My Oracle Support Banner

SSL Fails with ECC Cetificate and ECDHE_ECDSA Ciphers - Errors: ssl_error_no_cypher_overlap, nzos_Handshake returned 29039, too restrictive SSLCipherSuite (Doc ID 2083382.1)

Last updated on OCTOBER 03, 2018

Applies to:

Oracle HTTP Server - Version 12.1.2.0.0 to 12.1.3.0.0 [Release 12c]
Information in this document applies to any platform.

Symptoms

The following is set in the "ssl.conf" file in order to use only ECDHE_ECDSA ciphers:

SSLProtocol +TLSv1.2

SSLCipherSuite ECDHE_ECDSA_WITH_AES_128_GCM_SHA256:ECDHE_ECDSA_WITH_AES_256_GCM_SHA384:TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256:TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384

SSLWallet <wallet directory>

 

And when connecting to 'https://<host name>:<ssl port>' this error happens in FireFox browser.

Error

-----

Secure Connection Failed
An error occurred during a connection to <host name>:<ssl port>.
Cannot communicate securely with peer: no common encryption algorithm(s).
(Error code: ssl_error_no_cypher_overlap)

 

This errors happen in "ohs1.log" file.

"ohs1.log"

-----------

[2015-11-22T11:52:16.6623-05:00] [OHS] [ERROR:32] [OHS-2079] [http_core.c] [host_id: <host name>] [host_addr: <ip address>] [pid: 30454] [tid: 139923239799104] [user: oracle] [VirtualHost: <host name>:<ssl port>] nzos handshake error, nzos_Handshake returned 29039(server <host name>:<ssl port>, client <ip address>)
[2015-11-22T11:52:16.6623-05:00] [OHS] [ERROR:32] [OHS-2171] [http_core.c] [host_id: <host name>] [host_addr: <ip address>] [pid: 30454] [tid: 139923239799104] [user: oracle] [VirtualHost: <host name>:<ssl port>] NZ Library Error: SSL negotiation error [Hint: too restrictive SSLCipherSuite]

or


[2015-11-25T15:56:08.6474-05:00] [OHS] [ERROR:32] [OHS-2079] [http_core.c] [host_id: <host name>] [host_addr: <ip address>] [pid: 27317] [tid: 140030787393856] [user: root] [VirtualHost: <host name>:<ssl port>] nzos handshake error, nzos_Handshake returned 29019(server <host name>:4443, client <ip address>)
[2015-11-25T15:56:08.6474-05:00] [OHS] [ERROR:32] [OHS-2171] [http_core.c] [host_id: <host name>] [host_addr: <ip address>] [pid: 27317] [tid: 140030787393856] [user: root] [VirtualHost: <host name>:<ssl port>] NZ Library Error: Unknown error

 

Changes

Recently configured a new Elliptic Curve Cryptography (ECC) certificate.

Cause

To view full details, sign in with your My Oracle Support account.

Don't have a My Oracle Support account? Click to get started!


In this Document
Symptoms
Changes
Cause
Solution
References

My Oracle Support provides customers with access to over a million knowledge articles and a vibrant support community of peers and Oracle experts.