this error probably means that the server only supports RC4. You will need to enable support for additional cipher suites.

Improve this answer
Sign up to request clarification or add additional context in comments.

1 Comment

Java (at least Oracle builds) has disabled RC4 in SSL/TLS by default since 8u51, 4 years ago. This problem is because the server is given no private key and cannot support any authenticated ciphersuites, which are the only ones allowed by all browsers and most other software.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.