Spring Boot app getting unsupported protocol error? [SOLVED]

Please fill out the fields below so we can help you better.

My domain is:

I ran this command:

https://www.ssllabs.com/ssltest/analyze.html?d=gotchatbot.com

It produced this output:

This site can’t provide a secure connection

gotchatbot.com uses an unsupported protocol.
ERR_SSL_VERSION_OR_CIPHER_MISMATCH

My web server is (include version):

Spring Boot 1.5.6 launched with Gradle wrapper

The operating system my web server runs on is (include version):

Ubuntu 14.04

My hosting provider, if applicable, is:

Azure

I can login to a root shell on my machine (yes or no, or I don't know):

yes

I'm using a control panel to manage my site (no, or provide the name and version of the control panel):

no

I have a Java Spring Boot app configured for SSL support that uses a PKCS12 keystore file I created with the LetsEncrypt certbot app. I used the following command to convert the certbot key to PKCS12, which Tomcat requires:

openssl pkcs12 -export -in fullchain.pem -inkey privkey.pem -out keystore.p12 -name tomkey -CAfile chain.pem -caname root

I then put the key in the spring boot app root directory and changed the group and owner of that file to the non-root user that launches the spring boot app, to (successfully) avoid a 'permission denied' error.

The app is launched with the gradle command:

./gradlew bootRun

The Spring Boot app launches successfully and prints the diagnostic message that it is listening on port 8443.

In Azure I have port 443 routed internally to port 8443, the port my Spring Boot app is listening on via the embedded Tomcat server.

I try to connect to the site with the following URL:

https://gotchatbot.com/

Whenever I try to connect to the app using SSL I get the following error:

This site can’t provide a secure connection
gotchatbot.com uses an unsupported protocol.
ERR_SSL_VERSION_OR_CIPHER_MISMATCH

I ran the following test with telnet to make sure the site was reachable and listening on port 443 (SSL port):

telnet gotchatbot.com 443

I did get a telnet session window so I know that test succeeded.

However, when I try to analyze the SSL session with the SSL test page from SSL Labs I get the error message:

Failed to communicate with the secure server

That error message unfortunately is not listed in the list of known error messages. How can I diagnose and fix this problem?

Here is my SSL configuration, taken from the Spring Boot app's application.yml file:

server:
  # Azure routes 443 to 8443
  port: ${port:8443}
  ssl:
	enabled: true
	key-alias: <key alias hidden>
	key-store: /home/user9/keystore.p12
	key-store-type: PKCS12
	key-password: <password hidden>

How can I diagnose and fix this problem?

That only shows that a service is listening on 443.

openssl s_client -connect gotchatbot.com:443
fails to negotiate any ciphers, so it actually fails.

I would look for where to set the ciphersuite used.

Turns out the whole mess was because I had “key-password” instead of “key-store-password” in my application.yml file. I fixed that and the entire painful situation went away. Unfortunately the error messages you get back when SSL fails aren’t very helpful when it comes to diagnosing the true problem.

Thanks for replying.

usually i would have a look at the server log files

the startup sequence usually is a good place to find misconfigurations (e.g. not able to open JKS due to password etc)

Andrei

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.