SSL Library Error: error: SSL routines:ssl3_get_client_hello:no shared cipher - Too restrictive SSLCipherSuite or using DSA server certificate

Question

Below is the problem: I compiled apache http server 2.4.34 with Openssl 1.0.2p.

When I use the ciphersuite supporting TLSv1.2, TLSv1.1, TLSv1(Intermediate compatibility), It works.

But I get below error when I use high security CipherSuite supporting only TLSv1.2(Modern Compatibility).

Error in apache debug logs:::

SSL Library Error: error:1408A0C1:SSL routines:ssl3_get_client_hello:no shared cipher -- Too restrictive SSLCipherSuite or using DSA server certificate

Ciphersuite(Modern) from "https://wiki.mozilla.org/Security/Server_Side_TLS":::

ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256

Please help me solve this issue.

It looks like the client is not configured to use a DSA certificate that the server is offering. Additionally, the cipher suites listed do not incude DSA authentication. Use a server certificate with a RSA or ECDSA key. — jww

akashdeep arora akashdeep arora · Accepted Answer · 2019-10-09T21:47:00

-2

votes

The client does not have your RSA certificate

SSL Library Error: error: SSL routines:ssl3_get_client_hello:no shared cipher - Too restrictive SSLCipherSuite or using DSA server certificate

1 Answers