Research Academy
My account Customers About Blog Careers Legal Contact Resellers
The Burp Suite User Forum was discontinued on the 1st November 2024.

Burp Suite User Forum

For support requests, go to the Support Center. To discuss with other Burp users, head to our Discord page.

SUPPORT CENTER DISCORD

Problem with HTTPS

mm | Last updated: Oct 27, 2015 02:00PM UTC

Hello, I can't intercept HTTPS traffic. The burp error is "'The client failed to negotiate an SSL Connection to www.xxxx.xx:443 no cipher suits in common''. I tried with different browsers, I know that with java 6 it works, but I use java 8, can you explain me why it doesn't work in java 8? How can I fix it? Thanks!

PortSwigger Agent | Last updated: Oct 27, 2015 02:03PM UTC

It’s possible that there is no overlap in available SSL ciphers between your installation of Java and your browsers. We’ll look into how Burp is initializing SSL on proxy listener connections and see if we can improve coverage. In the meantime, it sounds like using Java 6 when running Burp would be an effective workaround.

PortSwigger Agent | Last updated: Nov 06, 2015 08:58AM UTC

Sanjib - The advice to try Java 6 is quite old now. With a modern browser I recommend using Java 8 at least, and Open JDK 11 if you're using the Burp 2.x beta. Some people have reported resolving your error by disabling ECC ciphers within Java. However, the vast majority of our user base does not need that workaround, so I would experiment with Java versions before applying it.

Burp User | Last updated: Mar 25, 2019 07:59AM UTC

I tried with Java 6, still no success Now the alert says : Received fatal alert: illegal_parameter

Garth | Last updated: Nov 24, 2021 10:47AM UTC

Is there a solution for this?

Ben, PortSwigger Agent | Last updated: Nov 24, 2021 11:09AM UTC