Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

kmip.server.session.00000002 - ERROR - [SSL: NO_SHARED_CIPHER] no shared cipher (_ssl.c:877) while attempting to connect to pykmip #662

Open
alaksh22 opened this issue Feb 25, 2022 · 1 comment
Open

kmip.server.session.00000002 - ERROR - [SSL: NO_SHARED_CIPHER] no shared cipher (_ssl.c:877) while attempting to connect to pykmip #662

alaksh22 opened this issue Feb 25, 2022 · 1 comment

Comments

@alaksh22
Copy link

I am getting the below error while attempting to connect to pykmip server from our client

2022-02-25 12:05:48,794 - kmip.server - INFO - Receiving incoming connection from: 172.18.126.34:54848 2022-02-25 12:05:48,796 - kmip.server - INFO - Dedicating session 00000002 to 172.18.126.34:54848 2022-02-25 12:05:48,797 - kmip.server.session.00000002 - INFO - Starting session: 00000002 2022-02-25 12:05:48,798 - kmip.server.session.00000002 - INFO - Failure running TLS handshake 2022-02-25 12:05:48,798 - kmip.server.session.00000002 - ERROR - [SSL: NO_SHARED_CIPHER] no shared cipher (_ssl.c:877) Traceback (most recent call last): File "/usr/local/lib/python3.6/site-packages/PyKMIP-0.11.0.dev1-py3.6.egg/kmip/services/server/session.py", line 102, in run self._connection.do_handshake() File "/usr/lib64/python3.6/ssl.py", line 1036, in do_handshake self._sslobj.do_handshake() File "/usr/lib64/python3.6/ssl.py", line 648, in do_handshake self._sslobj.do_handshake() ssl.SSLError: [SSL: NO_SHARED_CIPHER] no shared cipher (_ssl.c:877) 2022-02-25 12:05:48,799 - kmip.server.session.00000002 - INFO - Stopping session: 00000002

Below is the server.conf file
[server] database_path=/etc/pykmip/pykmip.database hostname=127.0.0.1 port=5696 certificate_path=/etc/pykmip/server_certificate.pem key_path=/etc/pykmip/server_key.pem ca_path=/etc/pykmip/root_certificate.pem auth_suite=TLS1.2 policy_path=/root/pykmip/examples/ enable_tls_client_auth=False tls_cipher_suites=TLS_RSA_WITH_AES_128_CBC_SHA256 TLS_RSA_WITH_AES_256_CBC_SHA256 TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 logging_level=DEBUG
I confirmed that the cipher suites in server.conf is supported by our client as well. I am using the certificates created using bin/create_certificates.py script.

I am looking for help troubleshooting the "no shared cipher" error.
@beergeek
Copy link

beergeek commented Feb 6, 2023
edited
Loading

I am having this exact issue with a Go client, but not with a Python 3.7.16 client.

I have configured the server.conf with the following, which is from the Go client:

tls_cipher_suites=
  TLS_RSA_WITH_AES_128_CBC_SHA
  TLS_RSA_WITH_AES_256_CBC_SHA
  TLS_CHACHA20_POLY1305_SHA256
  TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA
  TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
  TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA
  TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
  TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256
  TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
  TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
  TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
  TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
  TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256
  TLS_RSA_WITH_AES_128_CBC_SHA
  TLS_RSA_WITH_AES_128_GCM_SHA256
  TLS_RSA_WITH_AES_256_CBC_SHA
  TLS_RSA_WITH_AES_256_GCM_SHA384

All 17 appear in the PyKMIP log:

2023-02-06 06:05:27,396 - kmip.server - DEBUG - TLS_AES_256_GCM_SHA384
2023-02-06 06:05:27,396 - kmip.server - DEBUG - TLS_RSA_WITH_AES_128_GCM_SHA256
2023-02-06 06:05:27,396 - kmip.server - DEBUG - TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
2023-02-06 06:05:27,396 - kmip.server - DEBUG - TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
2023-02-06 06:05:27,396 - kmip.server - DEBUG - TLS_AES_128_GCM_SHA256
2023-02-06 06:05:27,396 - kmip.server - DEBUG - TLS_CHACHA20_POLY1305_SHA256
2023-02-06 06:05:27,396 - kmip.server - DEBUG - TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA
2023-02-06 06:05:27,396 - kmip.server - DEBUG - TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
2023-02-06 06:05:27,397 - kmip.server - DEBUG - TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
2023-02-06 06:05:27,397 - kmip.server - DEBUG - TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
2023-02-06 06:05:27,397 - kmip.server - DEBUG - TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256
2023-02-06 06:05:27,397 - kmip.server - DEBUG - TLS_RSA_WITH_AES_128_CBC_SHA
2023-02-06 06:05:27,397 - kmip.server - DEBUG - TLS_RSA_WITH_AES_256_GCM_SHA384
2023-02-06 06:05:27,397 - kmip.server - DEBUG - TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
2023-02-06 06:05:27,398 - kmip.server - DEBUG - TLS_RSA_WITH_AES_256_CBC_SHA
2023-02-06 06:05:27,398 - kmip.server - DEBUG - TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA
2023-02-06 06:05:27,398 - kmip.server - DEBUG - TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256

But I get a similar error:

2023-02-06 06:05:32,045 - kmip.server.session.00000001 - INFO - Starting session: 00000001
2023-02-06 06:05:32,045 - kmip.server.session.00000001 - INFO - Failure running TLS handshake
2023-02-06 06:05:32,045 - kmip.server.session.00000001 - ERROR - [SSL: NO_SHARED_CIPHER] no shared cipher (_ssl.c:1091)
Traceback (most recent call last):
  File "/usr/local/lib/python3.7/site-packages/kmip/services/server/session.py", line 102, in run
    self._connection.do_handshake()
  File "/usr/lib64/python3.7/ssl.py", line 1139, in do_handshake
    self._sslobj.do_handshake()
ssl.SSLError: [SSL: NO_SHARED_CIPHER] no shared cipher (_ssl.c:1091)
2023-02-06 06:05:32,046 - kmip.server.session.00000001 - INFO - Stopping session: 00000001

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@beergeek @alaksh22