[hunchentoot-devel] https server - no shared cipher error
Mac Chan
emailmac at gmail.com
Mon Jul 9 04:42:06 UTC 2007
Hi,
Have anyone successfully started a https server with the latest hunchentoot?
For some reason I'm getting a "no shared cipher" error. I hoped that
I'm not making stupid mistake with the ssl setup.
# To generate a key
$ openssl genrsa 1024 > server.key
# To generate a Certificate Signing Request
$openssl req -new -key server.key > server.csr
# self-sign cert
$openssl req -x509 -key server.key -in server.csr > server.crt
(asdf:oos 'asdf:load-op :hunchentoot-test)
(hunchentoot:start-server :port 4443 :ssl-certificate-file "server.crt")
(setq hunchentoot:*catch-errors-p* nil)
When I point firefox to https://localhost:4443/, a error dialog pops up:
`Firefox and localhost cannot communicate securely because they have
no common encryption algorithms.'
I'm using lispworks 5.0.2 32-bit pro.
This happens in both fedora core 6 and winxp. I used the precompiled
ssl package found here :
http://www.slproweb.com/download/Win32OpenSSL-0_9_8e.exe
Here's the backtrace:
SSL failure in #<COMM:SOCKET-STREAM 2009956F>: error:1408A0C1:SSL
routines:SSL3_GET_CLIENT_HELLO:no shared cipher
[Condition of type COMM:SSL-FAILURE]
Restarts:
0: [ABORT] Quit process.
Backtrace:
0: SIGNAL (#<COMM:SSL-FAILURE 2009C333> &REST NIL)
1: CONDITIONS::CONDITIONS-ERROR (:INVISIBLEP T COMM:SSL-FAILURE
(:STREAM #1=#<COMM:SOCKET-STREAM 2009956F> :FORMAT-STRING "SSL failure
in ~s: ~a" :FORMAT-ARGUMENTS (#1# "error:1408A0C1:SSL
routines:SSL3_GET_CLIENT_HELLO:no shared cipher")))
2: COMM::SSL-READ-OR-WRITE-BUFFER (#<COMM:SOCKET-STREAM 2009956F> T
"ULT-DISPATCHERB at HC9
3: (METHOD STREAM:STREAM-FILL-BUFFER (STREAM:BUFFERED-STREAM))
(#<COMM:SOCKET-STREAM 2009956F>)
4: (METHOD STREAM:STREAM-READ-CHAR (STREAM:BUFFERED-STREAM))
(#<COMM:SOCKET-STREAM 2009956F>)
5: (METHOD STREAM:STREAM-READ-BYTE (COMM:SOCKET-STREAM))
(#<COMM:SOCKET-STREAM 2009956F>)
6: READ-BYTE (#<COMM:SOCKET-STREAM 2009956F> &OPTIONAL
"<(EOF-ERROR-P T)>" :EOF)
7: READ-BYTE (#<CHUNGA:CHUNKED-IO-STREAM 2009BE8F> &OPTIONAL
"<(EOF-ERROR-P T)>" NIL)
8: (METHOD FLEXI-STREAMS::READ-BYTE*
(FLEXI-STREAMS::FLEXI-BINARY-INPUT-STREAM))
(#<FLEXI-STREAMS::FLEXI-BINARY-LATIN-1-IO-STREAM 2009BDF7>)
9: (METHOD STREAM:STREAM-READ-CHAR
(FLEXI-STREAMS::FLEXI-LATIN-1-INPUT-STREAM))
(#<FLEXI-STREAMS::FLEXI-BINARY-LATIN-1-IO-STREAM 2009BDF7>)
10: READ-CHAR (&OPTIONAL "<(STREAM *STANDARD-INPUT*)>" "<(EOF-ERROR-P
T)>" NIL :DONT-KNOW)
11: CHUNGA:READ-LINE*
(#<FLEXI-STREAMS::FLEXI-BINARY-LATIN-1-IO-STREAM 2009BDF7> &OPTIONAL
NIL)
12: HUNCHENTOOT::GET-REQUEST-DATA NIL
13: HUNCHENTOOT::PROCESS-CONNECTION (#<HUNCHENTOOT::SERVER 200A3EEF> 420)
14: (SUBFUNCTION MP::PROCESS-SG-FUNCTION
MP::INITIALIZE-PROCESS-STACK) (:DONT-KNOW)
15: SYSTEM::%%FIRST-CALL-TO-STACK NIL
Regards,
-- Mac
More information about the Tbnl-devel
mailing list