2

I'm trying to call a WS in https and I'm getting this error:

Caused by: java.lang.RuntimeException: Could not generate DH keypair
    at sun.security.ssl.DHCrypt.<init>(Unknown Source)
    at sun.security.ssl.ClientHandshaker.serverKeyExchange(Unknown Source)
    at sun.security.ssl.ClientHandshaker.processMessage(Unknown Source)
    at sun.security.ssl.Handshaker.processLoop(Unknown Source)
    at sun.security.ssl.Handshaker.process_record(Unknown Source)
    at sun.security.ssl.SSLSocketImpl.readRecord(Unknown Source)
    at sun.security.ssl.SSLSocketImpl.performInitialHandshake(Unknown Source
)
        ... 22 common frames omitted
Caused by: java.security.InvalidAlgorithmParameterException: Prime size must be
multiple of 64, and can only range from 512 to 1024 (inclusive)
        at com.sun.crypto.provider.DHKeyPairGenerator.initialize(DHKeyPairGenera
tor.java:120)
        at java.security.KeyPairGenerator$Delegate.initialize(Unknown Source)
        ... 29 common frames omitted

In java 7 I've solved with jdk.tls.disabledAlgorithms=DHE, ECDHE in java security, but I must use java 6 (and then I'm not sure that disabling DH is a good idea; is connection secure yet, by this way?)

I've tried to use BouncyCastleProvider and I get another error:

Caused by: java.lang.RuntimeException: javax.net.ssl.SSLException: 

java.lang.Arr
ayIndexOutOfBoundsException: 64
        at net.unicon.Test.run(Test.java:61)
        at org.springframework.boot.SpringApplication.callRunner(SpringApplicati
on.java:798)
        ... 14 common frames omitted
Caused by: javax.net.ssl.SSLException: java.lang.ArrayIndexOutOfBoundsException:
 64
        at sun.security.ssl.Alerts.getSSLException(Unknown Source)
        at sun.security.ssl.SSLSocketImpl.fatal(Unknown Source)
        at sun.security.ssl.SSLSocketImpl.fatal(Unknown Source)
        at sun.security.ssl.SSLSocketImpl.handleException(Unknown Source)
        at sun.security.ssl.SSLSocketImpl.startHandshake(Unknown Source)
        at sun.security.ssl.SSLSocketImpl.startHandshake(Unknown Source)
        at sun.net.www.protocol.https.HttpsClient.afterConnect(Unknown Source)
        at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect
(Unknown Source)
        at sun.net.www.protocol.http.HttpURLConnection.getInputStream(Unknown So
urce)
        at sun.net.www.protocol.https.HttpsURLConnectionImpl.getInputStream(Unkn
own Source)
        at net.unicon.Test.run(Test.java:41)
        ... 15 common frames omitted
Caused by: java.lang.ArrayIndexOutOfBoundsException: 64
        at com.sun.crypto.provider.TlsPrfGenerator.expand(TlsPrfGenerator.java:2
75)
        at com.sun.crypto.provider.TlsPrfGenerator.doTLS10PRF(TlsPrfGenerator.ja
va:247)
        at com.sun.crypto.provider.TlsPrfGenerator.doTLS10PRF(TlsPrfGenerator.ja
va:219)
        at com.sun.crypto.provider.TlsMasterSecretGenerator.engineGenerateKey(Tl
sMasterSecretGenerator.java:108)
        at javax.crypto.KeyGenerator.generateKey(KeyGenerator.java:530)
        at sun.security.ssl.Handshaker.calculateMasterSecret(Unknown Source)
        at sun.security.ssl.Handshaker.calculateKeys(Unknown Source)
        at sun.security.ssl.ClientHandshaker.serverHelloDone(Unknown Source)
        at sun.security.ssl.ClientHandshaker.processMessage(Unknown Source)
        at sun.security.ssl.Handshaker.processLoop(Unknown Source)
        at sun.security.ssl.Handshaker.process_record(Unknown Source)
        at sun.security.ssl.SSLSocketImpl.readRecord(Unknown Source)
        at sun.security.ssl.SSLSocketImpl.performInitialHandshake(Unknown Source
)
        ... 22 common frames omitted
Frizz1977
  • 1,121
  • 13
  • 21
  • Asked several times, most notably at https://stackoverflow.com/questions/6851461/java-why-does-ssl-handshake-give-could-not-generate-dh-keypair-exception – Anand Bhat Nov 11 '16 at 06:57
  • I know, and I followed that solutions, adding bouncyCastle, but now I get an error! – Frizz1977 Nov 11 '16 at 07:10

0 Answers0