IBM JVM 8, Using TLS 1.3, and setting the ciphers in include ciphers list, still see javax.net.ssl.SSLHandshakeException: No appropriate protocol (protocol is disabled or cipher suites are inappropriate)

[jnjanardhannaidu]

Jetty version(s)

Jetty Environment

Java version/vendor (use: java -version)
8.0.8.10 - pxa6480sr8fp10-20230703_02(SR8 FP10)

OS type/version
Linux

Description
We are able to use tls1.2 without any issue.
When we try to use tls1.3, we are facing below issue. we are setting ciphers with the help of below method.
connFactory.setIncludeCipherSuites(dashboardCipherSuites);

Error when TLS1.3 is used.

[2024-02-13 11:41:40.436] ALL 000000000000 GLOBAL_SCOPE javax.net.ssl|ALL|5C|qtp1169988660-92|2024-02-13 11:41:40.435 IST|Thread.java:1178|Invalidated session: Session(1707804699787|SSL_NULL_WITH_NULL_NULL)

[2024-02-13 11:41:40.447] ALL 000000000000 GLOBAL_SCOPE javax.net.ssl|FINE|5B|qtp1169988660-91|2024-02-13 11:41:40.447 IST|Thread.java:1178|No available cipher suite for TLS13

[2024-02-13 11:41:40.448] ALL 000000000000 GLOBAL_SCOPE javax.net.ssl|SEVERE|5B|qtp1169988660-91|2024-02-13 11:41:40.448 IST|Thread.java:1178|Fatal (INTERNAL_ERROR): problem unwrapping net record (
"throwable" : {
javax.net.ssl.SSLHandshakeException: No appropriate protocol (protocol is disabled or cipher suites are inappropriate)
at com.ibm.jsse2.aa.(aa.java:9)
at com.ibm.jsse2.ad.(ad.java:12)
at com.ibm.jsse2.bb.a(bb.java:129)
at com.ibm.jsse2.bg.f(bg.java:200)
at com.ibm.jsse2.bg.e(bg.java:290)
at com.ibm.jsse2.bg.unwrap(bg.java:287)
at javax.net.ssl.SSLEngine.unwrap(SSLEngine.java:39)
at org.eclipse.jetty.io.ssl.SslConnection.unwrap(SslConnection.java:429)
at org.eclipse.jetty.io.ssl.SslConnection$DecryptedEndPoint.fill(SslConnection.java:718)
at org.eclipse.jetty.server.HttpConnection.fillRequestBuffer(HttpConnection.java:350)
at org.eclipse.jetty.server.HttpConnection.onFillable(HttpConnection.java:260)
at org.eclipse.jetty.io.AbstractConnection$ReadCallback.succeeded(AbstractConnection.java:311)
at org.eclipse.jetty.io.FillInterest.fillable(FillInterest.java:105)
at org.eclipse.jetty.io.ssl.SslConnection$DecryptedEndPoint.onFillable(SslConnection.java:555)
at org.eclipse.jetty.io.ssl.SslConnection.onFillable(SslConnection.java:410)
at org.eclipse.jetty.io.ssl.SslConnection$2.succeeded(SslConnection.java:164)
at org.eclipse.jetty.io.FillInterest.fillable(FillInterest.java:105)
at org.eclipse.jetty.io.ChannelEndPoint$1.run(ChannelEndPoint.java:104)
at org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.runTask(EatWhatYouKill.java:338)
at org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.doProduce(EatWhatYouKill.java:315)
at org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.tryProduce(EatWhatYouKill.java:173)
at org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.produce(EatWhatYouKill.java:137)
at org.eclipse.jetty.util.thread.QueuedThreadPool.runJob(QueuedThreadPool.java:883)
at org.eclipse.jetty.util.thread.QueuedThreadPool$Runner.run(QueuedThreadPool.java:1034)
at java.lang.Thread.run(Thread.java:825)}

How to reproduce?
Enable tls1.3
ciphers used:
TLS_CHACHA20_POLY1305_SHA256,TLS_AES_256_GCM_SHA384,TLS_AES_128_GCM_SHA256

[sbordet]

@jnjanardhannaidu we do not have the JVM you are using available, so we cannot tell.

IBM's JVM was (perhaps still is) known to have different names for the ciphers, so I would double check that.

If the error happens on the server, it may well be that the ciphers you chose are too restrictive for the client that is trying to connect (in other words, you have an old client using -- say -- TLS 1.1 and old ciphers, and the server disabling TLS 1.1 and using only TLS 1.3 ciphers).

This is not a Jetty issue, just a configuration issue on your part: if you restrict too much the protocols (only TLS 1.3) and the ciphers, then old clients won't be able to connect.

[joakime]

It is possible to use the IBM JVM with SSL/TLS.

But using an IBM JVM will require you to do a ton of extra work and possibly even some custom coding.
See ...

• IBM J9 JVM does not use RFC Cipher Suite Names, making default Excluded Cipher Suite list invalid #2921
• Jetty: Unknown SSL protocol error in latest IBM Java 1.7 version [1.7.0.sr9.30 and above, 1.7.1.sr3.30 and above] #1547

We know Jetty works, out of the box, with TLS/1.3 on all OpenJDK variants.
We also know that IBM JVMs insist on not using RFC naming for anything related to SSL/TLS which causes a major headache when attempting to live peacefully on the public internet.

