Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

SSL connection fails due to no available cipher on IBM JRE #4679

Closed
ysohda opened this issue Jun 20, 2017 · 4 comments
Closed

SSL connection fails due to no available cipher on IBM JRE #4679

ysohda opened this issue Jun 20, 2017 · 4 comments
Labels
Milestone

Comments

@ysohda
Copy link

ysohda commented Jun 20, 2017

Hi,

Due to no available cipher for TLSv1.2 on IBM JRE, SSL connection fails.

The reason of no available cipher is a difference of cipher suite names as I reported on jruby-openssl:
jruby/jruby-openssl#125
The pull request to solve this issue has been merged:
jruby/jruby-openssl#126

So, it would be nice if jruby-openssl bundled with jruby is updated on next jruby release.
@kares, could you please help us to update jruby-openssl in jruby?

Thank you,
Yuki.

Environment

>jruby -v
jruby 9.1.12.0 (2.3.3) 2017-06-15 33c6439 IBM J9 VM 2.8 on pwa6480sr4fp5-20170421_01 (SR4 FP5) +jit [mswin32-x86_64]

OS: Windows 7 Professional (x64)

Current Behavior

>gem install bundler
ERROR:  Could not find a valid gem 'bundler' (>= 0), here is why:
   Unable to download data from https://rubygems.org/ - Received fatal alert: handshake_failure (https://api.rubygems.org/specs.4.8.gz)

With debug option:

>jruby -J-Djavax.net.debug=all -S gem install bundler
IBMJSSE2 will not allow protocol SSLv3 per com.ibm.jsse2.disableSSLv3 set to TRUE or default
IBMJSSEProvider2 Build-Level: -20170331
Installed Providers =
        IBMJSSE2
        IBMJCE
        IBMJGSSProvider
        IBMCertPath
        IBMSASL
        IBMXMLCRYPTO
        IBMXMLEnc
        IBMSPNEGO
        SUN
 <snip> 
Is initial handshake: true
Ignoring unsupported cipher suite: SSL_RSA_WITH_DES_CBC_SHA for TLSv1.2
Ignoring unsupported cipher suite: SSL_DHE_RSA_WITH_DES_CBC_SHA for TLSv1.2
No available cipher suite for TLSv1.2
 <snip>

Expected Behavior

When I replaced "jruby-9.1.12.0\lib\ruby\stdlib\jopenssl.jar" by one in jruby-openssl-0.9.21.dev-20170329.100355-1.gem, it works as expected:

>gem install bundler
Fetching: bundler-1.15.1.gem (100%)
Successfully installed bundler-1.15.1
1 gem installed
@kares
Copy link
Member

kares commented Jun 21, 2017

next JRuby release (9.2) will for sure update. we have not forgoten about this, there's simply a lot on the plate (more long term issues that need adressing). also thought the pre release is useful for now. sorry for the wait, doing my best ...

@kares
Copy link
Member

kares commented Aug 9, 2017

expected to be resolved with #4726

@kares kares closed this as completed Aug 9, 2017
@kares kares removed the in progress label Aug 9, 2017
@ysohda
Copy link
Author

ysohda commented Aug 21, 2017

Hi Kares,
Thank you for your work to update jruby-openssl in JRuby.
It looks that JRuby 9.1.13.0 is scheduled, so it would be nice if your effort is also in 9.1.13.0.
Thank you,
Yuki.

@AndrewClarke
Copy link

So.... for the dummies out here, what's the work-around to get past this problem?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
Projects
None yet
Development

No branches or pull requests

3 participants