What does "no shared cipher" mean?

Question

What does "no shared cipher" mean?

Answer

You may see errors like the following.

 (SSL_accept): error:1408A0C1:SSL routines:ssl3_get_client_hello:no shared cipher

This means that an SSL connection could not be established because there is no overlap between the SSL cipher suite used by the service and the SSL cipher suite used by the client trying to connect to it. Typically this occurs when one of the two is outdated.

In order to resolve this, the SSL cipher suite will need to be adjusted on one of the two so that there are ciphers that can be used by both, or one of the two may need to be updated to support newer ciphers.

In the case that the SSL cipher suite needs to be adjusted, we have the following guides for Apache and Exim where the error will most comonly occur.

How-To Change Apache SSL Ciphers

Where do I edit the Exim Configuration?