Created attachment 8643 [details] java code to get list of available cipher suites in the system I discovered that there is know supported cipher suites in any of Alt Linux docker container. I use attached java code to get list of supported cipher suites. You can compile it with javac Ciphers.java and run with java Ciphers This is the list of available cipher suites in alt:p9 Default Cipher * TLS_DHE_DSS_WITH_AES_128_CBC_SHA * TLS_DHE_DSS_WITH_AES_128_CBC_SHA256 * TLS_DHE_DSS_WITH_AES_128_GCM_SHA256 * TLS_DHE_DSS_WITH_AES_256_CBC_SHA * TLS_DHE_DSS_WITH_AES_256_CBC_SHA256 * TLS_DHE_DSS_WITH_AES_256_GCM_SHA384 * TLS_DHE_RSA_WITH_AES_128_CBC_SHA * TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 * TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 * TLS_DHE_RSA_WITH_AES_256_CBC_SHA * TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 * TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 * TLS_EMPTY_RENEGOTIATION_INFO_SCSV * TLS_RSA_WITH_AES_128_CBC_SHA * TLS_RSA_WITH_AES_128_CBC_SHA256 * TLS_RSA_WITH_AES_128_GCM_SHA256 * TLS_RSA_WITH_AES_256_CBC_SHA * TLS_RSA_WITH_AES_256_CBC_SHA256 * TLS_RSA_WITH_AES_256_GCM_SHA384 And this is the list of available cipher suites from Centos 7 Default Cipher * TLS_DHE_DSS_WITH_AES_128_CBC_SHA * TLS_DHE_DSS_WITH_AES_128_CBC_SHA256 * TLS_DHE_DSS_WITH_AES_128_GCM_SHA256 * TLS_DHE_DSS_WITH_AES_256_CBC_SHA * TLS_DHE_DSS_WITH_AES_256_CBC_SHA256 * TLS_DHE_DSS_WITH_AES_256_GCM_SHA384 * TLS_DHE_RSA_WITH_AES_128_CBC_SHA * TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 * TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 * TLS_DHE_RSA_WITH_AES_256_CBC_SHA * TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 * TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 * TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA * TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 * TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 * TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA * TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 * TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 * TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA * TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 * TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 * TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA * TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 * TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 * TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA * TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256 * TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256 * TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA * TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384 * TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384 * TLS_ECDH_RSA_WITH_AES_128_CBC_SHA * TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256 * TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256 * TLS_ECDH_RSA_WITH_AES_256_CBC_SHA * TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384 * TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384 * TLS_EMPTY_RENEGOTIATION_INFO_SCSV * TLS_RSA_WITH_AES_128_CBC_SHA * TLS_RSA_WITH_AES_128_CBC_SHA256 * TLS_RSA_WITH_AES_128_GCM_SHA256 * TLS_RSA_WITH_AES_256_CBC_SHA * TLS_RSA_WITH_AES_256_CBC_SHA256 * TLS_RSA_WITH_AES_256_GCM_SHA384 This is the list of archive.apache.org server TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (rsa 2048) - A TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 (rsa 2048) - A TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (rsa 2048) - A TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 (rsa 2048) - A TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 (rsa 2048) - A
Created attachment 8644 [details] Java code to check SSL socket
What version of Java was used?
I don't think that this problem related to java version. I've tried lower and greater versions of java in Centos. openjdk version "1.8.0_212" OpenJDK Runtime Environment (build 1.8.0_212-b04) OpenJDK 64-Bit Server VM (build 25.212-b04, mixed mode)
java-1.8.0-openjdk-1.8.0.212.b04-alt2_0jpp8.x86_64
Java was installed from our repository?
I installed it in docker container, I don't change anything in it. docker run -it --rm alt:p9 It has this repositories enabled: rpm [p9] http://mirror.yandex.ru/altlinux p9/branch/x86_64 classic rpm [p9] http://mirror.yandex.ru/altlinux p9/branch/x86_64-i586 classic rpm [p9] http://mirror.yandex.ru/altlinux p9/branch/noarch classic
Another problem occurs related to this issue. Could not HEAD 'http://repo.maven.apache.org/maven2/org/apache/thrift/libthrift/0.9.3/libthrift-0.9.3.pom'. Received status code 501 from server: HTTPS Required If I change maven repo URL to https:// following error occurs: > javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure
java-1.8.0-openjdk-0:1.8.0.272.b10-alt3_0.3.eajpp8 -> sisyphus: Tue Feb 02 2021 Andrey Cherepanov <cas@altlinux> 0:1.8.0.272.b10-alt3_0.3.eajpp8 - Remove crypto policy support that disable TLS1.3 (ALT #38170)