Description of problem: Trying to run the latest jetty version (9.3.0.RC1) on Fedora 22 reveals with -Djavax.net.debug=all that some AES GCM cipher suites are not available with OpenJDK on Fedora: Ignoring unavailable cipher suite: TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 Firefox 38 offers these cipher suites: qtp537548559-14, READ: TLSv1 Handshake, length = 223 *** ClientHello, TLSv1.2 RandomCookie: GMT: -152776478 bytes = { 18, 254, 231, 251, 227, 212, 90, 234, 157, 143, 24, 117, 192, 139, 56, 24, 41, 192, 76, 17, 184, 234, 152, 17, 238, 206, 127, 136 } Session ID: {85, 101, 232, 239, 63, 134, 34, 89, 97, 95, 38, 76, 14, 32, 218, 97, 36, 224, 234, 35, 220, 145, 94, 137, 253, 157, 98, 181, 104, 99, 244, 31} Cipher Suites: [TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, TLS_DHE_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_RSA_WITH_AES_256_CBC_SHA, TLS_RSA_WITH_AES_128_CBC_SHA, TLS_RSA_WITH_AES_256_CBC_SHA, SSL_RSA_WITH_3DES_EDE_CBC_SHA] Compression Methods: { 0 } for an HTTP2 connection. 2015-05-27 18:20:46.555:WARN:oejut.QueuedThreadPool:qtp537548559-14: java.lang.RuntimeException: java.security.NoSuchAlgorithmException: EC AlgorithmParameters not available at sun.security.ssl.Handshaker.checkThrown(Handshaker.java:1429) at sun.security.ssl.SSLEngineImpl.checkTaskThrown(SSLEngineImpl.java:535) at sun.security.ssl.SSLEngineImpl.readNetRecord(SSLEngineImpl.java:813) at sun.security.ssl.SSLEngineImpl.unwrap(SSLEngineImpl.java:781) at javax.net.ssl.SSLEngine.unwrap(SSLEngine.java:624) [...] Bug or feature? Version-Release number of selected component (if applicable): How reproducible: Steps to Reproduce: 1. 2. 3. Actual results: Expected results: Additional info:
(In reply to Thomas Meyer from comment #0) > Description of problem: > Trying to run the latest jetty version (9.3.0.RC1) on Fedora 22 reveals with > -Djavax.net.debug=all that some AES GCM cipher suites are not available with > OpenJDK on Fedora: > > Ignoring unavailable cipher suite: TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 > > Firefox 38 offers these cipher suites: > > qtp537548559-14, READ: TLSv1 Handshake, length = 223 > *** ClientHello, TLSv1.2 > RandomCookie: GMT: -152776478 bytes = { 18, 254, 231, 251, 227, 212, 90, > 234, 157, 143, 24, 117, 192, 139, 56, 24, 41, 192, 76, 17, 184, 234, 152, > 17, 238, 206, 127, 136 } > Session ID: {85, 101, 232, 239, 63, 134, 34, 89, 97, 95, 38, 76, 14, 32, > 218, 97, 36, 224, 234, 35, 220, 145, 94, 137, 253, 157, 98, 181, 104, 99, > 244, 31} > Cipher Suites: [TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, > TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, > TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, > TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, TLS_DHE_RSA_WITH_AES_128_CBC_SHA, > TLS_DHE_RSA_WITH_AES_256_CBC_SHA, TLS_RSA_WITH_AES_128_CBC_SHA, > TLS_RSA_WITH_AES_256_CBC_SHA, SSL_RSA_WITH_3DES_EDE_CBC_SHA] > Compression Methods: { 0 } > for an HTTP2 connection. > > 2015-05-27 18:20:46.555:WARN:oejut.QueuedThreadPool:qtp537548559-14: > java.lang.RuntimeException: java.security.NoSuchAlgorithmException: EC > AlgorithmParameters not available > at sun.security.ssl.Handshaker.checkThrown(Handshaker.java:1429) > at > sun.security.ssl.SSLEngineImpl.checkTaskThrown(SSLEngineImpl.java:535) > at > sun.security.ssl.SSLEngineImpl.readNetRecord(SSLEngineImpl.java:813) > at sun.security.ssl.SSLEngineImpl.unwrap(SSLEngineImpl.java:781) > at javax.net.ssl.SSLEngine.unwrap(SSLEngine.java:624) > [...] > > Bug or feature? Feature. Fedora packages cannot ship Eliptic Curve based ciphers (yet). Bug 1075702 has some details (this also applies to JDK 8).
Not TLSv1.2, but ECC ciphers. *** This bug has been marked as a duplicate of bug 1019554 ***