This week's book giveaway is in the JavaScript forum.
We're giving away four copies of Svelte and Sapper in Action and have Mark Volkmann on-line!
See this thread for details.
Win a copy of Svelte and Sapper in Action this week in the JavaScript forum!
  • Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other all forums
this forum made possible by our volunteer staff, including ...
  • Campbell Ritchie
  • Ron McLeod
  • Paul Clapham
  • Bear Bibeault
  • Junilu Lacar
  • Jeanne Boyarsky
  • Tim Cooke
  • Henry Wong
Saloon Keepers:
  • Tim Moores
  • Stephan van Hulst
  • Tim Holloway
  • salvin francis
  • Frits Walraven
  • Scott Selikoff
  • Piet Souris
  • Carey Brown No available certificate or key corresponds to the SSL cipher suites whi

Ranch Hand
Posts: 55
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I am trying to create a HttpsServer/Client so that I can create a proxy to examine traffic coming from the browser to the server. These types of tool are invaluable to people who test web application security. I have decided to use httpclient to send the requests and httpcore components for my server. At the moment I'm simply trying to establish the ssl socket connection between the browser and the server on port 8080. I have read all over and still cannot seem to get this to work. Here are the steps I did up to this point:

1. Created a CA cert with keytool and added it to file called cacerts

2. I added this cert to the firefox browser instance listening on port 8080

3v . In my code i do the following to call that cert in the server code

Then when I call the accept on the socket as seen below i get the following exception:

I/O error initialising connection thread: No available certificate or key corresponds to the SSL cipher suites which are enabled. No available certificate or key corresponds to the SSL cipher suites which are enabled.
at Source)
at Source)
at DefaultHttpServer$

I think it is saying that the ciphers from the browser (client) does not have same ciphers? I have that cert in its configuration settings though. I honestly don't understand what I should be doing. Why the heck does java make SSL such a pain in the ass!

I read on a site the following explanation on how the proxy should handle certs

what I did for the proxy was got the client to trust a CA cert of my own.The mitm-proxy would then use that cert to generate whatever server certs are needed (on demand). the advantage of using a CA cert is that you will be able to mitm connections to new servers without having to get it to trust new certs you made up just now.

My questions are:

1) any idea where i'm going wrong on trying to establish the ssl socket?

2) that explanation of how the proxy"server" should handle certs is this how i'm approaching it? i have a self-signed cert in my trustore and in browser

Update 11/13

I tried a few things and still no luck!. This is what I did

C:\Users\Steve>keytool -genkey -alias serverprivkey -keystore

Then I copied this file from my user directory over to my project folder and did the following changes in my code:

KeyStore ks = KeyStore.getInstance("JKS");
ks.load(new FileInputStream(""), "pass123".toCharArray());

KeyManagerFactory kmf = KeyManagerFactory.getInstance("SunX509");
kmf.init(ks, "pass123".toCharArray());

I know it is correctly grabbing that file because if passwords are wrong i get exceptions. However, i'm still getting that same exception. Any ideas what to try next?
Consider Paul's rocket mass heater.
    Bookmark Topic Watch Topic
  • New Topic