Hi Lukas,
i'm a colleagues from chrisg and was recently also debugging the websocket issue we are having.
The server responded with this:
[Error: 140704529921664:error:1417A0C1:SSL routines:tls_post_process_client_hello:no shared cipher:../deps/openssl/openssl/ssl/statem/statem_srvr.c:2284:
] {
library: 'SSL routines',
function: 'tls_post_process_client_hello',
reason: 'no shared cipher',
code: 'ERR_SSL_NO_SHARED_CIPHER'
}
Available cipher suites on the current (rebex-)client:
{0xC0, 0x23} TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256
{0xC0, 0x24} TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384
{0xC0, 0x2B} TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
{0xC0, 0x2C} TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
{0xC0, 0x2F} TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
{0xC0, 0x30} TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
{0xC0, 0x27} TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
{0xC0, 0x28} TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
{0xC0, 0x09} TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA
{0xC0, 0x0A} TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA
{0xC0, 0x13} TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
{0xC0, 0x14} TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
{0x00, 0x9F} TLS_DHE_RSA_WITH_AES_256_GCM_SHA384
{0x00, 0x9E} TLS_DHE_RSA_WITH_AES_128_GCM_SHA256
{0x00, 0x6B} TLS_DHE_RSA_WITH_AES_256_CBC_SHA256
{0x00, 0x67} TLS_DHE_RSA_WITH_AES_128_CBC_SHA256
{0x00, 0x9D} TLS_RSA_WITH_AES_256_GCM_SHA384
{0x00, 0x9C} TLS_RSA_WITH_AES_128_GCM_SHA256
{0x00, 0x3D} TLS_RSA_WITH_AES_256_CBC_SHA256
{0x00, 0x3C} TLS_RSA_WITH_AES_128_CBC_SHA256
{0x00, 0x33} TLS_DHE_RSA_WITH_AES_128_CBC_SHA
{0x00, 0x39} TLS_DHE_RSA_WITH_AES_256_CBC_SHA
{0x00, 0x2F} TLS_RSA_WITH_AES_128_CBC_SHA
{0x00, 0x35} TLS_RSA_WITH_AES_256_CBC_SHA
{0xC0, 0x08} TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA
{0xC0, 0x12} TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA
{0x00, 0x16} TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA
{0x00, 0x0A} TLS_RSA_WITH_3DES_EDE_CBC_SHA
{0x00, 0xFF} TLS_EMPTY_RENEGOTIATION_INFO_SCSV
Available cipher suites on the server:
TLS_AES_256_GCM_SHA384
TLS_CHACHA20_POLY1305_SHA256
TLS_AES_128_GCM_SHA256
ECDHE-RSA-AES128-GCM-SHA256
ECDHE-ECDSA-AES128-GCM-SHA256
ECDHE-RSA-AES256-GCM-SHA384
ECDHE-ECDSA-AES256-GCM-SHA384
DHE-RSA-AES128-GCM-SHA256
ECDHE-RSA-AES128-SHA256
DHE-RSA-AES128-SHA256
ECDHE-RSA-AES256-SHA384
DHE-RSA-AES256-SHA384
ECDHE-RSA-AES256-SHA256
DHE-RSA-AES256-SHA256
Could it be, that just the names of the cipher are different? So that they do not match, even though they are the same:
e.g.
TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 (rebex)
ECDHE-ECDSA-AES128-GCM-SHA256 (server)
Just and idea - if you have some other advice, please let me know.
Maybe one more word about our setup:
- we have to connect to a piece of hardware with TLS Client authentication
- client will be a mobile application
- we are currently working with a mock-server (therefore we have access to it - it is a node.js application). The mock is supposed to be according to the specification (you never know, unfortuantely)
We are now concerned, not being able to connect to the hardware, as we are not able to to connect to the mock. Hopefully issues will be resolved soon.