When releasing alien4cloud 1.3.0 we upgraded spring boot and jetty (as a spring boot dependency). We recently found that our SSL configuration failed with Firefox while it was working fine under chrome or safari.

The error was quite clear and explained that Firefox wasn’t able to find a valid cipher to communicate with alien4cloud (SSL_ERROR_NO_CYPHER_OVERLAP). Having changed nothing on our side this error was quite unexpected and we had to dive into multiple reading to find out what the issue could be. Hopefully we found some interesting bug reports on mozilla bug tracker first (https://bugzilla.mozilla.org/show_bug.cgi?id=1029179) that explained quite easily while firefox was more restrictive than other browser.

Starting from here we managed to find that our previous version had the ‘TLS_RSA_WITH_AES_256_CBC_SHA’ cipher used by Firefox to communicate with alien4cloud. We also found out that some elliptic curve based ciphers that firefox seems to like more like TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 where not working under all of configurations (RHEL OpenJDK 8).

The solution for us was to specify a list of ciphers using spring boot server.ssl.ciphers property and basically to add the TLS_RSA_WITH_AES_256_CBC_SHA cipher that is supported by all browsers.

Have you experienced such issues too ? Do you have preferred resolutions ?

Leave a Reply