SSL connection fails due to no available cipher on IBM JRE #4679
Description
Hi,
Due to no available cipher for TLSv1.2 on IBM JRE, SSL connection fails.
The reason of no available cipher is a difference of cipher suite names as I reported on jruby-openssl:
jruby/jruby-openssl#125
The pull request to solve this issue has been merged:
jruby/jruby-openssl#126
So, it would be nice if jruby-openssl bundled with jruby is updated on next jruby release.
@kares, could you please help us to update jruby-openssl in jruby?
Thank you,
Yuki.
Environment
>jruby -v
jruby 9.1.12.0 (2.3.3) 2017-06-15 33c6439 IBM J9 VM 2.8 on pwa6480sr4fp5-20170421_01 (SR4 FP5) +jit [mswin32-x86_64]
OS: Windows 7 Professional (x64)
Current Behavior
>gem install bundler
ERROR: Could not find a valid gem 'bundler' (>= 0), here is why:
Unable to download data from https://rubygems.org/ - Received fatal alert: handshake_failure (https://api.rubygems.org/specs.4.8.gz)
With debug option:
>jruby -J-Djavax.net.debug=all -S gem install bundler
IBMJSSE2 will not allow protocol SSLv3 per com.ibm.jsse2.disableSSLv3 set to TRUE or default
IBMJSSEProvider2 Build-Level: -20170331
Installed Providers =
IBMJSSE2
IBMJCE
IBMJGSSProvider
IBMCertPath
IBMSASL
IBMXMLCRYPTO
IBMXMLEnc
IBMSPNEGO
SUN
<snip>
Is initial handshake: true
Ignoring unsupported cipher suite: SSL_RSA_WITH_DES_CBC_SHA for TLSv1.2
Ignoring unsupported cipher suite: SSL_DHE_RSA_WITH_DES_CBC_SHA for TLSv1.2
No available cipher suite for TLSv1.2
<snip>
Expected Behavior
When I replaced "jruby-9.1.12.0\lib\ruby\stdlib\jopenssl.jar" by one in jruby-openssl-0.9.21.dev-20170329.100355-1.gem, it works as expected:
>gem install bundler
Fetching: bundler-1.15.1.gem (100%)
Successfully installed bundler-1.15.1
1 gem installed