Using Java 1.7 with Shield to connect to our Found hosted instance using ElasticSearch 1.7.3. Getting the following stack when connecting:
ERROR 2015-11-13 06:09:56,500 [main] (AbstractSSLService.java:175) - [Saturnyne] unsupported ciphers [[TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA]] were requested but cannot be used
in this JVM. If you are trying to use ciphers
with a key length greater than 128 bits on an Oracle JVM, you will need to install the unlimited strength
JCE policy files. Additionally, please ensure the PKCS11 provider is enabled for your JVM.
We have installed the Unlimited Strength Cryptography jars to the JRE. But I'm unsure about PKCS11. Thanks.
That message is a generic warning to indicate that some of the configured ciphers could not be used. Different JDK distributions enable different providers statically in the $JAVA_HOME/jre/lib/security/java.security file. The SunPKCS11 provider typically is the one that provides support for TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA. Which JDK are you using? OpenJDK, Oracle? Is it packaged by a linux distribution? In the past, I've been able to add the SunPKCS11 provider to the JDKs in a linux distribution and use that cipher by uncommenting the line that looks like:
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant
logo are trademarks of the
Apache Software Foundation
in the United States and/or other countries.