Some quick advice, set the cipher and protocol exclude lists to null, and specify EXACTLY the names of the IBM Cipher Suites and IBM Protocol names you want to use in the include lists. You MUST use the EXACT names that the IBM JVM uses for cipher suite names and protocol names, not the spec compliant names, not the RFC names. Do not use any documentation for SSL/TLS on Java that isn't written specifically for the specific version of the IBM JVM you are wanting to use.

Of special note: Whatever configuration you come up with for your IBM JVM will be unique to that IBM JVM.
That configuration cannot be used on a different version IBM JVM, nor can it be used on a non-IBM JVM (such as on any OpenJDK variant)
That configuration will be essentially locked to that specific IBM JVM.

[joakime]

Also, the IBM JVM 8.0.8.10 pxa6480sr8fp10-20230703_02(SR8 FP10) points at use of Jetty 9 (or older), as that JVM is incapable of being used for Jetty 10/11 or 12.

That means your version of Jetty is now at End of Community Support.

• End of Community Support for Jetty 9.x - June 2022 #7958
• End of Community Support for Jetty 10 / Jetty 11 - January 2024 #10485

You should be using Jetty 12 at this point in time.

[jnjanardhannaidu]

HI @joakime, when I set cipher with TLS it works-> TLS_CHACHA20_POLY1305_SHA256
But in tls 1.2, we set ciphers starting with SSL say-> SSL_RSA_WITH_AES_128_CBC_SHA256

[joakime]

HI @joakime, when I set cipher with TLS it works-> TLS_CHACHA20_POLY1305_SHA256
But in tls 1.2, we set ciphers starting with SSL say-> SSL_RSA_WITH_AES_128_CBC_SHA256

You need to consult the IBM JVM documentation, we do not use or test on any IBM JVM due the broken nature of SSL/TLS on them.
For the rest of the (non-IBM) java world, any cipher suite starting with SSL_* is considered unsafe and is disabled, often at the JVM level.

The list of exclusions in Jetty 12 (the only supported version of Jetty at this point in time).

jetty.project/jetty-core/jetty-util/src/main/java/org/eclipse/jetty/util/ssl/SslContextFactory.java

Lines 119 to 138 in a683690

	/**
	* Default Excluded Protocols List
	*/
	private static final String[] DEFAULT_EXCLUDED_PROTOCOLS = {"SSL", "SSLv2", "SSLv2Hello", "SSLv3"};
	/**
	* Default Excluded Cipher Suite List
	*/
	private static final String[] DEFAULT_EXCLUDED_CIPHER_SUITES = {
	// Exclude weak / insecure ciphers
	"^.*_(MD5|SHA|SHA1)$",
	// Exclude ciphers that don't support forward secrecy
	"^TLS_RSA_.*$",
	// The following exclusions are present to cleanup known bad cipher
	// suites that may be accidentally included via include patterns.
	// The default enabled cipher list in Java will not include these
	// (but they are available in the supported list).
	"^SSL_.*$",
	"^.*_NULL_.*$",
	"^.*_anon_.*$"
	};

The OpenJDK Certificate Exclusions (jdk.certpath.disabledAlgorithms - algorithms not allowed in certificates)

https://github.com/openjdk/jdk/blob/jdk-21%2B35/src/java.base/share/conf/security/java.security#L518-L655

jdk.certpath.disabledAlgorithms=MD2, MD5, SHA1 jdkCA & usage TLSServer, \
    RSA keySize < 1024, DSA keySize < 1024, EC keySize < 224, \
    SHA1 usage SignedJAR & denyAfter 2019-01-01

The OpenJDK Legacy Certificate Algorithms (jdk.security.legacyAlgorithms - algorithms disabled by default, but can be enabled via jvm command line options)

https://github.com/openjdk/jdk/blob/jdk-21%2B35/src/java.base/share/conf/security/java.security#L657-L674

jdk.security.legacyAlgorithms=SHA1, \
    RSA keySize < 2048, DSA keySize < 2048, \
    DES, DESede, MD5, RC2, ARCFOUR

The OpenJDK TLS Disabled Algorithms (jdk.tls.disabledAlgorithms - algorithms not allowed in TLS)

https://github.com/openjdk/jdk/blob/jdk-21%2B35/src/java.base/share/conf/security/java.security#L730-L764

jdk.tls.disabledAlgorithms=SSLv3, TLSv1, TLSv1.1, DTLSv1.0, RC4, DES, \
    MD5withRSA, DH keySize < 1024, EC keySize < 224, 3DES_EDE_CBC, anon, NULL, \
    ECDH

The OpenJDK TLS Legacy Algorithms (jdk.tls.legacyAlgorithms - algorithms disabled for use in TLS by default, but can be enabled via jvm command line options)

https://github.com/openjdk/jdk/blob/jdk-21%2B35/src/java.base/share/conf/security/java.security#L766-L823

jdk.tls.legacyAlgorithms=NULL, anon, RC4, DES, 3DES_EDE_CBC

My point is, do not ignore all of the configuration present in multiple places that can disable/exclude various protocols and algorithms, almost globally using the RFC naming.
This configuration can come from your code, the Jetty code, any of your 3rd party libraries you use (yes, many libraries using SSL/TLS will have exclusion lists of their own), in the JVM itself, etc.