Highlighted
dabigknee
New Member.
772 views

SSL_ERROR_NO_CYPHER_OVERLAP error on HP-NA 10.2

We are attempting to install a certificate (not self signed) on the HPNA server, and are running into a road block.

All browsers are unable to get to the homepage and get a page like this:

An error occurred during a connection to servername.domain.com. Cannot communicate securely with peer: no common encryption algorithm(s). Error code: SSL_ERROR_NO_CYPHER_OVERLAP

This message does not appear when running the default certs (sentinel).  Some guidance from Google suggests RC4 is enabled, but we have confirmed it is disabled in java.security

We followed the steps in the HPNA 10 Administration Guide, starting on page 39.

Has anyone seen this before and know how to resolve it?

 

Thanks!

Tags (1)
0 Likes
3 Replies
Super Contributor.. Huy_V Super Contributor..
Super Contributor..

Re: SSL_ERROR_NO_CYPHER_OVERLAP error on HP-NA 10.2

Look at the Hardening Guide (10.20) page 19 of 28, it may help to resolve the problem.

Configure the Ciphers Used by the NA Web Server

"The ciphers parameter of the Connector element in the <NA_HOME>/server/ext/jboss/server/
default/deploy/jbossweb.sar/server.xml file specifies which ciphers NA might use.

....."

Hope that helps,

Huy

0 Likes
Valued Contributor.. jinCecowd4 Valued Contributor..
Valued Contributor..

Re: SSL_ERROR_NO_CYPHER_OVERLAP error on HP-NA 10.2

Thanks Huy. Did you resolve your problem? I'm having the same error even though I added  "TLS_RSA_WITH_AES_128_CBC_SHA,TLS_DHE_RSA_WITH_AES_128_CBC_SHA,TLS_DHE_DSS_WITH_AES_128_CBC_SHA,SSL_RSA_WITH_3DES_EDE_CBC_SHA,SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA,SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA,TLS_DHE_RSA_WITH_AES_256_CBC_SHA,TLS_DHE_DSS_WITH_AES_256_CBC_SHA,TLS_DHE_RSA_WITH_AES_256_CBC_SHA256,TLS_RSA_WITH_AES_256_CBC_SHA256,TLS_RSA_WITH_AES_256_CBC_SHA,TLS_RSA_WITH_AES_128_CBC_SHA256,TLS_DHE_RSA_WITH_AES_128_CBC_SHA256"

Running on Windows8 IE 11.0.9600.18739

0 Likes
Super Contributor.. Huy_V Super Contributor..
Super Contributor..

Re: SSL_ERROR_NO_CYPHER_OVERLAP error on HP-NA 10.2

Yes, I don't remember exactly what I did on Linux (no longer have access), but the manual suggested that you put 256 before 128. Also you need to restart the app.

Here is the default installation on my lab Windows server and it has no problem.

ciphers="TLS_DHE_RSA_WITH_AES_256_CBC_SHA256,TLS_RSA_WITH_AES_256_CBC_SHA256,TLS_RSA_WITH_AES_256_CBC_SHA,TLS_RSA_WITH_AES_128_CBC_SHA256,TLS_DHE_RSA_WITH_AES_128_CBC_SHA256"/>

A support ticket may help to resolve quicker if you have a support contract; otherwise, if you have the luxury to fix by trial and error, just remove everything and add in a few, and only add in what needed.

Thanks,

Huy

 

0 Likes
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.