No shared cipher

Maxim Dounin mdounin at
Thu May 10 13:09:16 UTC 2018


On Wed, May 09, 2018 at 02:10:04AM -0400, _gg_ wrote:

> Not sure if it's not more of an openssl/TLS 'issue'/question... 
> For some time I've been observing 
> SSL_do_handshake() failed (SSL: error:1408A0C1:SSL
> routines:ssl3_get_client_hello:no shared cipher) while SSL handshaking 
> in error.log while having 
> ssl_protocols SSLv2 SSLv3 TLSv1 TLSv1.1 TLSv1.2; 
> ssl_ciphers ALL:!aNULL; 
> in configuration. 
> Examining Client Hello packet reveals client supported ciphers: 
> Cipher Suites (9 suites) 
> Cipher Suite: TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 (0xcca8) 
> Cipher Suite: TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 (0xcc13) 
> Cipher Suite: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (0xc02f) 
> Cipher Suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA (0xc014) 
> Cipher Suite: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA (0xc013) 
> Cipher Suite: TLS_RSA_WITH_AES_128_GCM_SHA256 (0x009c) 
> Cipher Suite: TLS_RSA_WITH_AES_256_CBC_SHA (0x0035) 
> Cipher Suite: TLS_RSA_WITH_AES_128_CBC_SHA (0x002f) 
> Cipher Suite: TLS_RSA_WITH_3DES_EDE_CBC_SHA (0x000a) 
> I'm running
> nginx version: nginx/1.12.1 
> built by gcc 4.8.5 20150623 (Red Hat 4.8.5-11) (GCC) 
> built with OpenSSL 1.0.2k-fips 26 Jan 2017 
> TLS SNI support enabled 
> According to 'openssl ciphers' the third cipher on the list is supported and
> yet server responds with: 
> TLSv1.2 Record Layer: Alert (Level: Fatal, Description: Handshake Failure) 
> Content Type: Alert (21) 
> Version: TLS 1.2 (0x0303) 
> Length: 2 
> Alert Message 
> Level: Fatal (2) 
> Description: Handshake Failure (40) 
> Either I've messed up my investigation or I'm completely misunderstanding
> something here. 
> Why despite having a common cipher with a client server denies to handshake
> a connection?

Whether a cipher suite can be used or not depends on various 
factors.  In particular:

- list of ciphers the client supports;
- list of ciphers the server supports;
- the certificate used by the server (e.g., you won't be able to 
  use RSA cipher suites with an ECDSA certificate);
- when using ECDHE ciphers or ECDSA certificates - supported EC curves on both 
  client and server;

In this particular case the client supports only RSA ciphers, so, 
for example, there will be no shared cipher if you are using ECDSA 

Maxim Dounin

More information about the nginx mailing list