1

We are experiencing SSL errors when using the Jets3t library to communicate with S3.

We had a similar issue about a year ago with the amazon simple email service that seemed to be caused by amazon upgrading their email servers, which caused SSL connections using Diffie-Hellman (DH) ciphers to throw exceptions. We resolved the issue by omitting DH ciphers from the list of accepted ciphers in making SSL connections.

I have two questions:

  1. Have other users been experiencing these errors?
  2. If so, have you been able to resolve them?

It seems like users would be able to limit the ciphers used for jes3t SSL connections, but it is not immediately apparent how to do this from reading the configuration page.

Here is some more relevant information

  • We are using the 0.8.1 release of jets3t, running on Java 7

  • We get the following sequence of errors when attempting to retrieve an S3 object:

      [2014-10-15 09:30:30,102][INFO][HttpMethodDirector:439] I/O exception     (javax.net.ssl.SSLException) caught when processing request: java.lang.RuntimeException: Could not generate DH keypair
  [2014-10-15 09:30:30,103][INFO][HttpMethodDirector:445] Retrying request
  [2014-10-15 09:30:30,112][INFO][HttpMethodDirector:439] I/O exception (javax.net.ssl.SSLException) caught when processing request: java.lang.RuntimeException: Could not     generate DH keypair
  [2014-10-15 09:30:30,112][INFO][HttpMethodDirector:445] Retrying request
  [2014-10-15 09:30:30,120][INFO][HttpMethodDirector:439] I/O exception (javax.net.ssl.SSLException) caught when processing request: java.lang.RuntimeException: Could not generate DH keypair
  [2014-10-15 09:30:30,121][INFO][HttpMethodDirector:445] Retrying request
  [2014-10-15 09:30:30,130][INFO][HttpMethodDirector:439] I/O exception (javax.net.ssl.SSLException) caught when processing request: java.lang.RuntimeException: Could not generate DH keypair
  [2014-10-15 09:30:30,130][INFO][HttpMethodDirector:445] Retrying request
  [2014-10-15 09:30:30,140][INFO][HttpMethodDirector:439] I/O exception (javax.net.ssl.SSLException) caught when processing request: java.lang.RuntimeException: Could not generate DH keypair
  [2014-10-15 09:30:30,141][INFO][HttpMethodDirector:445] Retrying request
  [2014-10-15 09:30:30,149][ERROR][ReportListServiceImpl:163] Exception retrieving report data, report_id="4466", data_source="S3"
  com.irhythm.algorithmdriver.s3service.exception.S3RetrievalException: Request Error: javax.net.ssl.SSLException: java.lang.RuntimeException: Could not generate DH keypair

Any information or help would be appreciated.

Bruno Rohée
  • 3,436
  • 27
  • 32
mcbrooks
  • 11
  • 2
  • Do you have access to the full stacktrace of the RunTimeException? This could a prime-size problem, like the one illustrated here: http://stackoverflow.com/questions/6851461/java-why-does-ssl-handshake-give-could-not-generate-dh-keypair-exception – user3062946 Oct 15 '14 at 17:41

0 Answers0