SSL_ERROR_NO_CYPHER_OVERLAP (Firefox)

I’m running ciphermail for more than 2 years on SuSe Leap 15.2 and it’s running fine. Since the last update on Suse I can’t log into the web interface.

When I tried to open the page, I get this error (Firefox):
SSL_ERROR_NO_CYPHER_OVERLAP
Same with Edge-Browser.

I tried to update ciphermail to the actual version (5.1.3.0). But no difference.
Someone the same problem or a solution?

Best regards
Otmar

The most likely reason you get this error is that the HTTP server which
serves the gateway only supports old TLS versions no longer supported
by browsers.

Are you using Tomcat? Directly or via Apache or NginX?

If Tomcat directly, can you post you tomcat config file (server.xml).

Kind regards,

Martijn Brinkers

···

On Sat, 2021-12-04 at 14:58 +0000, oh--- via Users wrote:

I’m running ciphermail for more than 2 years on SuSe Leap 15.2 and
it’s running fine. Since the last update on Suse I can’t log into the
web interface.

When I tried to open the page, I get this error (Firefox):
SSL_ERROR_NO_CYPHER_OVERLAP
Same with Edge-Browser.

I tried to update ciphermail to the actual version (5.1.3.0). But no
difference.
Someone the same problem or a solution?

--
CipherMail email encryption
Email encryption with support for S/MIME,
OpenPGP, PDF Messenger and Webmail Messenger

Hello Martijn,

I use ciphermail as described in the installation instructions for Suse. So, yes, Tomcat is used directly. The configuration file is the original file.

server.xml:
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE config [
<!ENTITY proxyName "">
]>
<!--
  Tomcat configuration file for CipherMail.
-->
<Server>
    <Service name="Catalina">

        <!--
           Configure HTTPS connector.
        -->
        <Connector
            port="8443"
            connectionTimeout="20000"
            maxThreads="150"
            scheme="https"
            secure="true"
            SSLEnabled="true"
            sslProtocol="TLS"
            sslEnabledProtocols="TLSv1.2"
            keystoreFile="/usr/share/djigzo-web/ssl/sslCertificate.p12"
            keystorePass="djigzo"
            keystoreType="PKCS12"
            proxyName="&proxyName;"
        />

        <Engine name="Catalina" defaultHost="localhost">
            <Host name="localhost" appBase="webapps" unpackWARs="true"/>
        </Engine>
    </Service>
</Server>

Thanks for the support
Otmar

Hi Otmar,

to get more information about what ciphers your server offers, you could
use:
SSL Server Test (Powered by Qualys SSL Labs) or
https://testssl.sh/

Then compare the resulting list with what your browser offers.

But since your tomcat config shows, the server should use TLS v1.2 I expect
you to find "something" between your browser and your tomcat. :wink:

Kind regards
Thomas

attachment.html (6.27 KB)

12375973.gif

12206024.jpg

graycol.gif

···

--
Thomas Bahn
Diplom-Mathematiker
Geschäftsführer

Tel.: 04307 900-401
Fax: 04307 900-409
Mobil: 0173 935 79 16
E-Mail: tbahn(a)assono.de

assono GmbH
Lise-Meitner-Straße 1-7
24223 Schwentinental

Geschäftsführer: Lydia Bahn, Thomas Bahn
Amtsgericht Kiel, HRB 8202 KI
Hauptsitz des Unternehmens: Schwentinental

Von: "Otmar H. via Users" <users(a)lists.ciphermail.com>
An: users(a)lists.ciphermail.com
Kopie: "Otmar H." <oh(a)gia-tec.com>
Datum: 04.12.2021 20:13
Betreff: Re: SSL_ERROR_NO_CYPHER_OVERLAP (Firefox)

Hello Martijn,

I use ciphermail as described in the installation instructions for Suse.
So, yes, Tomcat is used directly. The configuration file is the original
file.

server.xml:
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE config [
<!ENTITY proxyName "">
]>
<!--
  Tomcat configuration file for CipherMail.
-->
<Server>
    <Service name="Catalina">

        <!--
           Configure HTTPS connector.
        -->
        <Connector
            port="8443"
            connectionTimeout="20000"
            maxThreads="150"
            scheme="https"
            secure="true"
            SSLEnabled="true"
            sslProtocol="TLS"
            sslEnabledProtocols="TLSv1.2"
            keystoreFile="/usr/share/djigzo-web/ssl/sslCertificate.p12"
            keystorePass="djigzo"
            keystoreType="PKCS12"
            proxyName="&proxyName;"
        />

        <Engine name="Catalina" defaultHost="localhost">
            <Host name="localhost" appBase="webapps" unpackWARs="true"/>
        </Engine>
    </Service>
</Server>

Thanks for the support
Otmar

Hello Thomas,

I'm not quite sure what happened. But after reinstalling ciphermail from scratch and restarting, the error is gone.

Thanks for the support
Best regards
Otmar